Wednesday, December 17, 2008

Emergency IE patch due today

On Wednesday, Microsoft will issue an emergency, out-of-cycle security bulletin for a critical flaw affecting all versions of Internet Explorer.

The bulletin is in response to a growing threat. Since the first week in December, the AZN Trojan has been exploiting a known flaw in IE. Visitors to infected Web sites could become infected with a Trojan horse that can download malware onto a user's system.

Microsoft normally issues patches on the second Tuesday of each month, "Patch Tuesday." But out-of-cycle patches are not without precedent. Recent examples include the flaw in how Windows handles remote procedure calls (RPC) in October,the Windows Animated Cursor Remote Code Execution Vulnerability in April 2007, a vulnerability in Vector Markup Language in September 2006, and a vulnerability in the Graphics Rendering Engine in January 2006.

The patch will be automatically distributed to Windows users with Automatic Updates enabled. The patch is also available via Microsoft Update or the individual bulletin for MS08-078 (available after 11 a.m.Pacific Wednesday).

Tuesday, December 16, 2008

Scams top predictions for ID theft in 2009

Real estate scams and credit card scams will top the ways ID thieves will attempt to steal personal information in 2009, warned the ID Theft Resource Center (ITRC) on Tuesday in its annual predictions for the upcoming year.

The center's Linda Foley said in a statement that as people find themselves strapped for cash and falling behind, they may become prey for opportunistic scam artists proposing relief. She recommends talking with your bank or mortgage company before talking to strangers. "Your home, while fully paid for, could even be entangled in a second mortgage without your knowledge."

With credit card scams, thieves might advertise the ability to get a new card even despite poor credit or lack of a Social Security number. The center warns of companies seeking to consolidate debts or renegotiate your interest rates. Again, talk to your credit card company or bank, not strangers.

Additionally the center warns of continued "targeted" attempts to steal person information. Thieves are using sophisticated means to mine personal data, including "skimming" credit cards by making duplicates of them at point of sale stations or using fake hardware at ATM machines.

Is there hope? The center points to the Red Flag Compliance Laws that will take effect in July 2009. These are a set of regulations that will help financial organizations audit their security programs. However, it is up to the organizations themselves to enforce the regulations.