Internet Security Online

It seems like every other blog, forum, or tech enthusiast site is talking about Apple’s new Boot Camp beta, which makes it extremely easy to dual-boot to Windows XP on Intel-based Macs. There are tons of opinion pieces about what this means for the industry, what it means for Apple or Microsoft, how it’s going to impact game developers—you name it. It seems as though more and more users are making the switch—the most vocal are the Windows users buying Macs for the first time (or the first time in years) now that they can easily run all their Windows apps. Less vocal, but definitely out there, are the Mac users making a Windows partition to gain access to that handful of programs their Windows-using buddies are always talking about.

Barely two weeks after shipping an Internet Explorer security makeover to cover a wave of drive-by malware downloads, Microsoft is scrambling to address the public disclosure of a new zero-day vulnerability that could be used in code execution attacks.

The Redmond, Wash. software maker confirmed it was investigating a warning posted on the Full-disclosure mailing list that the latest versions of IE causes various types of crashes when visiting Web pages with nested OBJECT tags.

APRIL 25, 2006 (COMPUTERWORLD) - Microsoft has released for free public download beta 2 of Internet Explorer 7 for Windows XP. This latest version of Microsoft’s next browser has few visible changes from the Beta 2 preview edition posted on March 20.

As promised, Microsoft Tuesday released an updated edition of its April 11 MS06-016 security bulletin to eliminate a host of bad behaviors that the original fix caused on systems running older Hewlett-Packard software or NVIDIA graphics drivers.

The 2.0 patch, which is still dubbed MS06-015, will be offered to users only if it detects the conflicting HP or NVIDIA software, Microsoft has said.

A zero-day vulnerability in a fully-patched and most-current version of Mozilla Corp.’s Firefox could be exploited to crash the browser at the least, and at the worst, possibly introduce malicious code, a security company warned Tuesday.

The bug, which first appeared on Mozilla’s Bugzilla listing a week ago on April 18, could be used by an attacker to crash Firefox by feeding it malformed JavaScript code.

Microsoft on Tuesday expanded its anti-piracy efforts by unveiling a tool that puts “nag” messages on the screens of computers running bogus copies of Windows.

The “Windows Genuine Advantage Notifications” tool displays a message when users of counterfeit Windows log on. “It appears that you could be a victim of software piracy. The copy of Windows installed on this computer is not considered to be genuine by Microsoft,” the initial dialog box message reads. “The notification will continue to display until your computer is running genuine Microsoft Windows.”

A security firm on Tuesday reported discovering a phishing scheme in which the scammers used Internet telephony to copy a bank’s automated voice system in order to steal customers’ passwords, account numbers and other personal information.

I got a spam this morning with a subject line of “yahoo send you postcard” from “postcard”. Of course all the alarms went off in my head, but there was no attachment and I have a nice little freeware app called PocketKnife Peek that lets you preview an email in plain text, view the html source, the headers and attachments without opening the email. (Minor rant — why doesn’t Outlook 2003 have that feature?!)

APRIL 24, 2006 (COMPUTERWORLD) - So, you just set up a shiny new wireless router at home or at your office. As convenient as it is to have no strings, or at least wires, attached, that new router may have punched a hole in your security schema and set you up for unwanted trouble. The reason you could now be vulnerable is simple: default settings. Remember, manufacturers often turn off security and certain other features by default so that their products will be easier to set up and integrate into a wide variety of networks.

Hot on the heels of a new security patch for Firefox, a new vulnerability has been disclosed. How bad is it? Judge for yourself after reading the Firefox Bug section.

Apple released an update last week to the Java implementation in Mac OS X. See why you should update your Mac in the Mac Java Update section.