Slashdot

CWmike writes "Microsoft said it will deliver its largest-ever number of security updates on Tuesday to fix 13 flaws in every version of Windows, as well as Internet Explorer (IE), Office, SQL Server, important developer tools and Forefront Security client software. Among the updates will be the first for the final, or release to manufacturing, code of Windows 7, Microsoft's newest operating system. The 13 updates slated for next week, eight of them pegged 'critical,' beat the previous record of 12 updates shipped in February 2007 and again in October 2008." Update Reader Kurt Seifried writes to correct the math a bit, pointing to Microsoft's Advance Notification page for the release, which says that rather than 13 flaws, this Patch Tuesday involves "13 bulletins (eight critical and five important), addressing 34 vulnerabilities ... Most of these updates require a restart so please factor that into your deployment planning."

thadmiller writes "Comcast is launching a trial on Thursday of a new automated service that will warn broadband customers of possible virus infections if the computers are behaving as if they have been compromised by malware. For instance, a significant overnight spike in traffic being sent from a particular Internet Protocol address could signal that a computer is infected with a virus, taking control of the system and using it to send spam as part of a botnet." Update: Jason Livingood of Comcast's Internet Systems Engineering group sent to Dave Farber's "Interesting People" mailing list a more detailed explanation of what this trial will involve.

darthcamaro writes "Windows isn't the only piece of Microsoft technology that hackers are attacking anymore. During a presentation at the SecTor security conference in Toronto, a Facetime security researcher revealed numerous methods by which Xbox users are being hacked today. 'Though the Xbox doesn't have the number one market share, it is the top target for hackers,' Boyd said. 'Xbox Live has 17 million plus subscribers, and that service requires payment.'"

alphadogg writes "Researchers at the University of Washington think it's finally time to start paying some serious attention to the question of robot security. Not because they think robots are about to go all Terminator on us, but because the robots can already be used to spy on us and vandalize our homes. In a paper published Thursday the researchers took a close look at three test robots: the Erector Spykee, and WowWee's RoboSapien and Rovio. They found that security is pretty much an afterthought in the current crop of robotic devices. 'We were shocked at how easy it was to actually compromise some of these robots,' said Tadayoshi Kohno, a University of Washington assistant professor, who co-authored the paper."

nk497 writes "The FBI and Egyptian authorities have arrested 100 people in what they're calling 'the largest international phishing case ever conducted' as part of a wide-scale investigation called Operation Phish Phry. The criminals used phishing to get access to hundreds of bank accounts, stealing $1.5 million. 'This international phishing ring had a significant impact on two banks and caused huge headaches for hundreds, perhaps thousands of bank customers,' said Acting US Attorney George S. Cardona."

angry tapir writes "The head of the US Federal Bureau of Investigation has stopped banking online after nearly falling for a phishing attempt. FBI Director Robert Mueller said he recently came 'just a few clicks away from falling into a classic Internet phishing scam' after receiving an e-mail that appeared to be from his bank."

An anonymous reader writes "Help Net Security is running an interview with Rafal Rohozinski, a founder and principal investigator of the OpenNet Initiative, which investigates, exposes and analyzes Internet filtering and surveillance practices all over the world. Rafal provides insight on the process of assessing the state of surveillance and filtering in a particular country and discusses differences related to these issues in several regions, touching especially the United States and Europe. In the US, censorship is more difficult to implement if for no other reason than the court systems offer greater protections for freedom of speech. However, in both places surveillance is on the rise particularly as law-enforcement agencies become more adept at working in the cyber domain."

samzenpus writes "A 27-year-old man serving six years for stealing £6.5million using forged credit cards over the internet was recruited to help write code needed for the installation of an internal prison TV station. He was left unguarded with unfettered access to the system and produced results that anyone but prison officials could have guessed. He installed a series of passwords on all the machines, shutting down the entire prison computer system. A prison source said, 'It's unbelievable that a criminal convicted of cyber-crime was allowed uncontrolled access to the hard drive. He set up such an elaborate array of passwords it took a specialist company to get it working.'"

Zarrot writes "If Sony's recent 3.00 PS3 firmware update bricked your console, you may now have legal recourse thanks to a class action suit against Sony. The complaint alleges that thousands of users (PDF) were affected by the update, and in some cases the PS3 hardware itself was damaged. It continues, 'For owners who sustained hardware damage from the Sony-required update, Sony is charging a $150 repair fee per unit. Sony, responding to the numerous complaints about the unacceptable effects of the defective update, released a further, optional update that it claimed "improves system stability" — yet performance problems continued, and the new update did nothing to remedy the systems of users who sustained hardware damage."'"

nandemoari writes "It seems as if the massive phishing campaign reported yesterday was not specific to Hotmail, as was initially believed. According to a report by the BBC, many Gmail and Yahoo Mail accounts have also been compromised. Earthlink, Comcast, and AOL were also affected. While the source of the latest attacks has not been determined, many are pointing to the same bug that claimed at least 10,000 passwords from Microsoft Windows Live Hotmail. Microsoft has done their part in blocking all known hijacked Hotmail accounts and created tools to help users who had lost control of their email. An analysis of the data from Hotmail showed the most common password among the compromised accounts to be '12345.' On their end, Google responded to the attacks by forcing password resets on the affected accounts."