Internet Security Risk

Blog: Truth is: Web Office takes more resources than Vista
In a recent blog, David Berlind asked if the computing world should be going back to lower powered computers to run Web-based Applications like Google's Writely instead of ramping up their hardware to run Windows Vista. According to George Ou, "The question should be reversed since web applications actually eat up more resources than Windows Vista."

Featured download: Bounce back from a crash with Windows XP System Restore

10 things you should know about Windows XP's System Restore tool
Windows XP's System Restore monitors changes to your files and folders and takes a snapshot of your system at regular intervals. If you run into problems with your system--such as a bad driver or rogue application issues--you can restore the system to a previous point and roll back your system files and registry to a point when the OS was working. Windows expert Greg Shultz put together this list of System Restore advice and details to help you get the most from this feature.

Patriot Act e-mail spying approved

TODAY'S TOP STORY
A federal judge recently approved a prosecutors' Patriot Act request for e-mail surveillance without any evidence of wrongdoing by the target. The Patriot Act's amendments authorize that type of easily obtainable surveillance of e-mail. All that's required is that prosecutors claim the surveillance could conceivably be "relevant" to an investigation. Do you agree or disagree with this verdict?

Google Attacks Microsoft, AOL and Yahoo

Google's latest beta release of its Desktop Search product,
Version 2, does a whole lot more than just search. Eschewing
the browser, the new software creates a permanent home on
your desktop and integrates e-mail, notes, latest Web sites
visited and so much more. Our story details what's new,
along with how you can download it and try it out yourself.

Google Ratchets Up the War:
http://ct.eletters.whatsnewnow.com/rd/cts?d=181-515-1-278-788070-24998-0-0-0-1

80% of Business Computers Infected with Spyware

That's what anti-spyware vendor Webroot claims, in its
recent report on second-quarter activity. The company used
the results of over 60,000 scans to paint a bleak picture of
malware penetration. Even worse, the average number of
infections per machine has risen as well, to 27 per machine.
What's behind the huge numbers? Our story has some insight,
along with details on the most common offenders.

Spyware Really on the Rise:
http://ct.eletters.whatsnewnow.com/rd/cts?d=181-515-1-278-788070-25001-0-0-0-1

Windows vs. Linux: The real pros and cons

While the Windows vs. Linux debate often devolves into a fruitless ideological war, there has been some very insightful and pragmatic (and fairly civil) discussions in the TechRepublic forums recently about the pros and cons of both Windows and Linux, where they are appropriate for building solutions, and how to best approach them when they are part of your infrastructure. Read the discussions and then take a look at some other worthwhile resources on this topic.

The pros and cons of using Windows
This discussion started when TechRepublic member rthompson posted, "I am doing a report on the pros and cons of all Windows Operating Systems (95/98/ME/00/NT/XP). I would like to hear from different users and people about their preferences." The responses he got were overwhelming, brutally honest, and full of great insights on Windows, UNIX, Linux, and the things that haunt the nightmares of IT professionals.

The pros and cons of using Linux
In response to the thread on the pros and cons of Windows, TechRepublic member Jacqui started a spin off thread on the pros and cons of Linux. Like the Windows thread, this one stirred up a frank dialog that focused on the real world experiences of IT pros working in the field.

ISPs versus the zombies

TODAY'S TOP STORY
According to the Federal Trade Commission, zombie-fed threats such as phishing are a serious problem, and ISPs need to assume more responsibility for cleaning up their networks. If an ISP doesn't measure up on security, members could flee to a rival provider or, worse yet, completely lose their trust in online activity. Do you think the health of the Internet is at risk?

Many of Blogspot's ActiveX popups have disappeared since my February article, and Google promises to put a check on AdSense popups too. But Google's role goes much further: Through syndication relationships, Google provides ads to multiple web toolbar operators, including to toolbars installed on users' PCs without notice or consent. Google pays these toolbar companies for the ads they show -- thereby supporting and funding their operations.

