The official Web site of Asustek Computer has been hijacked and used to serve up exploit code for the recently-patched animated cursor (.ani) vulnerability.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of security. He is the author of three books and thousands of published articles and many more unpublished, private reports. Larry has been Technical Director at several test laboratories where he both directed and ran product testing, with a special interest in test automation. Larry began his career as a Software Engineer at the now-defunct Desktop Software Corporation in Princeton, NJ, on the team that wrote the NPL 4GL query language. He also worked on corporate IT and software development at Chase Econometrics. Larry is a graduate of the University of Pennsylvania with a degree in Public Policy.
Ms. Violet Blue (tinynibbles.com, @violetblue) is a freelance investigative reporter on hacking and cybercrime at Zero Day/ZDNet, CNET and CBS News, as well as a noted sex columnist. She has made regular appearances on CNN and The Oprah Winfrey Show and is regularly interviewed, quoted, and featured in a variety of publications that includes ABC News and the Wall Street Journal. She has authored and edited award-winning, best selling books in eight translations and has been a sex columnist for the San Francisco Chronicle. She has given keynote talks at such conferences as ETech, LeWeb, and the Forbes Brand Leadership Conference, and has given two Tech Talks at Google. In 2010, the London Times named Blue one of “40 bloggers who really count.” Ms. Blue is the author of The Smart Girl's Guide to Privacy. Violet Blue bio courtesy of TTI Vanguard.
Microsoft plans to issue five bulletins next Tuesday, four affecting the Windows operating system. The highest maximum severity rating for the Windows bugs is "critical." Don't look for fixes for known (and under attack) Office bugs.
The virus, named Podloso, does not pose a real threat but signals an intent by malware authors to move beyond computers and smart phones.
The flaw "allows for remote execution of arbitrary code with minimal user interaction" and and affects Windows 2000, Windows XP and Windows 2003.
Mozilla is considering a "workaround" to block the attack vector that puts Firefox users at risk of attacks exploiting the Windows animated cursor (.ani) vulnerability.
The ongoing Windows animated cursor (.ani) flaw attack just keeps getting worse.
Microsoft's out-of-band update for the critical -- and under attack -- animated cursor (.ani) vulnerability has finally crossed the finish line, one week ahead of Redmond's own schedule but more than three months after it was first reported by a private security research company.
eEye Digital Security has shaken up its top management, firing chief executive officer Ross Brown less than six months after promoting him to the top slot.Kamal Arafeh, who previously managed eEye's sales operations, will be the new CEO.
Sana Security has scooped up $12 million in a fifth round of funding and hired telco crash survivor Don Listwin to take over the corner office. Sana, which excels at behavior blocking software, is banking on the new CEO to find new customers for its Active Malware Defense Technology and figure out an exit strategy in a very tricky security market.
Microsoft plans to release an emergency, out-of-cycle Windows update on Tuesday, April 3, 2006 to patch the animated cursor (.ani) vulnerability currently being used in widespread malware attacks.
On the Full Disclosure mailing list comes this announcement from a group of anonymous security researchers: During one week (2007-04-02/08), new undisclosed vulnerabilities / flaws / exploitation techniques discovered in the latest versions of the Microsoft Windows Vista operating system and softwares will be publicly disclosed on this page. This project is launched as a challenge by an unofficial team of security experts.
A private security research outfit says it notified Microsoft about the animated cursor (.ani) code execution vulnerability since December 2006, a full four months ahead of yesterday's discovery of Internet Explorer drive-by attacks.
Spammers are using fake Internet Explorer 7 (Beta 2) downloads to lure Windows users into downloading a nasty backdoor Trojan.The fake downloads are part of a massive spam run that includes an official-looking graphic (see image below) linked to Web sites that auto-launch an executable named "ie7.
[UPDATE: March 29, 2007 @ 1:15 PM Eastern] Microsoft has confirmed that this is indeed a zero-day flaw that will require a security update. Although Internet Explorer is the primary attack vector, this is a vulnerability in the way Windows handles animated cursor (.