News Digital Media's CareerOne online employment website has launched an internal investigation into how confidential client information accidentally become publicly accessible on the internet.

The material is part of CareerOne's customer relationship management database, described by the company as "old client information".

The details include comments about clients made by CareerOne account executives, some of which are highly unflattering. In one case, a client is referred to as a "retard" and in another a client is called a "lazy good for nothing".

Every file on the master page shows the "last modified" time and date as being at "00:45:52 GMT" on Monday, May 28, 2007, suggesting that they have appeared in this visible state for almost a month.

CareerOne was not aware of the security breach until this morning when they were informed. The web page was subsequently taken down.

View: Full Story
Source: SMH

Microsoft Windows Server 2003 Service Pack 2 (SP2) is a cumulative service pack that includes the latest updates and provides enhancements to security and stability. In addition, it adds new features and updates to existing Windows Server 2003 features and utilities.

Read the rest of this page »

As Internet access becomes vital to all business organizations, network security and privacy affects everyone. Comodo, a leading global provider of trust and assurance services for the Internet, provides the highest level of protection for networks and home users alike.

Comodo Firewall is one of the smartest firewalls you can ever see. While providing answers to firewall questions, users usually do not understand the complex questions which involve complicated connection details like IP addresses, Ports, Application paths etc.

Download: Comodo Firewall Pro v2.4.16.174 Final
View: Comodo Home Page
View: Screenshot
Source: In-House

Code that exploits a critical Windows vulnerability disclosed and patched last week has been posted to a public mailing list, raising the risk of an attack, security vendors said Wednesday. The exploit code, which appeared on the Bugtraq list Tuesday, targets a flaw in Windows’ Vector Markup Language rendering that was patched Jan. 9 in Microsoft’s monthly security update. VML, an extension of XML that defines Web images in vector graphics format, had been patched before this month; in September 2006, for example, Microsoft issued a fix outside its normally-scheduled cycle.

View: Full Story
Source: InformationWeek via MSFN

Using IE6 was “unsafe” 284 days last year even for users who patched their systems as soon as Microsoft released fixes. An analysis by the Washington Post’s Stuart Krebs revealed that exploit code for critical unpatched flaws in IE6 was available for three-quarters of the time last year.

Even worse, for at least 98 days last year no patches were available for flaws that were been actively exploited by hackers to steal personal data. Firefox users, by comparison, were exposed to critical, unpatched flaws that were actively exploited for just nine days last year. This single period of exposure compares to multiple overlapping periods of vulnerability faced by IE6 users.

View: Full Story
Source: The Register via Neowin

Acting very quickly, Google fixed the security hole on Jan. 1 after being notified of its existence on Dec. 30. According to reports online, however, the flaw was only partly corrected. The flaw can exploit, either via a website or by manually inserting code into a user’s web browser, users who have logged into Gmail, Blogger or other Google services with their Google accounts. An attacker could potentially send malicious messages with viruses or malware to people on an exposed contact list.

The vulnerability was discovered by 16-year-old Haochi Chen of Columbus, Ohio. He was tinkering with an undocumented feature of the Google Video service that allows a user to e-mail videos to anyone in their Gmail contact list. According to Chen, Google responded to his alert within 30 hours after he reported the flaw to them. Google patched the problem on Monday morning. According to ZDNet’s Googling Google blog, the vulnerability was “only partially fixed. The author of the blog, Garret Rogers wrote: “I recommend you log out of Gmail when you are not using it until the problems are solved.”

View: Googling Google
Source: CBC News

NOD32 Antivirus System provides well balanced, state-of-the-art protection against threats endangering your PC and enterprise systems running various platforms from Microsoft Windows 95 / 98 / ME / NT / 2000 / 2003 / XP, through a number of UNIX/Linux, Novell, MS DOS operating systems to Microsoft Exchange Server, Lotus Domino and other mail servers.

