Microsoft, Amazon sue Canadian spammer
Microsoft and Amazon have filed a lawsuit against a Canadian company said to be responsible for using Amazon.com and Hotmail.com forged e-mail accounts. The two companies filed the joint lawsuit in Seattle against God Disk Canada of Kitchener, Ontario, Barry Head and his sons, Eric and Matthew Head, for illegal and deceptive spamming campaigns, particularly phishing schemes, according to several news reports. Microsoft already filed a lawsuit against Leo Radvinsky and his Activsoft and Cybertania businesses in Chicago for similar deceptive practices.
Hotmail users must pay now to access through Outlook, Outlook Express
Spammers have apparently found a way to exploit a free tool from Microsoft that allows Hotmail users to access their accounts through Outlook and Outlook Express. So, the company will now charge for the feature to try and stem the tide of individuals and companies using the WebDAV feature to relay unsolicited junk mail. An MSN project manager told WindowsITPro that only 5% to 10% of users had activated the feature once it was made available for free. The service will be phased out for free accounts, while Hotmail Extra Storage and MSN Premium subscribers can continue to receive or sign up for the service.
Waiting for major .jpg worm outbreak
The security community continues to lie in wait of the Next Big Thing: a successful worm capable of spreading quickly because of how it exploits a recent Microsoft graphics-oriented security flaw. Sightings of infected .jpg images have sprung up on newsgroups and security mailing lists since the release of exploit code that targets a flaw in the way Microsoft software handles graphics files. Experts believe embedded malicious code will spread simply by opening an image on unpatched machines, of which there are millions worldwide. One of the most recent findings, according to a CNET News.com report, is a Trojan horse discovered in two .jpg files, but the malcode doesn't replicate. Companies are urged to install a patch to address the vulnerability in Windows' Graphic Device Interface Plus that impacts an assortment of Microsoft products, including the popular Office suite. Windows XP sans SP2 and Windows Server also are vulnerable.
New Zealand phone system attacked by hacker
Phone system vendors Performance Solutions and GDC Communications are contacting hundreds of customers after a hacker reportedly breached the phone systems of dozens of Auckland firms, according to the New Zealand online news organization Stuff. The report said the hacker exploited a software "hole" for unused voicemail boxes and extensions that allowed the caller to set up his own mailbox and direct calls through it. "This issue … does not require software patches to remedy," the companies told Stuff. "The issue is the result of unconfigured mailboxes created but not yet configured by the user." The attacker also claimed he was able to gain access to existing mailboxes because of weak passwords.
United Nations warns of potential for nuclear cyberattack
SecurityFocus reports the United Nations is growing concerned about the potential for cyberattacks directed against nuclear facilities. The U.N.'s International Atomic Energy Agency (IAEA) said it is developing new guidelines to combat "the danger of computerized attacks by outside intruders or corrupt insiders," SecurityFocus said. The IAEA's new guidelines on "Security of Information Technology Related Equipment and Software Based Controls Against Malevolent Acts" are being finalized now, said the agency. The guidelines will not be made public.