Of course the main security news this week was security flaws being found in Vista - like that was going to be any surprise. Not to mention the report out that the uptake of Vista has been slow to non-exisitant. As far as I am concerned this was just a plain stupid report given that the only one’s with any real access to Vista so far has been MSDN/TechNet subscribers and probably afew thousand early adopter companies. Hell it’s only been available for a month.

Anyway on to the roundup…

Major security flaws found in Microsoft’s new Windows - seattlepi.com

Microsoft is facing an early crisis of confidence in the quality of its Windows Vista operating system as computer security researchers and hackers have begun to find potentially serious flaws in the system that was released to corporate customers late last month.

On Dec. 15, a Russian programmer posted a description of a flaw that makes it possible to increase a user’s privileges on all of the company’s recent operating systems, including Vista. Over the weekend, a Silicon Valley computer security firm said it had notified Microsoft that it had found the same flaw, as well as five other vulnerabilities, including one serious error in the software code underlying the company’s new Internet Explorer 7 browser.

New web worms causing havoc - London Free Press

A recent wave of web worms appearing on social networking websites represent a new generation of more sophisticated computer worms.

Early forms of the computer threats classified as “worms” were intended more for causing havoc or were designed for proof-of-concept purposes to determine if vulnerabilities could be exploited.

Hot or Not: Web application vulnerabilities - SC Magazine

There’s no doubt that web applications have become the attackers’ target of choice. In September, Mitre Corp.’s Common Vulnerabilities and Exposures list - a tally of publicly disclosed vulnerabilities - ranked cross-site scripting in the number one slot. In fact, cross-site scripting attacks surpassed buffer overflow vulnerabilities. And four of the top five reported vulnerabilities proved to be within web applications.

Beefing up online banking - TimesDispatch.com

Forget your mother’s maiden name.

Banks are more likely to know the name of your favorite pet or the model of your first car.

They are using the information to beef up online banking security so hackers can’t get into your bank account and steal money — or identities.

Banks of all sizes are required by regulators to install multilevel authentication systems. The deadline to have a plan in place is tomorrow.

Predicting the Top Security Threats for 2007 - TechNewsWorld.com

Professional cyberthieves and organized crime rings are looking to cash in on stolen identities, and are releasing an increasing amount of malware in the process.

There are more than 217,000 types of known security threats in the wild and probably thousands more that researchers haven’t even identified yet, according to McAfee Avert Labs.

For the year ahead, McAfee predicts the following disturbing trends: a rise in the number of password-stealing Web sites that use fake sign-in pages for popular online services such as eBay; the mainstreaming of adware; the increasing prevalence of mobile phone attacks; and, as video-sharing on the Web continues to gain popularity, the inevitable targeting of video files as a means to distribute malicious code

Internet worm drops in New Year e-mail - CBC.ca

A worm attached to an e-mail with the subject line “Happy New Year!” is the latest spam to threaten computer users, a security expert warns.

The new worm comes disguised as a file attachment named postcard.exe or postcard.zip, VeriSign iDefense Labs revealed on Thursday.

Once the file is launched, it replicates itself and sends copies to other e-mail addresses by accessing the infected computer’s mailbox. It also disables several computer security features and installs rootkit software, which allows it to hide itself from the user.

Beware that anti-virus software - IndiaTimes Infotech

Consider this. Having discovered a virus in its mail system, a mid-sized Indian pharmaceutical research company downloaded a free antivirus software from the Internet. It cleaned the viruses and apparently everything was fine. Until it discovered that sensitive information was being passed off to its competitors.
“We discovered that the antivirus had, in fact, silently planted a spyware that sent every copy of emails to another address from where it was being passed off to its competitors. Even antivirus software’s may not be safe!” Ironport Systems’ regional director for India & Saarc Ambarish Deshpande told ET.

Conversation Tags: security roundup