Reliable Answers - News and Commentary

Virus Information News

How To Master CSS

How To Master CSS

"With How To Master CSS, you'll discover how to read stylesheets, how to recognise the best solution and how to translate a graphical design to a real website, simply by watching my fun and sophisticated training videos. Hundreds of people, just like you, worldwide have used my unique multimedia course to fast-track their Stylesheet learning, while having piles of fun in the process. Will you be next?"

It doesn't matter what level you are at now (beginner or intermediate), How to Master CSS is packed full of quality step-by-step lessons, video files, an editor and other resources to get YOU results fast!

      
 Title   Date   Author   Host 

Netcraft

August 23, 2005

A Cisco security flaw may allow attackers to hack into systems through the intrusion detection system (IDS), Cisco warned Monday in an advisory . An SSL certificate-checking flaw in two Cisco products - CiscoWorks Management Center for IDS Sensors (IDSMC)

A successful attacker "may be able to gather login credentials, submit false data to IDSMC and Secmon or filter legitimate data from IDSMC and Secmon, thus impacting the integrity of the device and the reporting capabilities of it," Cisco said. A free software update that corrects the flaw is available from Cisco. The announcement continues a trend in which security products are emerging as a potential entry point for attackers. Last year the Witty Worm spread rapidly using a security weakness in BlackIce IDS products from Internet Security Systems. Serious security holes have also been discovered in Symantec antivirus products and the ZoneAlarm family of firewalls from Computer Associates, among others.

Netcraft

August 23, 2005

After years of training customers to trust only SSL-enabled sites, banks are shifting their online banking logins to the unencrypted home pages of their websites. Although the data is encrypted once the user hits the "Sign In" button, the practice runs co

Web sites are generally reluctant to use "https" on busy home pages, since SSL involves a tradeoff: improved security, but slower response time. Consumers, meanwhile, prefer easy to-remember URLs for their online banking. In placing login screens on non-SSL home pages, banks are trying to have it both ways: fast page loading without the SSL-related performance hit. The login form's "action" URL points to an SSL-enabled https URL. Since the introduction of SSL, Internet users have been urged to check for the "golden lock" icon to ensure a web session is encrypted before conducting e-commerce transactions. As phishing has grown rampant, the Anti-Phishing Working Group and Federal Trade Commission have warned consumers to be sure a web page is using SSL before sharing personal information.

Reliable Answers.com

by Lynn Landes

August 22, 2005

Pesticides pose a much greater health hazard than the West Nile virus.

I'm reminded of the 1950's...TV newscasts showing clouds of DDT sprayed on a clueless public, compromising their health and contaminating the environment for decades to come, as Rachel Carson writes "Silent Spring." Pesticides pose a much greater health hazard than the West Nile virus.

The Register

by Robert Lemos, SecurityFocus

August 9, 2005

Microsoft 's experimental Honeymonkey project has found almost 750 web pages that attempt to load malicious code onto visitors' computers and detected an attack using a vulnerability that had not been publicly disclosed, the software giant said in a paper

Known more formally as the Strider Honeymonkey Exploit Detection System, the project uses automated Windows XP clients to surf questionable parts of the Web looking for sites that compromise the systems without any user interaction. In the latest experiments, Microsoft has identified 752 specific addresses owned by 287 websites that contain programs able to install themselves on a completely unpatched Windows XP system. "The honeymonkey client goes [to malicious websites] and gets exploited rather than waiting to get attacked," said Yi-Min Wang, manager of Microsoft's Cybersecurity and Systems Management Research Group. "This technique is useful for basically any company that wants to find out whether their software is being exploited this way by websites on the internet."

Tech World

by John E. Dunn

August 2, 2005

A flaw has been discovered on eBay's website that would have allowed fraudsters to successfully redirect the sign-on process to a phishing site.

Reported by British antiphishing outfit Netcraft, the clever scam apparently started with fraudsters sending e-mails asking eBay users to update their accounts. So far so normal, as such fake eBay e-mails are currently one of the phishing world’s persistent lines of attack. Disarmingly, however, the link provided was genuine and led to the correct eBay sign-in page, signin.ebay.com. If users clicked on this, parameters embedded in the otherwise normal stream of characters at the end of the link actually redirected users away from the page after the sign-in page to a fake phishing page, via an open relay hosted at servlet.ebay.com.

