Microsoft Browser Holes Lead to AIM, Dial-Up Attacks

<font size="3">Microsoft Browser Holes Lead to AIM, Dial-Up Attacks</font>

Security holes in Microsoft's Internet Explorer browser have been exploited by hackers to hijack AOL instant messaging accounts and force unsuspecting Web surfers to run up massive phone bills, computer experts cautioned on Friday. Some Internet Explorer users are also finding that malicious Web sites are secretly slipping trojan programs onto their computers, which could prove an even more dangerous exploit, said Drew Copley, a research engineer at Aliso Viejo, California-based eEye Digital Security, who discovered the original security vulnerability. Such stealth programs can include keystroke loggers that record everything a person types or software to erase the hard drive, among other things, he said.

Microsoft has released a patch for the original hole, which was reported about a month ago, said Stephen Toulouse, security program manager...

SMB Worm spreading through MSN Messenger

<font size="3">SMB Worm spreading through MSN Messenger</font>

A new network virus called Worm.Win32.Smbmsn.163840 was discovered two days ago by Asia-based Global Hauri. This worm spreads through MSN Messenger through a file called SMB.EXE. If the user accepts this file, it will send itself to all contacts on his or her contact list. If the user executes it, a DOS prompt will come up for about a second and disappears. This occurs because it unzips a couple of files to the C: root and windows directories. The file also tempers with the registry (see below for details).

Do NOT accept the file transfer of SMB.EXE (or any other suspicious file) in MSN Messenger!

An MSN spokesperson said the company is aware of the virus, and that users' best means of protection is to have a desktop anti-virus solution already installed, and to use MSN Messenger 6's anti-virus feature. The feature enables customers to link...

Samba offers NT 4.0 escape route

<font size="3">Samba offers NT 4.0 escape route</font>

One small but significant breakthrough from the open source Samba project offers Windows NT shops a low-cost migration option out of the Microsoft world. The new release of the software, which provides file and print services on Windows networks, can serve as a Primary Domain Controller (PDC) on NT 4.0. Samba version 4.0 is available for download today.

"This is an escape route for people stuck on NT 4," Samba co-lead Jeremy Allison tells us. "Anything you can do on NT 4, we can do."

Microsoft once touted the domain model as suitable for all enterprises, before it realized it wasn't, and began promoting Active Directory as a successor. However, there are still plenty of older smaller businesses that run NT4.

"Microsoft makes a lot of money from SMEs. With Samba 4 you can set up a small server and provide hundreds of users with authentication, file and...

Anti-Spam Web Pages Shut Down by Attacks

<font size="3">Anti-Spam Web Pages Shut Down by Attacks</font>

Three Web sites that provide spam blocking lists have shut down as a result of crippling Internet attacks in what experts on Thursday said is an escalation in the war between spammers and opponents of unsolicited e-mails.

The technological war comes as Congress considers a federal anti-spam law and California adopts what is widely considered to be the toughest law in the country. The California law, signed on Tuesday, allows people to sue spammers for $1,000 per unsolicited e-mail and up to $1 million for a spam campaign.

"This definitely marks an escalation in the spam wars," Andrew Barrett, executive director of The Spamcon Foundation, a spam watchdog group, said of the recent Internet attacks on lists used to block spam.

Two of those spam block lists have shut down after being attacked by denial-of-service attacks, in which compromised...

MSN Chatrooms Axed

<font size="3">MSN Chatrooms Axed</font>

Computer giant Microsoft is to close the majority of its internet chatrooms to stop paedophiles praying on young children.

It will axe all its chatrooms run by its MSN websites in 34 countries while others will be more tightly monitored or operate on a subsciption-only basis.

The company also hopes the move will combat spam emails.

Companies are known to collect e-mail addresses from those visiting chatrooms which they use to send what are often x-rated adverts.

Matt Whittingham, head of customer satisfaction at MSN UK, said: "Most people treat this type of service with respect but we have found that chatrooms - and not only ours - are increasingly being used for inappropriate communications.

MSN will shut its free, unmoderated Chat services around the globe on October 14.

News source:...

Will Microsoft ever get secure?

<font size="3">Will Microsoft ever get secure? </font>

It must be tough to be the largest software company in the world. Everyone's always trying to exploit every little hole in your applications and every little mistake you make gets played up in the media. On the other hand, your software is in so many homes and offices across the world that you directly or indirectly touch the lives of millions, if not billions, of people.

With that popularity, though, comes a responsibility not only to call attention to any flaws in your products that might adversely affect your customers, but also to build products from the ground up that are secure as they can be. Microsoft is improving its track record on the former, but after almost two years of Trustworthy Computing, I've yet to see much progress on the latter.

Let's start with the positives. Since the MSBlast worm appeared last month, the software giant has been on the...

Putting a lid on broadband use

<font size="3">Putting a lid on broadband use </font>

Earlier this month, a Philadelphia Comcast broadband subscriber got a letter from his service provider, telling him he'd been using the Internet too much. Keith, who asked to keep his full name private, said he'd subscribed to the service for four years and never had a complaint before. Now he was being labeled a network "abuser."

Worse, he said, Comcast refused to tell him how much downloading was allowed under his contract. A customer service representative had told him there was no specific cap, he said, adding that he might avoid being suspended if he cut his bandwidth usage in half. But even then, the lack of a hard number gave Keith no guarantee.

"I don't mind restrictions, but how can Comcast expect users to stick to a limit when they don't say what the limit is?" he said. "If they're going to impose limits, that's one thing, but at least tell us...

Windows to Power ATMs in 2005

<font size="3">Windows to Power ATMs in 2005 </font>

Within three years, most bank machines that dispense cash will run on the Windows operating system, according to a study published last week. By 2005, 65 percent of bank ATMs (not including free-standing machines in places like convenience stores and casinos) in the United States will use a stripped-down version of Windows. About 12 percent of the machines will use the operating system by the end of this year, according to Gwenn Bezard, an analyst at market researcher Celent.

Bezard asked 20 of the top 60 banks in the country about their plans to upgrade ATMs. He also interviewed the top 10 ATM manufacturers and software vendors. He concluded the banking industry is ready to scrap IBM's OS/2 operating system, which powers most ATMs today. They would prefer Windows, a platform they consider "open" in that it is compatible with their internal corporate networks....

SBS Exam in Beta Next Week

<font size="3">SBS Exam in Beta Next Week </font>

Microsoft may release exam to beta testers Sept. 22-28, but the cert group has yet to confirm whether newest exam for SBS implementers is a go.

Although Microsoft certification program managers announced that the 70-282, Designing, Deploying, and Managing a Network Solution for a Small- and Medium-Sized Business would be available Sept. 22-28, as of this writing the company hasn't listed specific exam beta dates on the exam guide (click here). Microsoft program managers announced the exam, which is aimed at implementers of the upcoming Small Business Server 2003, at the MCP TechMentor conference in San Diego.

Nonetheless, the exam, numbered 71-282 while in beta, appears on both the Prometric and Vue registration sites....

emails not 4U

<font size="3">emails not 4U</font>

Phones 4U has banned its 2,500 staff from emailing each other. John Caudwell, the owner of the mobile phone retailer, reckons the move will save his employees three hours a day(three hours?!) and his company at least a £1m a month in time saved.

Caudwell told the Press Association: "I saw that email was insidiously invading Phones 4u so I banned it immediately.

"Management and staff at HQ and in the stores were beginning to show signs of being constrained by email proliferation - the ban brought an instant, dramatic and positive effect."

Staff are still allowed to respond to external emails, he said. That should ward off any complaints on human rights grounds...®

Source: http://www.theregister.co.uk