Secunia warns of another IE 7 flaw
For the second time in less than a week, Danish vulnerability clearinghouse Secunia is warning of a flaw in the newly-released Internet Explorer (IE) 7. In an advisory published Wednesday, Secunia said
"The problem is that it's possible to display a pop-up with a somewhat spoofed address bar where a number of special characters have been appended to the URL," Secunia said. "This makes it possible to only display a part of the address bar, which may trick users into performing certain unintended actions."
An anonymous researcher reported the flaw to Secunia, and the firm was able to confirm it on a machine running Windows XP SP2 and IE 7. Secunia's advisory includes a demonstration of the flaw.
Symantec recommended users mitigate the threat by avoiding links supplied by unknown sources.
Late last week, Secunia warned of another IE 7 flaw attackers could exploit to disclose sensitive information. Secunia said that flaw was caused by an error in how redirections for URLs with the "mhtml:" URI handler are processed.
Christopher Budd of the Microsoft Security Response Center disputed Secunia's claims on the first flaw in the organization's blog last week. The issue Secunia warned of is actually a flaw in Outlook Express, he said at the time.
Britain investigates Haxdoor assault
Detectives in the U.K. are investigating a significant data breach operation that has reportedly affected 8,500 Britons and people in about 60 other countries.
U.K. authorities say digital miscreants appear to have targeted 600 financial companies and banks. As part of the investigation, police have received several gigabytes from a server in the U.S., Charlie McMurdie, detective chief inspector for the Specialist Crime Directorate e-Crime Unit of the London Metropolitan Police, told the IDG News Service. Most of the data was related to financial information, McMurdie said.
The data was gathered by a prolific piece of malware named Haxdoor, which appears to have infected about 2,300 machines in Britain. Haxdoor was designed to disable firewalls and steal passwords, which it then sends to another e-mail address.
Florida man is charged with attacking Akamai
A Florida man has been charged in federal court with hacking into two computer systems as part of a scheme to establishing a botnet that ultimately launched a denial-of-service attack on computer servers managed by Akamai Technologies.
United States Attorney Michael J. Sullivan and Kenneth W. Kaiser, special agent in charge of the Federal Bureau of Investigation in New England, announced that John Bombard, 32, of Seminole, Fla., was charged with two counts of intentionally accessing a protected computer without authorization.
Akamai Technologies, headquartered in Cambridge, Mass., distributes online content and business processes over a network of computer servers. On June 15, 2004, Akamai suffered a significant increase in Web traffic to a number of its domain name system (DNS) servers. The increased traffic was caused by a distributed denial-of-service attack against the company.
Investigators allege that Bombard used a variant of the Gaobot worm to infect machines he could control remotely to launch the attack on Akamai.
BT Group to acquire Counterpane
(Reuters) Britain's BT Group said on Wednesday it had bought Counterpane Internet Security Inc., boosting its capability to advise its corporate customers in their battle against computer hackers.
The former UK telecoms monopoly said California-based Counterpane currently monitors 550 networks worldwide for multinational and Fortune 100 customers, and the deal would be earnings enhancing almost immediately with cost synergies.
It did not disclose the exact value of the deal, only saying it was in the "tens of millions of dollars." An industry source put the value at around $40 million.
BT said Counterpane, whose founder and Chief Technology Officer Bruce Schneier is mentioned in Dan Brown's blockbuster novel "The Da Vinci Code" as a leading cryptologist, had gross assets of $6.8 million at the end of 2004 and annual sales of around $20 million.
"While this is not a large transaction from a financial perspective, it is a very strategically important transaction to us," President of Strategy for Global Services Maggie McClelland said in a conference call.
The group said it was actively considering other similar acquisitions to boost its professional services business, a key business for its fastest-growing division, BT Global Services.
BT has been increasingly dependent on this division, which provides networked IT services to clients ranging from food group Unilever to Britain's National Health Service, to offset declining sales in its traditional fixed-line telecoms business.
"The acquisition of Counterpane strengthens BT Global Services' capabilities in the important Internet security space and also its U.S. capabilities," NCB said in a research note.
BT said Counterpane's founder Schneier would continue in his role, as would Chief Executive Paul Stich. BT plans to keep the company as a separate entity for the foreseeable future.