What does "high-quality" mean? Google doesn't say. But last year Google published a set of "Software Principles" for advertising programs -- calling for improved notice and consent before advertising software becomes installed. A basic notion of "high-quality" sites is that they don't solicit traffic through software violating Google's Software Principles, and that they also don't make or distribute such software. My sense is that an advertising channel cannot be considered "high-quality" if it is predicated on installing software onto users' PCs without their consent or without their informed consent.

Exploit code chases two Firefox flaws

TODAY'S TOP STORY
Two vulnerabilities in the popular Firefox browser have been rated "extremely critical" because exploit code is now available to take advantage of them. One flaw involves "IFRAME" JavaScript URLs and the other exists in the IconURL parameter in InstallTrigger.install(). If you've jumped on the Firefox bandwagon, how concerned are you about the recent spate of vulnerabilities? If you don't use Firefox, does this news prevent you from considering it in the future?

Spying on the spyware makers

TODAY'S TOP STORY
Harvard student Ben Edelman hasn't made any friends in spyware and adware makers, thanks to his work publicizing how the programs work. In fact, he may be spyware's most dangerous enemy. According to Edelman, "The biggest, richest American companies are buying advertising through spyware." Read this News.com interview, and then tell us how you really feel about spyware.

Resolve Windows RPC errors caused by XP SP2 and security updates

Microsoft security updates, released in late February 2005, cause strange errors on some machines running Windows XP SP2. The errors include Windows Update and Windows Installer failing to function, missing icons, and various "access denied" errors. Be prepared to troubleshoot these errors before Windows XP SP2 becomes mandatory on April 12, 2005. Download this quick-reference task sheet for a list of potential errors and a simple workaround.

Microsoft hands out antidote to poisoned URLs

TODAY'S TOP STORY
Microsoft has revised its recommended settings for Windows Server 2003, Windows 2000 Server, and Windows NT Server 4.0, clarifying which default configurations could leave computers open to a DNS poisoning threat. DNS cache poisoning involves hacking into domain name servers and replacing the numeric addresses of legitimate Web sites with the addresses of malicious sites. Share your thoughts on Microsoft's response to this heightened security alert.

5. AOL: AIM Conversations Are Safe

From eWeek (Topic: Instant Messaging), March 14:
America Online Inc. on Sunday moved to quell public
criticism of the terms of service for its AIM service,
insisting the controversial privacy clause does not pertain
to user-to-user instant messaging communication.
http://ct.enews.cioinsight.com/rd/cts?d=188-199-1-20-76705-25147-0-0-0-1

1. AOL Escalates the IM Wars

From Business Week (Topic: Messaging), March 1:
On Feb. 28, Time-Warner's AOL unveiled "AIM Sync." The new
service, which is still in testing, links an AOL Instant
Messenger's buddy list with contacts stored in Microsoft's
Outlook e-mail software. It scans an AIM user's Outlook
contact list for any matches in AOL's own giant database of
AIM customers' e-mail addresses. If any show up, it adds
their IM screen names to the user's AIM buddy list.
http://ct.enews.cioinsight.com/rd/cts?d=188-194-1-20-76705-24541-0-0-0-1

User reviews: Has Firefox made a difference?

Featured discussion: If you have made the change to Firefox
TechRepublic member jdclyde is curious about your experience with the Firefox browser: "Has it made a difference to your system?. . . Have the end users accepted this in your organization? [Has the] number of incidents of Virus/Trojan/Worm/Malware/Spyware, etc. gone up, gone down or stayed the same?" Grab a ringside seat for the pros and cons of Firefox by browsing this heated discussion.
>>Keep your finger on the pulse of TechRepublic's most active discussion topics by checking out our Top 20 Hot Discussions.

Check out these 10 Windows Server hacks

Download this resource to get 10 hacks from O'Reilly's Windows Server Hacks. They provide some great tips to help administrators wring out the best performance, solve common problems, and beef up the security of Windows servers. Some of the tips include "Automate Creation of OU Structure," "Use netsh to Change Configuration Settings," and "Grant Administrative Access to a Domain Controller."

