The winner of the last 1,000 pixels, which sold for US$38,100 on eBay, is threatening to sue because the Web site was offline for six days until Wednesday, the Financial Times reported in its online edition on Thursday.
"Steve Gibson (of SpinRite fame) proposed a theory in his weekly Thursday-night podcast last week that, if true, would be the biggest scandal to ever hit Microsoft--that the WMF vulnerability that drew so much media attention last month is actually a back door programmed intentionally by Microsoft for unknown reasons," Russinovich wrote on his blog Wednesday.
"I finished my analysis... over the weekend. In my opinion the back door is one caused by … Read more
America Online has quietly fixed a serious security vulnerability in its software.
The flaw lies in versions 8.0, 8.0 Plus and 9.0 Classic of AOL's client software, the U.S. Computer Emergency Readiness Team said in an alert Monday. The vulnerable software was also distributed via AOL's You've Got Pictures Web site prior to 2004, US-CERT said.
The security hole could allow a remote attacker to commandeer a vulnerable PC, according to US-CERT. However, AOL actually fixed the flaw and distributed an update to its 20 million users in October last year, company spokesman … Read more
"Now, there??s been some speculation that ... this trigger was somehow intentional. That speculation is wrong," Stephen Toulouse, a program manager in Microsoft's Security Response Center, wrote on a Microsoft corporate blog Friday.
On Thursday last week, researcher Steve Gibson suggested that the image processing flaw in Windows is so bizarre that it must have been intentional. The suggestion caused a deluge of comments … Read more
Postings are flying fast and thick in the security community over a researcher's suggestion that Microsoft hid sneaky code in Windows.
The recent security problem regarding the rendering of Windows Meta File images was so bizarre that it has to be an intentional backdoor in the operating system, Steve Gibson said in a podcast posted Thursday.
He said he can find no other explanation for the existence of the WMF rendering problem, and no reason for the ability in Windows to use such image files to execute computer code.
"This was not a mistake. This is not buggy … Read more
A new, more malicious version of a worm that targets Oracle database software has surfaced. The worm source code was sent out on a popular security mailing list just before the new year, security experts have said.
The new variant of what's been dubbed the "Oracle voyager" worm has a more malicious payload than the original variant, but still lacks a replication mechanism, Pete Finnigan, an Oracle security specialist wrote in his blog.
Most significantly, the updated worm code grants administrator access to public user accounts on the database and opens a backdoor, according to Finnigan's … Read more
Some tech savvy thieves in New York City stole more than $100,000 after duping about 50 Washington Mutual customers out of their ATM pin numbers.
The crooks attached phony keypads and bankcard slots onto two Washington Mutual branches in New York City, according to a report from CNNMoney.com.
The information was then transferred onto fraudulent cards and used to withdraw money from the victims' accounts, the Web site reported. The bank will compensate the victims.
Police are warning ATM users to beware of strange wires rigged onto ATM machines, or of video cameras trained on the keypad. Customers … Read more
Microsoft on Thursday rushed out an update to address a serious security flaw in Windows. Patches are available for Windows 2000, Windows XP, and Windows Server 2003, but Microsoft left out Windows 98 and Windows Millennium Edition.
The flaw lies in the way the OS software handles Windows Meta File images. Microsoft deems the issue "critical" only for Windows 2000, Windows XP and Windows Server 2003, the problem is not as big for Windows 98 and Windows ME because it is harder to exploit on those OSes, the company said in its MS06-001 security bulletin..
Experts from iDefense, … Read more
It's always great when readers weigh in passionately on our stories, like Evgeny Krevets of Davis, Calif., did this week.
Krevets was one of the people I wrote about on Tuesday who received a letter from H&R Block about a big customer data screw-up. The letters informed him and an undisclosed number of others that the company accidentally printed their social security numbers on the mailing labels of free TaxCut CDs it recently mailed to them.
H&R Block's assurances that the chances of identity theft are remote did little to comfort Krevets, who raised … Read more
The company is breaking with its monthly patch cycle because it completed testing of the security update earlier than it anticipated, it said in a note on its Web site.
"In addition, Microsoft is releasing the update early in response to strong customer sentiment that the release should be made available as soon as possible," the company said.
The security update fixes a vulnerability in the way Windows renders Windows Meta File images. … Read more