A new security flaw discovered in Microsoft's Internet Explorer has the company and its customers losing much sleep

News broke in the security world earlier this week that a critical vulnerability had been found in Microsoft's Internet Explorer 7. The vulnerability could be used to take over computers and is known to be currently being used to steal passwords.

Rick Ferguson, a senior security adviser at security firm Trend Micro says thus far the hole has only been exploited to steal online game passwords, but the attacks could become much more serious for unpatched users. He states, "It is inevitable that it will be adapted by criminals. It's just a question of modifying the payload the trojan installs."

The seriousness of the flaw was evidenced by Microsoft's rather public announcement of the vulnerability and panicked rush to develop a patch. So-called "out-of-band" announcements from Microsoft are rare.

In this case it made such an announcement, stating in a press release, "Microsoft teams worldwide have been working around the clock to develop a security update to help protect our customers. Until the update is available, Microsoft strongly encourages customers to follow the Protect Your Computer Guidance at www.microsoft.com/protect, which includes activating the Automatic Update setting in Windows to ensure that they receive the update as soon as it is available."

Microsoft has announced that it will have a patch for the vulnerability by 1800 GMT on 17 December, available via Windows Update.

Posted by Justin Payton in Adware, Spyware and Trojans at 16:59

December 17, 2008 (Computerworld UK) A school in the U.K. has launched what it calls an "ethical" hacking course.

The International Correspondence School, which offers home learning, said the course will enable IT professionals to have a better understanding of hacking so that they can protect their own networks more effectively. It is available directly loaded onto an Apple iPod.

Key areas studied include how to scan, test, hack and secure systems, as well as intrusion detection, policy creation, social engineering, denial-of-service attacks, buffer overflows and virus creation.

The course is aimed at those already working in IT, and is expected to take six to 12 months to complete. It costs £1,799 (US$2,751) to take the studies, and is recognised by exam creator the EC Council.

Posted by Justin Payton in Adware, Spyware and Trojans at 12:09