Microsoft launches anti-spyware beta

Microsoft unveils Windows AntiSpyware beta

Microsoft has unveiled the first version of its Windows AntiSpyware application, which is based on technology from recently acquired Giant Software. It still hasn't been announced whether the app is designed to be an integrated part of Windows, or whether it will be distributed or sold separately. Get details about the beta in this news story. In a related discussion, TechRepublic member billbohlen is seeking advice on anti-spyware for the enterprise.

Microsoft rushes out critical IE fix

TODAY'S TOP STORY
Microsoft published a patch for Internet Explorer on Wednesday for a month-old vulnerability, which previously was called iFrame, but has been dubbed the Internet Explorer Elements flaw by Microsoft. The issue could allow an attacker to take control of a victim's PC, if the user is logged on as an administrator. Discuss Microsoft's decision to release the update before its next scheduled patch day, Dec. 7. (On the go? Print this story.)

TODAY'S TOP STORY
The Mozilla Foundation has released Firefox 1.0, a browser based on the group's open source development work. Since there were more than eight million downloads of its preview release, there's speculation as to whether this release could propel the open source browser into serious contention with Microsoft's Internet Explorer. Let us know whether you plan to download Firefox 1.0. (On the go? Print this news story.)

If you're having trouble with Windows XP Service Pack 2 (SP2) deployment, then check out the invaluable timesaving tips on our SP2 resource page. For those who are already well-versed in SP2, offer TechRepublic member thewynn75 advice on how to control the SP2 firewall on a Windows 2000 server domain.

News: Microsoft Fixes Vexing XP SP2 Incompatibility
Numerous applications, including some of Microsoft's own, have encountered compatibility problems with Windows XP SP2 (Service Pack 2). But one application in particular wreaked an inordinate amount of havoc until Microsoft created a removal tool, and now a patch, for it.

News: New Phishing System Takes Advantage of JPEG Bug
eWEEK.com spoke with Oliver Friedrichs, senior manager of Symantec Security Response, about the recent discovery of an exploit in the wild that utilizes the recently announced JPEG vulnerability in Microsoft's GDI+ library to install a new and sophisticated phishing system.

TODAY'S TOP STORY
Antivirus firm Symantec announced Monday that it had received the first virus that infects 64-bit Windows files. Dubbed W64.Shruggle, the program seems to be mostly an experiment and would not spread in the wild; Microsoft hasn't even released the software the virus targets. Share your reaction to W64.Shruggle. (On the go? Print this news story.)

E-voting critic calls on hackers to expose flaws

TODAY'S TOP STORY
At the Black Hat Security Briefings in Las Vegas, speaker Rebecca Mercuri, a Harvard researcher and noted e-voting detractor, challenged hackers Thursday to try to circumvent e-voting systems to reveal their security problems. Mercuri pointed hackers to a $10,000 reward promised by an e-voting proponent. Share your thoughts about this hacker call-to-action. (On the go? Print this news story.)

TODAY'S TOP STORY
Security researchers warned users Tuesday of a malicious program that installs itself via a pop-up ad. The program can read keystrokes and steal passwords when victims visit any one of almost 50 targeted banking sites. The program is part of a larger trend, as malicious hackers increasingly focus less on random acts of destruction and more on stealing money. Share your reaction to this news story.

TODAY'S TOP STORY
Security researchers announced Thursday that they had found evidence that two serious flaws are letting compromised Web servers at major companies take control of computers via Internet Explorer. The flaws affect all IE users because Microsoft hasn't released a patch for the vulnerabilities.

TODAY'S TOP STORY
Pop-up advertising developers are finding ways around the popular blocker programs designed to stifle the intrusive ad format, much to the chagrin of many Internet consumers. Pop-up blockers from Google, Yahoo, America Online, EarthLink, and Microsoft were successful initially, but pop-ups have found their way through these filters in recent weeks. This is leading some observers to call for a redesign of Internet Explorer to solve the problem once and for all. Let us know whether you use a pop-up filter.

Up to seven years in the slammer and a $16.4 million civil judgment against him might teach spammer Howard Carmack the error of his ways. He already seems to regret sending 850 million forged e-mails. By Carolyn Thompson, AP Writer. Spammer in the slammer!

