BankAsh Trojan the first to go after Microsoft AntiSpyware -- still in beta
Sophos reports a new Trojan horse designed to steal online banking passwords from Windows users by disabling the beta version of Microsoft Antispyware, thereby suppressing warning messages that a computer's infected. Meantime, BankAsh-A deletes all files stored within AntiSpyware's program folder. In addition, the malware appears to target online banks, including Barclays, Cahoot, Halifax, HSBC, Lloyds TSB, Nationwide, NatWest and Smile. Sophos senior security analyst Gregg Mastoras said BankAsh appears to be the first of many attacks to disable Microsoft AntiSpyware. "When Microsoft's product is officially released and adopted by the consumer market, we can likely expect to see an increase in attempts by Trojan horses, viruses and worms to try and undermine its effectiveness," he said in a news release.
Customers express relief at HP CEO's departure
Some of Hewlett-Packard Co.'s customers are not at all sorry to see changes at the top of the company that makes many of the servers that they use to run their Windows systems, reports SearchWinSystems.com. Customers have expressed their frustration with the Palo-Alto, Calif.-based HP since its merger with Compaq in 2001. The company's decision to replace its high profile chairman and CEO Carleton "Carly" Fiorina on Wednesday could be construed as a sign of hope that perhaps the business will begin to turn around. Fiorina was forced to resign over strategic differences with HP's board of directors, news reports said. Chief financial officer Robert Wayman was named interim CEO and Patricia Dunn, an HP director, was named non-executive chairman of the board. Both changes were effective immediately. "Personally, I see this as a good thing," said Paul Edwards, a Windows administrator at PHH Corp., a Mt. Laurel, N.J., transportation fleet management company. "We've been using Compaq products for years, and since HP got into the mix, we've seen a serious decline in quality of the hardware."
NIST gets stronger hash
The National Institute of Standards and Technology will soon begin phasing out the SHA-1 cryptographic hash in favor of stronger ones like SHA-256 and SHA-512, according to Federal Computer Weekly. That report says the change will affect digital signatures, as well as many other federal cryptographic functions that use hashes. Though many have criticized the strength of SHA-1, government officials say no complete implementation of the SHA-1 function has been successfully attacked. The transition to stronger hashes is expected to take place slowly over the next several years.
New IM client is 4,096-bit encrypted
BlowSearch.com, a Brooklyn, N.Y.-based provider of Internet search tools, last week launched the BlowSearch Secured Messenger, a Windows-based messaging program that it said encrypts information for secure online conversations. According to the release, it uses 4,096-bit random public-private key technology in conjunction with other advanced encryption layers and can transfer files between different users -- even those behind a proxy firewall -- through the use of its server assisted file transfers. It's available for download at bsm.blowsearch.com in both paid and free versions.