Microsoft Security, DDoS Attacks and Spam Top Security News..!!

priyanshuit's picture


A recap of the past week in IT security news includes vulnerability reports from Microsoft, new research on the impact of DDoS attacks on free speech and more.
The past week in security featured a round of new security warnings from Microsoft, security research and a feud between neighbors that turned into a miniature cyber-war.

Microsoft issued an advisory Dec. 22 for a security vulnerability affecting Internet Explorer 6, 7 and 8.

According to Microsoft, the vulnerability exists due to the creation of uninitialized memory during a CSS function within Internet Explorer. Under certain conditions, it is possible for an attacker to leverage the memory to execute code remotely.

"An attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the Web site," Microsoft's advisory warns.

 In addition, there were reports of vulnerabilities impacting the Microsoft WMI Administrative Tools WMI Object Viewer ActiveX Control as well as a denial-of-service issue affecting IIS FTP 7.5.

Microsoft also dealt with a bit of fallout from a configuration error impacting users of its cloud-based Business Productivity Online Suite (BPOS). BPOS is a set of messaging and collaboration tools that includes Microsoft Exchange Online, Microsoft SharePoint Online, Microsoft Office Communications Online and Office Live Meeting. According to Microsoft, the configuration issue exposed information in customers' Offline Address Books, a feature in Exchange that permits Outlook users to access copies of e-mail addresses when users are not connected to Exchange.

"We take our responsibility to safeguard customer data very seriously, and while no customer action is required, we have notified all our Business Productivity Online Suite–Standard customers about this issue," said Clint Patterson, Microsoft's director of BPOS Communications, in a statement.

Away from the world of Microsoft, a beef between neighbors in Minnesota ended with the guilty plea of Vincent Ardolf of Blaine, Minn. He stopped his trial Dec. 17 and confessed to hacking into his neighbor's wireless Internet connection, posing as him as he fired off an e-mail threatening U.S. Vice President Joseph Biden. Ardolf also admitted that he sent sexual e-mails to the neighbor's co-workers, including one with child pornography.

When he is sentenced, Ardolf faces a maximum penalty of 20 years in prison on the child porn distribution charge; 10 years on the child porn possession charge; and five years on both the unauthorized access to a computer and threats to the vice president charges. He also faces a mandatory two-year minimum on each count of aggravated identity theft.

News surfaced during the week that attackers hit the Spamhaus Project with a distributed denial-of-service (DDoS) attack Dec.18 in an apparent retaliation for a warning it issued earlier this month about wikileaks.info, which it said was under control of a Russian hosting provider known for hosting malware and phishing attacks. A few days later, research from Harvard University highlighted how DDoS was being used as a weapon against media sites and human rights organizations.

According to the report (PDF), 280 independent media and human-rights Websites were hit with 140 attacks between September 2009 and August 2010. Since 1998, the researchers tallied reports of 329 different attacks against more than 815 sites, figures they estimate only account for a small portion of the actual attacks.

Of course, botnets aren't just used for DDoS—they also a used heavily for spam and malware attacks. But according to security researchers, this holiday season has seen something of a respite in the amount of Christmas-themed spam. M86 Security Labs told eWEEK Dec. 21 that Christmas holiday spam accounted for less than 1 percent of all the spam making the rounds on the Internet.

Source: www.eweek.com/

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
12 + 3 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

About the Author

priyanshuit's picture

Name
priyanshu

Last Name
sahay

Gender
Male

Website / Blog
http://www.hackersonlineclub.com

About me
Myself PRIYANSHU. >> Certified Cyber Law Expert >> Certified Cyber Security Expert >> Certified Ethical Hacker >> Working on Cyber Security, Ethical Hacking, Investigation, VAPT, Web Designing. Catch Me On >> Facebook: http://www.facebook.com/priyanshu.it Twitter: http://twitter.com/priyanshu_itech Email: priyanshu@cyber-india.in

Location
Delhi

Recent comments