Microsoft fixes 26 flaws with 11 patches; six are critical

Microsoft on Tuesday released its August 2008 security bulletin. Bulletins rated "critical" concern Microsoft Access 2003 and earlier; Microsoft Word 2002 and 2003; Microsoft Excel; and Microsoft Office 2000, Microsoft Office XP and Microsoft Office 2003. A cumulative patch for Internet Explorer also is rated critical.

"Important" bulletins affect Windows Internet Protocol Security (IPsec); Outlook Express and Windows Mail; Microsoft Windows Event System; Windows Messenger; and Microsoft PowerPoint. All Microsoft security patches for both Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.

MS08-041: Critical

Titled "Vulnerability in … Read more

Practice safe browsing with ZoneAlarm ForceField, and get it free (today only)

ZoneAlarm ForceField is a new security utility that promises bulletproof protection against browser-related threats. It normally sells for $29.95, but Check Point Software is offering it absolutely free, today only, as part of a Patch Tuesday promotion.

The software relies on a technique called "virtual browsing" to protect your PC against unauthorized downloads, malware installations, phishers, keyloggers, and the like. It also promises total privacy by erasing the (virtual) browser's cache, cookies, history, and passwords. According to Check Point, the program won't interfere with any existing security software you might already have.

I haven't … Read more

Google's Keyczar designed to make cryptography easier

Google on Tuesday announced Keyczar, an open-source project to help developers select and use safe cryptography in their applications.

Built on OpenSSL, PyCrypto, and the Java JCE libraries, Keyczar supports authentication and encryption with both symmetric and asymmetric keys. It simplifies some of the details by choosing safe defaults and automatically tagging outputs with key version information. Keyczar also provides a simple interface.

The project provides developers with a simple API, key rotation and versioning, and safe default algorithms, modes, and key lengths.

A "nongoals" page proclaims what Keyczar is not. For example, Keyczar is not designed to … Read more

Buzz Out Loud 785: Don't cross the Olympic streams

We tried to give NBC the benefit of the doubt when it comes to Olympic streaming, but then we tried it. And it's ridiculous. Also, we wonder if the iPhone makes you fat, even as it fattens Steve Jobs' wallet. We also discuss the technicalities of invisibility cloaks, and opt-out of Obama's aggressively hip Internet outreach campaign.

Listen now: Download today's podcast EPISODE 785

Defcon ends with researchers muzzled, viruses written

Judge orders halt to Defcon speech on subway card hacking

Apple hits 3 million … Read more

Thwart laptop theft

This simple executable will sound an alarm through your laptop's speakers when certain activities occur, helping to thwart laptop theft. Laptop Alarm's four-check-box interface takes seconds to set. An option pop-up is as easily set to control mouse sensitivity and set a program password.

Operating Laptop Alarm is a snap. Users merely run the executable and set the alarm to sound if the laptop loses power, the system is shut down or logged off, if the USB mouse is unplugged, or if the mouse moved. Testers found the program accurate with no false alarms. There's no method … Read more

CNET News Daily Podcast: Journalist-on-journalist hacking at Black Hat

In what's being regarded as a total breach of professional ethics, three reporters from Global Security Mag were removed from the Black Hat security conference in Las Vegas on Thursday after attempting to expose the username and passwords of two reporters in attendance, including a CNET News employee. The magazine was a co-sponsor of the event, but the three parties responsible were asked to leave and barred from all future events, including this weekend's DefCon. For more detail, see the accounts from CNET News' Elinor Mills and Robert Vamosi who are in Vegas now.

Listen now: Download today's podcastRead more

Column: Raising Cain at Black Hat

LAS VEGAS--On the second day of the Black Hat security conference, a trio of journalists turned on other journalists within the press room.

This was my ninth Black Hat in nine years, and I have lived in dread year after year that such a headline would affect me. On Thursday, CNET News was named as one of the two organizations "hacked," but I disagree that any such hack occurred.

Just before noon on Thursday, a trio of reporters from Global Security Mag sat in one of the two press rooms at Black Hat. Both rooms have a wired … Read more

Facebook's new worm turns your friends into enemies

Facebook has a worm. It was bound to happen: As the web increases in popularity, it was just a matter of time before security bad guys started targeting web applications in earnest. Recent research from IBM suggests that the pace of security vulnerabilities on the web is accelerating.

This particular worm on Facebook is highly insidious:

The worm spreads when a compromised user's account is used to send message to others with a title such as "LOL. You've been catched on hidden cam, yo:" and a link to a random URL. The linked website is a … Read more

Facebook responds to security warnings

Facebook security chief Max Kelly has assured members in a blog post that the social network is "fighting the good fight" when it comes to several malware attacks discovered on the site in recent days.

"We spent most of last night working on a fix for a worm, which was targeting people on Facebook and placing messages on walls urging users to view a video that pretends to be hosted on a Google or YouTube Web site," Kelly wrote. "Less than .002 percent of people on Facebook have been affected, all of whom we notified … Read more

Black Hat expels reporters in network snooping

Robert Vamosi of CNET News co-wrote this story.

Updated 10:30 p.m. with comment from Brami.

LAS VEGAS--Three journalists for a French security magazine were kicked out of the Black Hat security conference after they allegedly sniffed the press room computer network on Thursday.

The journalists work for Global Security Mag, which was a media sponsor of the event. Two of the men, Dominique Jouniot and Mauro Israel, could not be reached for comment.

The third, Marc Brami, director of the magazine, told CNET News later that he blamed Israel for the incident, which Brami described as "a … Read more