Yahoo and Google have disabled links to controversial adware maker WhenU, following accusations that the company engages in unauthorized practices aimed at boosting its search rankings. The company allegedly uses "cloaking," a technique that dupes search engines into favorably listing decoy Web pages that direct people to other destinations. Tell us what you think about Yahoo and Google's action.

Security Holes in Symantec's Software

Oh, dear. The security software we rely on most has a major security hole. It turns out both corporate and consumer versions of much of Symantec's software are affected. Find out which programs are at risk, and how you can patch them, in our detailed report.

Source Code Leak a Bust?

Security concerns have formed perhaps the biggest argument against open-sourcing significant parts of Microsoft's source code. But it appears that argument holds a lot less water today. eWEEK.com Security Center Editor Larry Seltzer argues that the big Windows source-code leak was more bust than break-in. At least so far. Read Larry's commentary on how open-source Windows wasn't the disaster many predicted.

TODAY'S TOP STORY
Microsoft announced the specifics of a long-delayed update to its content protection technology today. The latest digital rights management technology from the software giant aims to bring music subscriptions to MP3 players and boost home networks. Let us know what you think about these new tools.

TODAY'S TOP STORY
Google filed its hotly anticipated initial public offering (IPO) on Thursday, invoking an unusual auction-style, two-tier share sale format and releasing its closely guarded financial records in the process. While the IPO estimates the undisputed Internet search king's initial worth at $2.7 billion, the actual number and price of Google shares will not be known until the IPO is amended. Share your thoughts on the impact of Google's IPO in this discussion.

TODAY'S TOP STORY
Some so-called spyware killers install the same kind of unwanted advertising software that they promise to remove. A group of fed-up Web users has created a network of Web sites where users can report antispyware programs that install their own files. Public-interest group The Center for Democracy & Technology plans to file complaints with the Federal Trade Commission against specific companies.

Flaws threaten Net, VoIP

TODAY'S TOP STORY
Microsoft released patches Tuesday for three flaws, the most serious of which could give attackers a back door into the company's security server product. In addition, a technical review conducted by the British government found several security flaws in products that use VoIP and text messaging. Get the details about these and other security issues in this News.com roundup.

Microsoft finds flaw in server software

TODAY'S TOP STORY
Microsoft has discovered a flaw in certain versions of its SharePoint Services package that could prevent the intranet software from installing and running properly. The problem likely affects all versions of SharePoint installed after Nov. 24, whether the software was bundled with the Small Business Server 2003 package or downloaded directly from Microsoft.

Establish your outsource security credentials

Consultant implements unique solution to meet customer's business and security needs
What approach would you use if you had to secure a database for a purchasing cooperative? By the way, you have to give partners and vendors access, but you can't use Virtual Private Networking. Here's how one consultant did it. Compare security outsource standards in our Discussion Center.

Download: Delivering outsourced capability
With more businesses turning to outsourcing as a way to improve services and cut costs, the old guidelines have given way to new rules. Here are three common problems that can short-circuit an outsourcing relationship. Get more great tools and templates in our Downloads Center.

White paper: Ten things every outsourcing vendor must know to survive and thrive in the current marketplace
As more corporations embrace outsourcing, the growth of the outsourcing service market has exploded. This paper provides 10 of the most critical success factors that should be understood and embraced by a company if one is really serious about winning in this new service frontier. (Free registration to ITPapers.com is required.)

Call them spackers -- they're the new breed of computer crackers who earn a living in cahoots with spammers.

The latest innovations developed by such mercenary hackers on behalf of the junk e-mail profession are techniques that enable spammers -- or scam artists for that matter -- to create websites that are essentially untraceable.

One group in Poland is currently advertising "invisible bulletproof hosting" in online forums for spammers. For $1,500 per month, the group says it can protect a site from network sleuthing tools used by spam opponents, such as traceroute and whois.

