Google engineer posts sample code to show how to bypass DEP in Windows

"The disclosure of a new exploit technique that bypasses an important Windows security feature may result in more successful attacks against Microsoft’s newer operating systems, researchers said today.
Read more

Too many passwords?

"How many web sites do you log into? Your bank? Facebook, Myspace and any number of other social networking sites? Auction sites? Shopping sites? Maybe lots of others too. Every site, of course, requires you to create a password. And if the site is serious about security, it may even set certain rules. For example, it may insist that your password is at least eight characters, or must contain non-alpha-numeric characters, or must use at least one uppercase letter, etc.
Read more

Antivirus software often foxed by malicious URLs

"Many malicious URLs are now invisible to URL filters and antivirus software alike, a web security company has found after conducting its own tests.
Read more

Microsoft: Don’t press F1 key in Windows XP

"Microsoft told Windows XP users today not to press the F1 key when prompted by a Web site, as part of its reaction to an unpatched vulnerability that hackers could exploit to hijack PCs running Internet Explorer (IE). In a security advisory issued late Monday, Microsoft confirmed the unpatched bug in VBScript that Polish researcher Maurycy Prodeus had revealed Friday, offered more information on the flaw and provided some advice on how to protect PCs until a patch shipped.
Read more

Q and A: Malware analysis

"Greg Hoglund is the CEO and Founder of HBGary. He has been a pioneer in the area of software security. After writing one of the first network vulnerability scanners, he created and documented the first Windows NT-based rootkit, founding rootkit.com in the process. Greg went on to co-found Cenzic through which he orchestrated numerous innovations in the area of software fault injection. In this interview Greg discusses malware analysis.
Read more

Websites offered free anti-hijack scans

"Web admins and owners are being offered a free service that will scan their sites for malware hijacks, alerting them automatically if malicious code is found. The QualysGuard Malware Detection, launched as a beta this week, uses a combination of ‘static’ and behavioural analysis to take a closer look at web pages under a given domain, studying them for code irregularities that could spell trouble.
Read more

Microsoft investigates unpatched flaw that affects users running IE7 and IE8

"Microsoft on Sunday confirmed it’s investigating an unpatched bug in VBScript that hackers could exploit to plant malware on Windows XP machines running Internet Explorer (IE). The flaw could be used by attackers to inject malicious code onto victims’ PCs, said Maurycy Prodeus, the Polish security analyst with iSEC Security Research who revealed the vulnerability and posted attack code on Friday.
Read more

Microsoft says malware causing blue screen crashes

"A hard-to-detect rootkit may be causing Windows XP systems to crash following Microsoft’s latest security updates. Windows users began flooding Windows support forums this week, saying that their computers had been rendered unusable with a blue-screen-of-death (BSOD) error after installing Microsoft’s February security updates, released Tuesday. On Thursday, Microsoft stopped shipping the MS10-015 update, which had been linked to the issue, and said it was investigating.
Read more

Rogue antivirus program comes with tech support

In an effort to boost sales, sellers of a fake antivirus product known as Live PC Care are offering their victims live technical support. According to researchers at Symantec, once users have installed the program, they see a screen, falsely informing them that their PC is infected with several types of malware.
Read more

Chromium browser remixed as a security Dragon

"Windows security software vendor Comodo has added its contribution to the short list of Chromium-based browser remixes that have sprung up in the wake of Google Chrome’s success. Best known for its firewall software, Comodo’s Chromium browser is called Dragon, and it promises better security features than those available in Google Chrome. It is the first browser released by a security software company.
Read more