security

A zero-day or "0day" attack is a computer threat that tries to exploit computer application vulnerabilities for which no security fix is yet available. Zero-day exploits are used by attackers before the software vendor knows about the vulnerability. ... The term derives from the age of the exploit. When a vendor becomes aware of a security hole, there is a race to close it before attackers discover it or the vulnerability becomes public. A "zero day" attack occurs on or before the first or "zeroth" day of vendor awareness, meaning the vendor has not had any opportunity to disseminate a security ... (view more)

Microsoft yesterday released a package of five Security Bulletins offering fixes for a total of eight vulnerabilities. While it's news worth celebrating, unfortunately the software company has also failed to address three other zero-day ... vulnerabilities . Browse And Get Owned, Drive-By Attacks Addressed All five of the Security Bulletins Microsoft has addressed were outlined in September and deemed "critical" -- the highest level of concern. Three out of five of the issues taken care of by Microsoft fix issues associated with "browse-and-get-owned" attacks, otherwise known as " drive-by" ... (view more)

In an effort to expedite stolen personal identities and financial records of unsuspecting users, online deviants are using an Instant Messaging component of their attack software, coupled malware. According to RSA Security, the Zeus Trojan informs ... hackers when their desired information has been poached. With Zeus, hackers can act faster in completing their time-sensitive illegal acts, which could lead to even more victims being targeted. Internet security firms are very familiar with the Zeus Trojan, blaming it for an endless trail of online bank account heists. Most believe Zeus is the ... (view more)

Here's the good and bad news on the upcoming Microsoft's monthly Windows Update: the good news is that Microsoft only has five security problems to fix. The bad news is that they are all marked critical. Patch is Due Next Tuesday, but Few Details In ... an unusual move, the company isn't releasing any details about the problems which are being fixed in the next Patch Tuesday update, scheduled for release next week. It's possible the firm doesn't want to tip off hackers who might try to exploit the problems before the fixes are released, but it's unusual that Microsoft wouldn't at least outline ... (view more)

A campaign group known as The Free Software Foundation (FSF) has accused Microsoft and its upcoming Windows 7 operating system of seven sins against freedom. The freedom in this case does not pertain to whether or not companies charge for their ... software, but rather the way it affects the user's rights to control their software. The group has written an open letter and sent it to CEOs of 499 of the leading 500 corporations asking them to consider carefully whether or not to upgrade to Windows 7. Of course, the FSF didn't think it was worth sending the copy to Microsoft, though oddly enough, a ... (view more)

NOTE: Be sure to grab the our supplemental reports 'Top 8 Freeware Antivirus Reviewed' and 'Top 10 PC Security Essentials' at the end of this article to learn how to better protect your PC online -- or click here to go to our Top 10 Reports now! If ... you're a fan of Jessica Biel, you may want to take care when searching for her name online. She's the celebrity whose name is most likely to produce spyware infected search results. The news was revealed by security firm McAfee, which has carried out a survey of the most dangerous search terms based on individuals for the past three years. Paris ... (view more)

Java SE6 is set to receive what is being called "significant security patches." The need for repair came after the US-CERT (United States Computer Emergency Readiness Team) warned that a number of vulnerabilities were in existence, allowing ... potential hackers to bypass authentication methods and execute arbitrary codes. One flaw exposes Java's audio system; if left unpatched, online deviants could be given access to a computer system without authorization. Another exploit provides root access to a vulnerable machine. Java Exploit Linked to ActiveX The most prominent flaw to be patched is ... (view more)

Though it's been out of the headlines for some time, the Conficker virus is alive and well. Researchers say it appears the virus has kept working despite little if any attention from its creators. According to Mikko Hypponen of F-Secure, one of the ... firms investigating the virus, there are still more than 5.5 million computers infected by Conficker, with Brazil, Vietnam and China particularly affected. That may be because computer owners there are less likely to be able to afford security software and more likely to be running pirated copies of Windows which are less likely to update Microsoft ... (view more)

With the release of Windows 7 just a few months away, security experts have begun touting the widespread positive impact Windows 7 will have on PC protection and the online community. Despite the occasional outbreak of critical security patches, ... Microsoft has been able to steadily improve its security image since launching the Trusted Computing initiative more than five years ago. (Source: eweek.com ) Win7 to Help Strengthen Security Purewire Principal Researcher Paul Royal touted three specific Windows 7 modifications that he believes will help thwart application vulnerabilities, rootkits ... (view more)

Security researchers have demonstrated how both Windows Mobile and iPhone handsets can be hacked simply be sending a text message. It's also emerged that a flaw in the way secure websites worked could cause problems for Firefox users. The news comes ... from the annual Black Hat security conference in Las Vegas, where it's joked that "black hat" hackers find these issues for criminal reasons, while "white hat" hackers are merely trying to improve security. However, it's generally understood that those who speak at the conference do so to highlight problems rather than exploit them. SMS from a SOB ... (view more)