Mindblown: a blog about philosophy.

iDefense reports file-handling vulnerabilities. Security researchers at iDefense have released information on four separate bugs in the Sophos anti-virus engine, affecting most Sophos products. The bugs are in the handling of Petite and rar archives and chm files, and can be used to cause excessive resource usage and possible denial of service. The heap overflow,…

More phishing issues found, not a big problem says MS. A second bug was spotted late last week in Microsoft ‘s recently-released Internet Explorer 7 , which could allow malicious phishers to spoof the contents of the address bar, leading users to wrongly believe they are on a legitimate site. Since then, another more serious…

First case under spam laws brings hefty punishment. A company based in Western Australia has been charged A$4.5 million, with another A$1 million levied from its director, after a federal court convicted them under anti-spam laws. The fines total over $4 million US. Over a 12-month period commencing April 2004, when Australia’s 2003 spam regulations…

Financial reports differ widely between top security rivals. Profits reports for the third quarter of the year show Symantec struggling with disappointing sales in the European market, especially in Germany, and falling below profit expectations. The anti-virus section of the company’s business was singled out as a particularly slow performer. The security giant made just…

Microsoft frees up access to anti-spam framework. Microsoft has put the specifications for the Sender ID and Sender Policy Framework (SPF) email verification system under its ‘ Open Specification Promise ‘ (OSP), allowing open-source and other projects to integrate the framework without charge or hinderance. The Sender ID system ties email addresses to IP addresses,…

Microsoft anti-spyware product handed out free. After a lengthy beta period, Microsoft ‘s free anti-spyware product, renamed Windows Defender halfway through its beta cycle, has been given its official release. Originally simply entitled ‘ Windows AntiSpyware ‘, the product has been available for free trial as a beta since January 2005, and had its image…

Report names and shames insecure banking sites – again. A report from heise Security , following up on a previous study released a month ago, claims several UK banks are still using insecure login methods despite warnings issued in the earlier report. While some of the sites tested in the original survey have improved, several,…

Call for products issued for Windows XP x64 test. The latest round of VB 100% certification testing has been announced. The test will be run on the Windows XP Professional x64 Edition platform, with the submission deadline set for 1 November 2006. The test takes the form of a comparative review of all submitted products.…

AV firms, Apple and Secunia embroiled in MS spats. Operating system giant Microsoft is engaged on multiple fronts in a series of security-related PR battles. The longest running dispute, concerning access to the forthcoming Vista release of Windows , has become increasingly heated, as McAfee and Symantec , after lengthy lobbying for more information and…

Scanner software used to keep out rival malware. A trojan has been reported in the wild using a genuine AV engine to keep its victims’ machines free from other threats. This variant of the ‘SpamThru’ trojan uses a pirated version of Kaspersky ‘s KAV for Wingate product. As well as standard techniques to ensure it…