TechWorld

by Kieren McCarthy

July 29, 2005

The controversial presentation by researcher Michael Lynn regarding exploitation of known holes in Cisco's router software has leaked onto the Internet.

This week, Cisco first pressured Lynn's former company Internet Security Systems (ISS) into removing the presentation from the line-up at the Black Hat security conference in Las Vegas. Then, when Lynn resigned from ISS in protest and threatened to go ahead with the presentation, Cisco took out an injunction against him. Lynn nevertheless did the presentation stating that he "had to do what was right for the country and the national infrastructure". Cisco, ISS, Black Hat and Lynn have since signed a legal agreement in which Black Hat and Lynn promised not to make the material available to anyone else. Lynn was also put under a series of controls including "unlawfully disassembling or reverse engineering Cisco code in the future ... [and] using Cisco decompiled code currently in his possession or control for any purpose."

Internet News

by Sean Michael Kerner

July 25, 2005

IE vulnerabilities still abound, but Apple, Mozilla and Real Player users have little to gloat about.

There were 422 newly reported Internet security vulnerabilities in the second quarter of 2005, according to the SANS Institute. The number represents a 20 percent year-over-year and an 11 percent quarterly increase in reported vulnerabilities. SANS' quarterly update of the top 20 list of Internet vulnerabilities, released Monday, identifies the most critical of the 422 that resulted in widespread damage to both enterprise and home users. Six different vendors made the list, including Microsoft, Mozilla, Apple, Real Networks, Computer Associates and Veritas.

Arstechnica

by Josh Meier

July 25, 2005

I remember the days when hackers kept security exploits to themselves in order to gain hacker points among their fellow hackers. These days they just sell them to companies like TippingPoint. .. or do they?

TippingPoint, part of 3Com, produces intrusion prevention systems for computer systems and, in order to get a leg up on the competition, they have started offering money in exchange for the disclosure of new security vulnerabilities. The idea is that they will be able to get a leg up on competing security products if they are able to patch a vulnerability before their competitors even know it exists. TippingPoint can then use the vulnerability information to update their own security software, while notifying the original software developer of the problem.

vnunet

by Iain Thomson

June 23, 2005

Adobe has issued a security advisory warning users to patch a flaw in its popular Acrobat and Reader software.

The bug lies within the Adobe Reader control and potentially allows a hacker to find files held locally on a PC. An XML script would need to be designed and inserted into a Javascript file which could then be used to open access to local files.

EWeek

by Ryan Naraine

June 17, 2005

Convinced that the recent upswing in virus and Trojan attacks is directly linked to the creation of botnets for nefarious purposes, a group of high-profile security researchers is fighting back, vigilante-style.

The objective of the group, which operates on closed, invite-only mailing lists, is to pinpoint and ultimately disable the C&C (command-and-control) infrastructure that sends instructions to millions of zombie drone machines hijacked by malicious hackers. "The idea is to share information and figure out where the botnets are getting their instructions from. Once we can identify the command-and-control server, we can act quickly to get it disabled. Once the head goes, that botnet is largely useless," said Roger Thompson, director of malicious content research at Computer Associates International Inc.

      

Help keep this page up-to-date. Submit a Virus Information News link for inclusion on this page.

Carschooling by Diane Flynn Keith
Carschooling

Take me to the top

We invite you
to visit:

Professional Web Hosting and Design Services: 12 Point Design Local Homeschool provides the most up-to-date support group listings in a geographical and searchable index Budget Homeschool Kidjacked -- To seize control of a child, by use of force SaferPC dispels security misunderstandings and provides you with a solid understanding of viruses and computer security Reliable Answers - developer information, current news, human interest and legislative news Twain Harte Times - Twain Harte, CA - The closest you can get to Heaven on Earth Cranial Laser & Neurolymphatic Release Techniques (CLNRT) - Experience dramatic pain reduction At Summit Chiropractic our mission is to improve your quality of life - We know that health is much more than just not feeling pain Visit UniveralPreschool.com to learn about your preschool options.
Reliable Answers.com/virus/news.asp
Google