Until now, antispammers have relied on such tools to identify the numeric Internet protocol address behind a website advertised by spam. In the past, shutting down a site used to sell spammed products -- or to rip off gullible online users via phishing schemes -- was often just a matter of notifying the hosting company responsible for the IP address.

But the new technique makes these tools futile, according to experts familiar with the method.

The beauty of invisible hosting, according to Tubul, a representative of the Polish group who would not provide his full name, is that the untraceable site can even be located on servers operated by major Web hosting firms with tough antispam policies.

When asked on an online chat for a demonstration of the stealth hosting service, Tubul provided the address of a website selling generic Viagra and other drugs.

"Try to find the real IP," he said. "This host is in rackshack.net, the most antispam ISP."

A traceroute to the site indicated that it was being hosted on a computer apparently using cable modem service from Comcast.

"Fake," said Tubul.

Indeed, when a traceroute to the site was performed moments later, it appeared to be hosted on a computer with a DSL connection from Verizon.

Another site, hosted by the Polish group. offers free credit consultations. Traceroutes to the site, removeform.com, also provided ever-changing results, ranging from a computer connected to a DSL line in Israel to another provided by EarthLink. However, the title of the site's home page consistently read "Yahoo Web Hosting," suggesting it was actually located on a server run by the Internet giant.

According to Tubul, his group controls 450,000 "Trojaned" systems, most of them home computers running Windows with high-speed connections. The hacked systems contain special software developed by the Polish group that routes traffic between Internet users and customers' websites through thousands of the hijacked computers. The numerous intermediary systems confound tools such as traceroute, effectively laundering the true location of the website. To utilize the service, customers simply configure their sites to use any of several domain-name system servers controlled by the Polish group, Tubul said.

While the price may be steep, such services "definitely" will frustrate antispammers and others who try to track down the true address of rogue Internet sites, according to Joe Stewart, a security researcher with Lurhq.

"You're not going to have much success trying to follow IP addresses through hacked hosts," said Stewart. "About all you can do is try to follow the money -- sign up for whatever it is they're selling and try to figure out who's behind the whole thing."

The use of such stealth hosting techniques has become widespread among spammers, according to Steve Linford, leader of the Spamhaus Project, which maintains a blacklist of known junk e-mail operations. Linford blamed the development of the new methods on the recent alliances between spammers and computer crackers.

"Hackers used to detest spammers, but now that spamming has become such a big business, it's suddenly cool to be a spammer," Linford said. He said the junk e-mail business has also recently attracted "engineers who have been laid off or fired, and people who really know what they're doing with networking and DNS."

The lure of money has also apparently attracted virus writers to the spamming business. Linford said he believes that the Fizzer mass-mailing Internet worm was the work of a virus writer affiliated with a spam operation. In addition, Stewart and others said they believe that the first variant of the recent Sobig computer worm is designed to turn compromised PCs into spam proxy servers.

In a further effort to compromise new systems and add them to their arsenal, Tubul's group appears to be using its "spamvertised" sites to infect visitors with a malicious program. Recent reports in online antispam discussion groups indicate that an invisibly hosted site called miracleformen.com was attempting to install a suspicious executable file on visitors' computers using a vulnerability in Microsoft's Internet Explorer browser.

Bulk e-mailers and scam artists began utilizing the services of crackers who control large networks of compromised computers about a year ago, according to Stewart. This past summer, hijacked PCs were used to host porn and credit card phishing sites, according to research by Stewart and security consultant Richard M. Smith.

One strategy for mitigating the invisible-hosting problem, said Thor Larholm, a security researcher with Pivx Solutions, would be for Internet service providers or domain registrars to blacklist the DNS servers used by such outfits, effectively cutting them off from the Internet.

But Tubul said his group changes its DNS servers regularly to protect against such tactics.

While many ISPs do not seem to understand the severity of the invisible-hosting problem, Linford said law enforcement authorities have begun investigating.

"These people are not just violating ISPs' rules," said Linford. "These are guys who really need to do some time in jail."

Security Holes in Symantec's Software

Source Code Leak a Bust?

Cloaking Device Made for Spammers

See also

Today's Top 5 Stories