NSA offers Vista installation tips   10 Jan 2007 02:09 GMT
Spy agency provided input for a Microsoft document with tips on how to use the operating system securely in larger organizations.
Source: ZDNet

Microsoft leaves Word zero-day holes unpatched   09 Jan 2007 22:06 GMT
Software giant releases fixes for vulnerabilities in Windows and Office, but several known Word zero-day flaws go without patches.
Source: ZDNet

TSA set to issue smart card IDs to port workers   09 Jan 2007 14:00 GMT
The Transportation Security Administration appears to be ready to start issuing smart card credentials to port workers in March, despite a GAO recommendation that the rollout be postponed.
Source: Computerworld

Germany checks 22 million cards for child porn payments   09 Jan 2007 14:00 GMT
German credit-card companies are working with police in that country to scan the records of over 22 million customers, looking for anyone who might have used their plastic to purchase child pornography. So far 322 customers have drawn suspicion.
Source: Computerworld

Researchers: Hack will help kill HD DVD copy protection   09 Jan 2007 12:33 GMT
The recently released BackupHDDVD software doesn't crack AACS, but according to Princeton researchers it's the first step toward making that encryption standard obsolete.
Source: Computerworld

Experts: Vendors need to reach DRM consensus   09 Jan 2007 11:32 GMT
The long-running debate over digital rights management is due for either industry consensus or a showdown, said experts at this week's Consumer Electronics Show.
Source: Computerworld

Wi-Fi concerns prompt new security laws   09 Jan 2007 11:32 GMT
Concerns over piggybacking and unauthorized use of others' Wi-Fi hotspots have prompted new laws in New York and California.
Source: Computerworld

Sophos seeks to stand between harmful sites, surfers   09 Jan 2007 10:31 GMT
A hardware appliance introduced by Sophos Monday promises to block end-user access to sites known to be malware infectors, and can be configured to enforce banned-site lists.
Source: Computerworld

MS07-004: Vulnerability in Vector Markup Language Could Allow Remote Code Execution (929969)   09 Jan 2007 08:00 GMT
Bulletin Severity Rating:Critical - A remote code execution vulnerability exists in the Vector Markup Language (VML) implementation in Microsoft Windows. This update resolves a public vulnerability as well as additional issues discovered through internal investigations. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Source: TechNet

MS07-003: Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938)   09 Jan 2007 08:00 GMT
Bulletin Severity Rating:Critical - This update addresses several newly discovered, privately and publicly reported vulnerabilities. The vulnerabilities are documented in the “Vulnerability Details” section of this bulletin. When using vulnerable versions of Office, if a user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Source: TechNet