today in the news

[Paul Vixie <paul () vix com>]

http://www.mg.co.za/articlePage.aspx?articleid=275381&area=/insight/insight_tech/

        A chain is only as strong as its weakest link. That's doubly true when
        it comes to protecting computers that are connected to the
        internet. Anyone who thinks that a virtual firewall is enough to
        protect a PC from the dangers of the internet -- such as hacker
        attacks and unwanted contact with damaging programs -- is making a
        mistake.

---

http://stopbadware.org/reports/reportdisplay?reportname=aol082706

        In our preliminary findings, we find that AOL 9.0 (free version) is
        currently badware because it installs additional software without
        telling the user, it forces the user to take certain actions, it adds
        various components to Internet Explorer and the taskbar without
        disclosure, it may automatically update without the user's consent,
        and it fails to uninstall completely.

        We currently recommend that users do not install the version of AOL
        software that we tested, unless the user is comfortable with the level
        of risk we identify or until the application is updated consistent
        with the recommendations in this report.

---

http://www.osnews.com/story.php?news_id=15646

        A landmark study on Department of Justice network crime prosecutions
        reveals most attacks used stolen IDs and passwords, resulting in far
        greater damages to affected organizations than previously thought: up
        to USD 10 million per occurrence and on average more than USD 1.5
        million per occurrence. The report, "Network Attacks: Analysis of
        Department of Justice Prosecutions 1999-2006", concludes that 84% of
        attacks could have been prevented if, in addition to checking the user
        ID and password, the organization had verified the identity of the
        computer connecting to their networks and accounts.

---

http://www.betanews.com/article/Yahoo_Adds_Login_Phishing_Protection/1156354790

        In an effort to curb the influx of phishing scams that attempt to fool
        users into logging onto a illegitimate Web site, Yahoo is now enabling
        its users to customize their sign in box with a personal seal. The
        idea is that users would spot the graphic and know they are truly on
        Yahoo and not some malicious site.

        A number of banks including Bank of America have taken a similar
        approach with their authentication methods. Yahoo users can either
        upload an image or select a line of text that would appear only to
        them. However, because the feature utilizes cookies, it does not work
        on public computers and deleting the cookie would reset the login box
        to normal.

---

http://www.betanews.com/article/Firefox_Extension_Promises_Private_P2P/1156452762

        AllPeers released a beta Thursday of what it called the most ambitious
        Firefox extension to date, a peer-to-peer application that would allow
        friends and family to share files and content between one another in a
        private setting.

        Unlike the major P2P networks, AllPeers allows the sharing of files
        securely and privately.

---

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.