McAfee claims to have “accidentally” patched a major vulnerability in their EPO management server agents.

“We did not realize that we had fixed a security vulnerability until eEye alerted us to the problem last week,” Viega said. “We were optimizing the system, not looking for security vulnerabilities.” The optimization included changing from storing data in files to storing it in memory, which removed the flaw, he said.

It’s bad enough when security vendors have vulnerabilities in their product. It’s even worse when they don’t realize there were fixing a flaw.

Of course the real irony is that eEye is a McAfee competitor. If only McAfee had a division that discovers vulnerabilities in applications… Oh wait, they do.

McAfee fixes flaw–without realizing it [ZDnet]

The Anti-Phishing Working Group just published their latest report on trends for this kind of threat. Among their findings:

• 89% of attacks are against financial institutions
• The number of unique Phishing sites rose to 11,121, the highest ever.
• 33% of phishing sites have some form of the taget name in the URL.

Worth a read if Phishing is a pain in your neck.

Phishing Activity Trends Report - April, 2006 (PDF) [Anti-Phishing Working Group]

The very useful and very free Site Advisor from McAfee has their list of most dangerous search terms:

Free Screensaver
Bearshare
Screensavers
Winmx
Limewire
Download Yahoo messenger
Lime wire
Free ringtones

Site Advisor has gone onto my “list of software I make sure is installed on my Mom’s computer.” You know what they say about an once of prevention.

Killer phrase will fill your PC with Spam [the Inquirer]

The Safety of Internet Search Terms [siteadvisor.com]

The rise of trojan rookits continues, this time in the form of some software distributed by popular poker site checkraised.com.

When RBCalc.exe is run, it silently drops four executable files into the user’s %SystemRoot%\system32 folder and executes them.

The purpose of the dropped executables is to collect login information for various online poker websites from the user’s computer and send them back to the malware author. In addition, the main malware component was protected by a rootkit driver that hid its process and launch point from registry.

What’s interesting is what we find on checkrasied website about this:

In December 2005 we contracted a programmer to create a rake calculator for us… It has recently come to our attention that early versions of this program that we received contained a virus that installs itself every time the user runs rbcalc. The virus goes undetected by Norton AntiVirus and Microsoft Defender, even to this day. This is why we never noticed it until a 3rd party contacted us about the malicious software.

Assuming that checkraised wasn’t a party to this, they staked their reputation on this software, and prominantly advertised it on their site. They had an obligation to verify what system changes are made when you install the application, and what network traffic the application generates. Relying on more than just Anti-Virus and Anti-Spyware is not ebough.

Even when the application just helps you play Texas Hold em, be careful who you trust to contract software for you. With the rise of programming-is-a-commodity sites like rentacoder and elance, the line of acountability starts to get very dotted.

How’s your poker face? [f-secure blog]

A new report [pdf] from Webroot declares a staggering 87% of PCs are infected with Spyware. This is just headline-grabbing fear-mongering at it’s worst.

It turns out that Webroot was counting “tracking cookies” as Spyware. We’re all familiar with this, every time you run most popular Ant-Spyware products, it alerts you to the dire warning of all the cookies installed on your machine.

Let’s set the record straight. Cookies may be a minor privacy risk, but the are not a significant security risk. Who decided cookies were Spyware anyway?

My prediction is in two years that the Ant-Spyware market will be dominated by the Ant-Virus vendors. The technology is basically the same. If the small players like Webroot want to compete they need to quit spouting falsehoods like this one, and start adding real value by making a better product.

Your Spycar Ran Over My Dogma [SecurityFix]

McAfee has an on-line quiz to see you can determine which site is safe and which one will install addware and spyware. It’s quick and revealing. I only got 4 of 8 right. (Mulligan: The one to the left is safe).

It’s from a spyware removal vendor, and it’s pushing their SiteAdvisor service, so take it all with a grain of salt. But SiteAdvisor is free, and is pretty useful for spotting malicious websites.

McAfee: SiteAdvisor Quiz