MS07-017: Vulnerabilities in GDI Could Allow Remote Code Execution (925902)   03 Apr 2007 08:00 GMT
Bulletin Severity Rating:Critical - This update resolves several newly discovered, publicly disclosed and privately reported vulnerabilities as well as additional issues discovered through internal investigations. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Source: TechNet

FCC imposes rules to prevent pretexting   03 Apr 2007 00:43 GMT
Commission issues order listing new regulations phone companies must follow to protect subscribers' call records and other personal data.
Source: ZDNet

EU official: Now isn't time for RFID regulations   02 Apr 2007 22:38 GMT
European Commission won't levy stiff rules on radio frequency ID tags now. But bureaucrats promise to do so later if they smell privacy concerns.
Source: ZDNet

TJX card problem flags retail ID theft risk   02 Apr 2007 14:53 GMT
Retailers' "unique vulnerabilities" from use of older technologies add significantly to potential for fraud, experts say.
Source: ZDNet

Windows animated cursor flaw--150 sites infected   02 Apr 2007 13:30 GMT
There's a new Microsoft Windows vulnerability being exploited across the Internet on over 150 Web sites. Here's what to do about it.
Source: ZDNet

Radio Shack may have tossed 'thousands' of customer records into dumpster   02 Apr 2007 13:00 GMT
Radio Shack is accused of dumping "thousands" of customer records, including names, addresses, Social Security numbers, and credit-card data, into a dumpster behind a store in Corpus Christi, Texas last month.
Source: Computerworld

Blogger posts Windows Vista SP1 fixes on Web site   02 Apr 2007 13:00 GMT
The owner of the Hotfix blof has posted over 100 fixes he says he received from someone close to Microsoft who has access to the collection, expected to be released in the latter half of 2007. If the information's legit, where are the security patches?
Source: Computerworld

JavaScript botnet code escapes ShmooCon, leaks to Web   02 Apr 2007 13:00 GMT
A fast-typing attendee at last month's ShmooCon spotted a URL during a presentation for code that could be used to turn a Web browser into an unwitting hacker's tool. In a burst of enthusiasm, he posted what he saw -- and now the code's roaming the Internet.
Source: Computerworld

FAQ: Here's the scoop on the Windows animated cursor bug   02 Apr 2007 13:00 GMT
The flaw in Windows' animated cursors picked up enough steam over the weekend for Microsoft to announce the release of a patch for the bug out of its regular monthly cycle. Here's what you need to know about the vulnerability.
Source: Computerworld

EEye adds antivirus to free consumer security suite   02 Apr 2007 13:00 GMT
EEye Digital Security has added antivirus defenses to its free Blink Personal Internet Security suite for consumers and home-office users.
Source: Computerworld