Computer Security Blog

After the March 2005 attack when hackers gained access to over one million debit or credit card accounts, DSW Inc. has agreed to a settlement with the Federal Trade Commission.

In the details of the settlement that was reached, DSW Inc. has agreed to implement new computer security features, and to be audited every twenty years from a private security firm in a ruling by the FTC.

In March, hackers were able to gain access to approximately three months of personal data resulting in some fraudulent charges to credit or debit cards.

For more information on the unsecure business practices that led to the FTC's ruling click here.

Bruce Bigelow of the Union Tribune reported how a hacker gained accessed to personal computer files of students and staff at the University of San Diego. The information that the hacker accessed included confidential information such as social security numbers and home addresses.

Faculty and students were notified via a letter on Wednesday, after a breach in the computer’s security was discovered on November 14. According to Bigelow, the letter that was mailed failed to give any information on the security breach, or ways in which those affected could further protect themselves.

This is the first time a hacker has been able to access information at the University of San Diego. A similar computer security breach occurred at the University of California San Diego last year. However, some 380000 people were affected. The full details of the article is available here.

At the Computer Electronics Show in Las Vegas, Bill Gates released information about his new Windows Vista operating system. The main focus of this software is security, media, and data transfer.

Microsoft Vista is scheduled to be release at the end of this year, really has caught the eye of computer enthusiasts with the new improvements that Microsoft has made.

The Vista computer software is interesting and something to look forward to, because it would feature improve searches for any type of digital media, as well as give any PC in the house the ability to play digital content. According to analyst, Nitin Gupta, the Vista software must have the increased computer security that Windows XP is lacking.

With numerous amount of cybercrime that is available, it is important for people to remain vigilant about computer security.

Last year as declared as one of the worst years for security breaches, giving the appearance that hacks or accessed computer data was occurring weekly. It is estimated that over 55 million people were affected by at least 130 security breaches.

However, it is not likely to improve with the decrease in the National Cyber Security Division’s budget for the Department of Homeland Security.

With so many of the big companies suffering security breaches, consumers must be vigilant in protecting themselves. Practices such as reciting your social security number to a sales teller at the checkout line puts you at risk. Consumers can help themselves by continually checking their credit reports for suspicious activity or carrying only the main cards that they need. It is also recommended that payments be mailed at the post office, and do not give you social security or credit card numbers to people who call you.

Instead of leaving its customers with a software security breach, Microsoft rushed to release its WMF patch ahead of the scheduled Jan 10th release.

Previously Microsoft had stated that it would not release a patch until it had thoroughly tested it and not before the security updates is scheduled to be released.

However, within the past 24 hours, two other websites have published unauthorized patches for the WMF security breach. Even though Microsoft was not going to release a security breach sooner, it notified its customers not to install the unauthorized patch, and instead disable the dll file.

Throughout this whole ordeal Microsoft has received heavy criticism, and responded by releasing the WMF patch today. However, Microsoft stated that it would still release other security updates for their regular January 10th timeframe.

It seems that since the vulnerability in WMF files has been discovered, Microsoft has been working to create and release a patch to this problem. However the patch will not be released until Jan 10th when the company has fully tested it.

Many security analysts have complained that this is too long a time to wait to receive a patch, however Microsoft contends that the patch must be thoroughly tested before they release it.

The flaw in Microsoft Windows affects all versions and when someone clicks a link containing the an image file either from a website or in an email attachments, the virus is released causing the computer to shutdown.

Computer security giant Symantec announced today that it has acquired the holdings within the instant messaging company IMLogic.

Instant messaging is become extremely popular with the release of many of the current IM software offering VoIP capabilities, however IM software is extremely vulnerable to attacks and hackers. As evident by Microsoft’s latest virus threat.

The acquisition of IMLogic by Symantec will help “many companies secure and store instant-messaging traffic by employees”. IMLogic also released statistics today that security threats to IM software saw an increase of 826% between now and last year. Many of the threats were against Microsoft (48%) and AOL (41%).

On Friday, Microsoft issued a security advisory detailing that a breach in security had been found in its graphics-rendering engine.

Using this security breach, a hacker can assume command of a computer by getting the computer user to go to a website and click on a link there. When the computer user clicks on the link, he or she will download specially coded image files.

The user thinks he is downloading regular jpeg or gif files, however these files that have been saved with in WMF format will allow the hacker to gain access to passwords and other sensitive information.

Microsoft has posted a temporary solution outlining that computer users should disable Windows Picture and Fax Viewer until an update or patch is released.

If you use the popular software MSN Messenger and think you might be cheating Microsoft by getting a sneak peak of MSN Messenger Version 8, in the end you will not be the one laughing.

The F-secure computer security firm has warned that the Virkel virus is making its rounds through Microsoft MSN Messenger users who believe they are going to install Msn Messenger Version 8. However, there is no MSN Messenger Version 8 that exists, and instead clicking the link will only cause the virus to be installed.

After the virus is installed, stated computer security experts, it will send emails to all of the people in the infected person’s contact list telling them where they can download their own copy to install. The virus is contained within the file Beta8webinstall.exe. The next version of MSN Messenger is not called version 8, but instead entitled “Windows Live Messenger”.