Internet Security Online

Nearly 200,000 records of alumni, faculty, staff, and current and prospective students of the business school at the University of Texas at Austin have been exposed in a data breach, school officials said Sunday. It was the second at the university in three years.

The breach was discovered Friday, and involved 197,000 records, some of which included Social Security numbers and “possibly other biographical data,” UT said in a statement issued Sunday.

Microsoft’s Internet Explorer, which was just patched with 10 fixes two weeks ago, suffers from yet another zero-day vulnerability that can be exploited remotely, security firm Symantec said Monday.

In an alert to customers of its DeepSight threat system, Symantec cited a vulnerability first posted to the Bugtraq security mailing list by researcher Michal Zalewski, who notes that IE is prone to memory corruption because of the way it handles malformed HTML.

A dirt-cheap, do-it-yourself hacking kit sold by a Russian Web site is being used by more than 1,000 malicious Web sites, a security company said Monday.

Those sites have confiscated hundreds of thousands of computers using the “smartbomb” kit, which sniffs for seven unpatched vulnerabilities in Internet Explorer and Firefox, then attacks the easiest-to-exploit weakness.

Officials at a Texas community college say they did not ban access to MySpace.com, despite widespread media reports saying they did.

August Alfonso, chief information technology officer at Del Mar College, in Corpus Christi, Texas, and spokesperson Claudia Jackson explained Monday that the school suspended access to the site to free up bandwidth while students prepare for finals.

Comment Computing magazine recently ran a major feature on security. In particular, it focused on internal as opposed to external threats, reflecting the fact that, according to the (former) National Hi-Tech Crime Unit, some 38 per cent of financial fraud in the UK is a result of internal security breaches.

Microsoft on Tuesday stripped the “Preview” label from Internet Explorer Beta 2 to roll out the first version of its new browser that the company will support with regular security updates.

Windows XP and Windows Server 2003 users will also be the first to get their hands on the final IE 7 later this year; Microsoft plans to release their edition before Windows Vista, which includes its own version of IE 7, ships in November.

hunderbird 1.5.0.2 provides stability and security enhancements that are part of our ongoing program to provide a safer email experience for our users. We recommend that all Thunderbird users upgrade to this latest version.

Here’s what’s new in Thunderbird 1.5.0.2:
* Improvements to product stability.
* Several security fixes.
* 1.5.0.2 does not include Universal Binary support for Mac OS X. We hope to have this ready for 1.5.0.3.

A startup funded by the U.S. government’s Defense Advanced Research Projects Agency is ready to emerge from stealth mode with hardware- and software-based technologies to fight the rapid spread of malicious rootkits.

Komoku, of College Park, Md., plans to ship a beta of Gamma, a new rootkit detection tool that builds on a prototype used by several sensitive U.S. government departments to find operating system abnormalities that may be linked to malicious rootkit activity.

A host of software companies, security firms and internet service providers met in Chicago on Wednesday to urge corporations and bulk message senders to adopt email authentication technologies.

The technologies, known as Sender ID and DomainKeys, aim to allow email recipients to positively identify the sender of an email message and hold the promise of giving service providers the tools they need to effectively end spam and phishing attacks.

Secunia said there are potential vulnerabilities in the Mac OS X operating system, first noticed by Tom Ferris.

The firm described the holes as ‘highly critical’, meaning that systems could be compromised if crooks dive in. Secunia said the potential holes are in version 10.4.6, but other versions might be
affected too.

As an aside, the updated security details for the three main OS are: