| |
May 8, 2003
|
 |
Microsoft: A separate look for security
The software giant plans to visually alter document or application windows that contain private information that's secured through Microsoft's Next-Generation Secure Computing Base (NGSCB), formerly known as Palladium. Secure windows will look different than regular, unsecured windows in order to remind users that they are looking at confidential material, Peter Biddle, product unit manager for Microsoft, said Thursday at the Windows Hardware Engineering Conference (WinHEC) here.
"We know that users need to be able to tell the difference between a trusted window and a regular one," Biddle said. "The window (will be) noticeably different."
People will likely customize the secure pages, which will help prevent "spoof attacks," where hackers plant a fraudulent Web page on a PC screen that looks, but isn't, a file from a person's doctor or accountant, for example.
|
|
|
New Flaw Found in Windows Media Player
There is a new vulnerability in the ubiquitous Windows Media Player that could enable an attacker to execute code on the machine of a user who downloads a skin for the player.
When users download new skins-or user interfaces-for the Windows Media Player, the files are automatically saved to the player's "Skins" file folder. As protection against some attacks, WMP introduces a random element into the name of the file so that attackers can't guess the exact name of downloaded skins. However, it's possible to get around this measure by inserting a specific character into the URL of the skin.
This flaw allows an attacker to choose the exact download location of the skin, or alternately, a malicious file disguised as a skin. The most likely scenarios for exploiting this vulnerability are an attacker building a Web page specifically designed to carry such malicious files and either luring visitors to the site or sending them the link an HTML mail message.
|
|
|
Sex predator strangled girl of 13 he met on internet
A man who met a girl aged 13 on the internet and then strangled her while they had sex in his car has been given a 30-year jail sentence
Saul Dos Reis, 25, a restaurant worker from Connecticut, pleaded guilty in March to manslaughter and sexual assault charges in a case that spread fear among parents of young teenagers all across America who may be tempted into sexual liaisons with people they meet through chat rooms on the Web.
At a sentencing hearing in Danbury, Connecticut, Judge Patrick Connoll sentenced Dos Reis to 30 years, the maximum possible penalty. He delivered the harsh punishment in spite of repeated apologies from the defendant on the stand.
|
|
|
|
