by certifiedbug on March 30, 2007
in Security
With the cost of pharmaceuticals at an all time high, people turn to the internet for alternatives. While there are certainly legitimate licensed pharmacies on-line, the internet has become a haven for cheap, unapproved, outdated and illegal products that are being shipped to consumers.
According to reports in Canadian newspapers, Marcia Bergeron died from taking pills she purchased over the Internet.
The Vancouver Sun:
Online drugs can prove deadly: coroner
The B.C. Coroners Service announced Tuesday that it believes Bergeron, 57, was poisoned by tainted pills she ordered online from a bogus Canadian pharmacy.
Sophos Advisory.
Spammers hack PHP websites to make money from online pharmacies.
Spam campaigns advertising internet pharmacies peddling drugs are directing users to webpages hosted on hacked innocent websites that then automatically redirect surfers to the online store.
Food and Drug Administration (FDA)
FDA.Buying Medicines and Medical Products Online
Microsoft Security Advisory (935423)
Vulnerability in Windows Animated Cursor Handling
Published: March 29, 2007
Microsoft is investigating new public reports of attacks exploiting a vulnerability in the way Microsoft Windows handles animated cursor (.ani) files. In order for this attack to be carried out, a user must either visit a Web site that contains a Web page that is used to exploit the vulnerability or view a specially crafted e-mail message or email attachment sent to them by an attacker.
Overview
Purpose of Advisory: To provide customers with initial notification of the publicly disclosed vulnerability. For more information see the “Workarounds and Mitigations” and “Suggested Actions” section of the security advisory.
Advisory Status: Issue Confirmed, Security Update Planned
Recommendation: Do not visit untrusted websites or view unsolicited email
Microsoft Security Advisory (935423)
Bill Pytlovany (WinPatrol) writes,
The AntiMalware market has grown into a multi-Billion dollar industry yet a number of solutions remain free to the public. A large number of online forums offer free help, thanks to caring volunteers. I have noticed that many of the free solutions have recently been coming under attack.
More at Bits from Bill.
by certifiedbug on March 28, 2007
in News
The Hartford Courant reported that the sentencing of Norwich substitute teacher Julie Amero has been postponed until April 26, 2007 and that the state’s attorney gave no reason in asking for the delay.
One could surmise that increasing press, driven by the blogosphere, is turning up the heat on Connecticut state officials.
by certifiedbug on March 27, 2007
in Security
Update from Spyware Sucks.
A contact at Microsoft put me in touch with the appropriate people at AOL this morning - an advertising tech lead and a gentleman involved in policy and compliance. Thanks to a network capture that I gave to AOL they were finally able to shut down the track down the rogue advertiser who had infiltrated the AOL ad network to serve up winfixer malware advertisements.
I am not confident that MS and AOL and the advertising networks they use are going to be able to block the bad guys going forward, not unless…….
Read the article here
by certifiedbug on March 26, 2007
in Security
by certifiedbug on March 24, 2007
in News
In 2006, e360 Insight sued Spamhaus, an anti-spam organisation, for blacklisting its domains.
Court Answer: e360Insight vs. The Spamhaus Project
Updated
2006-09-14
A SLAPP lawsuit filed in an Illinois (United States) court by David Linhardt (aka e360 Insight LLC) against The Spamhaus Project Ltd., a British-based non-profit organization over which the US court had no jurisdiction, went predictably to default judgement when Spamhaus did not accept U.S. jurisdiction.
Spamhaus firmly stands by its position that Linhardt is a spammer (i.e: “a sender of unsolicited bulk email”), Spamhaus has a large evidence archive of spam sent by Linhardt and spam advertising Linhardt’s website www.bargaindepot.net, sent to Spamtraps and non-existent users, including spam sent by Linhardt to a number of Spamhaus own investigators. Plus Spamhaus has many complaints from Internet users ready to testify they never opted-in to any such list and were being spammed by Linhardt/e360. (see samples of e360 spam below)
Spamhaus additionally has samples of spams advertising www.bargaindepot.net sent, in violation of the U.S. CAN-SPAM Act, with false routing information, from compromised computers on ADSL lines in Vietnam, China, Korea, Taiwan and Norway.
Spamhaus also stands by the absolute right, under the European Convention on Human Rights, of Spamhaus’ users to refuse access to their private mailboxes on their private networks to senders of unsolicited bulk email or indeed any unwanted email, a right established also in U.S. law by Chief Justice Burger, U.S. Supreme Court, who ruled: “The asserted right of a mailer stops at the outer boundary of every person’s domain”. Spamhaus maintains that while Linhardt has a right under U.S. law to send as much unsolicited bulk email as he likes, he has no right under any law to force Spamhaus users to receive it.
Source: The Spamhaus Project.
The Register.
Spamhaus nemesis e360 Insight sued over junk mail
Published Friday 23rd March 2007
John Leyden at The Register.
David Linhardt, individually, and his firm e360 Insight are among the defendants in a lawsuit brought by William Silverstein, an aggrieved spam recipient. Bargaindepot.net, a firm which shares offices with e360 Insight, is also named in the suit.
by certifiedbug on March 23, 2007
in Security
Sandi Hardmeier has written before about AOL pages redirecting to Winfixer, aka SystemDoctor, aka ErrorSafe.
With Microsoft’s Network Monitor running, she got the proof:
Below are snippets of relevant network data - the full logs are available for inspection and use by the appropriate authorities
Analysis with screenshots at Spyware Sucks.
Mozilla Corp has released new security and stability updates for both versions of its Firefox browser and for its Internet application suite, SeaMonkey.
Users who already have Firefox 1.5.0.x or Firefox 2.0.0.x will receive an automated update notification.This update can also be applied manually by selecting “Check for Updates” from the Help menu.
Firefox 2.0.0.3 for Windows, English (5.7MB) Download Page
Other languages Download Page
I didn’t expect Creative to release fully functioning Drivers within the first quarter, but I did expect that when they made a non-beta driver available for download, it would be an improvement.
With that anticipation, today I installed Creative Sound Blaster Audigy series Vista Driver 2.12.0002. Finally I might have some resemblance of the sound experience Creative delivered for Microsoft’s XP Operating System.
Disappointed, I found little difference between the previous beta and the final product.
This download is a driver providing Microsoft® Windows® Vista 64-bit and Windows Vista 32-bit support for Creative Sound Blaster® Audigy® series audio devices. For more details, read the rest of this web release note.
Details
Perhaps when Creative decided to release unfinished drivers, it was because they felt the pressure from customers on their Product Boards.
The forum moderators do a good job under a lot of pressure, but it is not enough. The silence from Creative is deafening.
