Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Pastimes : Computer Learning -- Ignore unavailable to you. Want to Upgrade?

To: Esteban who wrote (35366)	7/24/2003 5:34:41 PM
From: Doug Coughlan	Read Replies (2) \| Respond to of 110655

Critical flaw in Windows music program-Microsoft Thursday July 24, 4:00 pm ET SAN FRANCISCO, July 24 (Reuters) - Microsoft Corp. (NasdaqNM:MSFT - News) has issued a patch for a new, critical flaw in Windows that could allow an attacker to take control of a victim's computer or run malicious programs on it, the company said on Thursday. If exploited, the flaw could allow an attacker to delete files, search records, send e-mails or even launch a new attack from the victim's computer. The problem involves how a technology in DirectX -- a group of instructions used by Windows programs to play audio and video -- handles MIDI (musical instrument digital interface) files. Basically, an attacker could write a MIDI file designed to exploit the flaw and send it in an e-mail or host it on a Web site or shared network, said Stephen Toulouse, security program manager at Microsoft's Security Response Center. The malicious code could be launched by simply opening or previewing the e-mail, unless the computer is running a newer version of Outlook or the owner has downloaded Outlook E-mail Security Update software, he said. The attack could slip past anti-virus software and through e-mail gateways undetected, said Russ Cooper of TruSecure Corp., a security services provider. "When this exploit comes out it will run on peoples' desktops when they aren't even there," he said. That is because "the file type is considered safe." The flaw is rated critical for all versions of Windows except Windows Server 2003, which has mitigating factors that minimize the risk, Microsoft said. There were no known exploits for the vulnerability, which was discovered by eEye Digital Security, Microsoft said. The Redmond, Washington-based company has issued a series of security vulnerability advisories over the last week or so, including another critical one last week that affected all versions of Windows. Microsoft is offering more information and a patch at: microsoft.com 0.asp

To: Esteban who wrote (35366)	7/25/2003 12:38:43 AM
From: SIer formerly known as Joe B.	Respond to of 110655

Identity thief nabs victims at Kinko’s Case highlights risks of using public Internet terminals By Anick Jesdanun ASSOCIATED PRESS msnbc.com NEW YORK, July 23 — For more than a year, unbeknownst to people who used Internet terminals at Kinko’s stores in New York, Juju Jiang was recording what they typed, paying particular attention to their passwords. Jiang had secretly installed, in at least 14 Kinko’s copy shops, software that logs individual keystrokes. He captured more than 450 user names and passwords, and used them to access and open bank accounts online. research engineer, Internet Security Systems THE CASE, WHICH led to a guilty plea earlier this month after Jiang was caught, highlights the risks in using public Internet terminals at cybercafes, libraries, airports and other establishments. “Use common sense when using any public terminal,” warned Neel Mehta, research engineer at Internet Security Systems Inc. “For most day-to-day stuff like surfing the Web, you’re probably all right, but for anything sensitive you should think twice.” Jiang was caught when, according to court records, he used one of the stolen passwords to access a computer with GoToMyPC software, which lets individuals access their own computers from elsewhere. The GoToMyPC subscriber was home at the time and suddenly saw the cursor on his computer move around and files open as if by themselves. He then saw an account being opened in his name at an online payment transfer service. Jiang, who is awaiting sentencing, admitted installing Invisible KeyLogger Stealth software at Kinko’s as early as Feb. 14, 2001. The software is one of several keystroke loggers available for businesses and parents to monitor their employees and children. The government even installed one to build a bookmaking case against the son of jailed mob boss Nicodemo “Little Nicky” Scarfo. Earlier this year, a former Boston College student pleaded guilty to using similar software on more than 100 computers around campus to collect passwords and other data so that he could create a campus ID card for making purchases and entering buildings illegally, authorities say. Mehta said that while millions of individuals use public terminals without trouble, they should be cautious. “When you sit down at an Internet cafe, ask the owner or operator about the security measures in place,” he said. “If they don’t know or don’t have anything in place, you could consider going somewhere else.” Encrypting e-mail and Web sessions does nothing to combat keystroke loggers. But encryption can guard against network sniffers — software that can monitor e-mail, passwords and other traffic while it is in transit. Data cookies also contribute to the risk of identity theft. Cookies are files that help Web sites remember who you are so that you do not have to keep logging on to a site. But unless you remember to log out, these files could let the next person using the terminal to surf the Web as you. Furthermore, browsers typically record recent Web sites visited so that users will not have to retype addresses. And such addresses often have user names and other sensitive information embedded. Secure public terminals should have provisions for automatically flushing cookies and Web addresses when a customer leaves, Internet security experts say. Kinko’s spokeswoman Maggie Thill said the company takes security seriously and believes it has “succeeded in making a similar attack extremely difficult in the future.” She would not provide details, saying that to do so could make systems less secure. Nonetheless, Thill said customers have a responsibility to “protect their information as they would a credit card slip.” She said the company is trying to educate them through signs and other warnings. At one Kinko’s that Jiang targeted, a sign attached to individual $18-per-hour stations warns: “BE SAFE. PROTECT YOUR PERSONAL INFORMATION.”