Blackmoor Vituperative

Phishing Phor Phishers

If you’re like the majority of Internet users, a good quantity of your e-mail is junk. Perhaps the amount seems like less than it actually is thanks to filtering, but it’s still there. The world is fighting a losing battle with junk e-mail — primarily because of weaknesses in the Simple Mail Transfer Protocol (SMTP) — and everyone knows it.

(from TechRepublic.com, Replacing SMTP: A proposal)

Spam is beyond ridiculous. We have needed a better email protocol for years. Yarden’s sugestion is as good as anything else that I have seen.

Microsoft’s most recent security update for Internet Explorer introduces a serious security flaw on some Windows systems.

See Tech News on ZDNet, IE patch carries security bug.

The US Department of Homeland Security has urged Windows users to install the latest patches from Microsoft as quickly as possible.

In particular it warned about one bug fixed in the latest batch of security updates that, if exploited, could put a PC under the control of an attacker.

Microsoft’s recent update fixed 23 flaws found in Windows software.

Many of these bugs are known to malicious hackers and some are already actively exploited on the net.

(from BBC News, Official warning on Windows bugs)

“Firefox 1.5.0.5 is a security update that is part of our ongoing program to provide a safe Internet experience for our customers,” Mozilla said on its Web site. “We recommend that all users upgrade to this latest version.”

WGA nabs 60 million Windows cheaters?

According to a Microsoft manager, 60 million people have failed the Windows Genuine Advantage validation test. But according to Ed Bott, the numbers don’t add up.

See also: That deceptive, misleading WGA installation

File under “yet another reason to switch to OpenOffice”.

New PowerPoint hole used in cyberattacks | Tech News on ZDNet

A security researcher with expertise in rootkits has built a working prototype of new technology that is capable of creating malware that remains “100 percent undetectable,” even on Windows Vista x64 systems.

Joanna Rutkowska, a stealth malware researcher at Singapore-based IT security firm COSEINC, says the new Blue Pill concept uses AMD’s SVM/Pacifica virtualization technology to create an ultra-thin hypervisor that takes complete control of the underlying operating system.

Rutkowska plans to discuss the idea and demonstrate a working prototype for Windows Vista x64 at the SyScan Conference in Singapore on July 21 and at the Black Hat Briefings in Las Vegas on Aug. 3.

The Black Hat presentation will occur on the same day Microsoft is scheduled to show off some of the key security features and functionality being fitted into Vista.

(from eWeek, ‘Blue Pill’ Prototype Creates 100% Undetectable Malware)

File under “as if you needed yet another reason to swich to OpenOffice”:

A weakness in how Office applications handle Macromedia Flash files exposes Microsoft customers to cyberattacks, experts have warned.

Flash files embedded in Office documents could run and execute code without any warning, Symantec said in an alert sent to customers on Thursday. The security issue is the third problem reported within a week that affects Microsoft Office users.

“A successful attack may allow attackers to access sensitive information and potentially execute malicious commands on a vulnerable computer,” Symantec said in the alert, which was sent to users of its DeepSight security intelligence. The vulnerability was reported by researcher Debasis Mohanty.

The issue relates to the ability to load ActiveX controls in an Office document and is not a vulnerability but an Office feature, a Microsoft representative said. “This behavior is by design and by itself does not represent a security risk to customers,” he said. An ActiveX control is a small application typically used to make Web sites more interactive.

(from ZDNet, Microsoft Office hit by another security problem)

Microsoft Office, Flash, and ActiveX? Wow, that’s a trifecta. If it was put to music, it’d be a country music song. All it’s missing is a Sony rootkit, and you’d have the four horsemen of the software apocalypse.

A major spammer who was accused of sending up to 25 million e-mails per day has settled a lawsuit with Microsoft and the state of Texas.

The settlement has cost Ryan Pitylak $1 million, as well as the seizure of many of the assets he accumulated during a short-lived career as one of the world’s worst spammers.

At the peak of his spamming activity, the 24-year-old Texas resident was listed as the world’s fourth most-prolific spammer by antispam group Spamhaus.

Now Pitylak is claiming something of an epiphany, saying he has seen the error of his ways and will dedicate his efforts to trying to rid the world of nuisance e-mail. He has even taken to referring to himself as an “antispam activist” in an apparent change of heart of epic proportions.

(from ZDNet, Spammer settles suit for $1 million)

Well of course he’s seen the error of his ways — his business has been shut down, and his only hope of recovering from this catastrophe is to switch gears and try to leverage his experience as a scumbag spammer into a consulting gig.

Maybe he really has learned his lesson. One million dollars is a lot of money to most individuals. But I’m still not sure that’s as good a deterrent as the alternative.