Viruses, worms, trojans and other malware are kept out of striking distance of your valuable data. Advanced detection methods implemented in the software even provide protection against the future threats from most of the new worms and viruses. The fourth generation of the NOD32 Antivirus System features a fully integrated software suite characterized by an unprecedented detection track record, the fastest scanning rates and extremely low utilization of system resources.

Download: NOD32 v2.70.23 (Shareware)
View: NOD32 Homepage

NOD32 Antivirus System provides well balanced, state-of-the-art protection against threats endangering your PC and enterprise systems running various platforms from Microsoft Windows 95 / 98 / ME / NT / 2000 / 2003 / XP, through a number of UNIX/Linux, Novell, MS DOS operating systems to Microsoft Exchange Server, Lotus Domino and other mail servers.

Viruses, worms, trojans and other malware are kept out of striking distance of your valuable data. Advanced detection methods implemented in the software even provide protection against the future threats from most of the new worms and viruses. The fourth generation of the NOD32 Antivirus System features a fully integrated software suite characterized by an unprecedented detection track record, the fastest scanning rates and extremely low utilization of system resources.

This release introduces the following major changes:
- Support for Microsoft Windows Vista (32-bit and 64-bit)
- Enhanced rootkit detection and removal (Anti-Stealth)
- Improved classification of spyware and adware
- Improved removal of malware

Download: NOD32 v2.70.16 Final (Shareware)
View: NOD32 Homepage

A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an error in the handling of redirections for URLs with the “mhtml:” URI handler. This can be exploited to access documents served from another web site.

Secunia has confirmed the vulnerability on a fully patched system with Internet Explorer 7.0 and Microsoft Windows XP SP2. Other versions may also be affected. Secunia has constructed a test, which is available here.

Solution: Disable active scripting support.

View: Test your browser
Source: Secunia via MSFN

Virus.gr tested quite a few different software companies to see how they would stack up against each other. How did the 147,000+ virus test pan out? Here are the results (the ones in bold are the ones I expected to do good):

1. Kaspersky version 6.0.0.303 - 99.62%
2. Active Virus Shield by AOL version 6.0.0.299 - 99.62%
3. F-Secure 2006 version 6.12.90 - 96.86%
4. BitDefender Professional version 9 - 96.63%
5. CyberScrub version 1.0 - 95.98%
6. eScan version 8.0.671.1 - 95.82%
7. BitDefender freeware version 8.0.202 - 95.57%
8. BullGuard version 6.1 - 95.57%
9. AntiVir Premium version 7.01.01.02 - 95.45%
10. Nod32 version 2.51.30 - 95.14%
11. AntiVir Classic version 7.01.01.02 - 94.26%
12. ViruScape 2006 version 1.02.0935.0137 - 93.87%
13. McAfee version 10.0.27 - 93.03%
14. McAfee Enterprise version 8.0.0 - 91.76%
15. F-Prot version 6.0.4.3 beta - 87.88%
16. Avast Professional version 4.7.871 - 87.46%
17. Avast freeware version 4.7.871 - 87.46%
18. Dr. Web version 4.33.2 - 86.03%
19. Norman version 5.90.23 - 85.65%
20. F-Prot version 3.16f - 85.14%
21. ArcaVir 2006 - 83.44%
22. Norton Professional 2006 - 83.18%
23. AVG Professional version 7.1.405 - 82.82%
24. AVG freeware version 7.1.405 - 82.82%
25. Panda 2007 version 2.00.01 - 82.23%
26. Virus Chaser version 5.0a - 81.47%
27. PC-Cillin 2006 version 14.10.1051 - 80.90%
28. VBA32 version 3.11.0 - 79.12%
29. ViRobot Expert version 4.0 - 76.22%
30. UNA version 1.83 - 75.44%

I expected NOD32, Avast, and AVG to perform a little better than they did but NOD32 and AVG definitely fought back at the heuristic testing. Heuristic testing is extremely important because that is what gives an Antivirus the ability to catch a virus even it is not in the database.

Read the rest of this page »