J.LeP wrote:Please, someone prove me wrong but methinks this be an April Fools hoax. I googled the University and came up blank. Plus, check the link it's to "rashmagazine," not the BBC page you get from the link.
PLEASE, PROVE ME WRONG, PLEASE
That thought crossed my mind too...I didn't read it...but here's the info on the fake BBC links....something clicked when you said rash magazine..and I remember reading something from a geek friend of mine...
Latest Web Scam Uses BBC News as Bait Tim Willert, newsfactor.com
Fri Mar 31, 7:00 PM ET
Bogus e-mails containing real BBC News stories are tricking PC users into visiting a fake Web site that installs password-stealing software onto their computers. The e-mails are exploiting a newly discovered flaw in Microsoft's Internet Explorer browser, according to Websense Security Labs, a San Diego-based company that uncovered the problem on Thursday.
The messages outlined in the alert contain excerpts from actual BBC stories and provide a link to "Read More." Users who click on the link are taken to a site that features a full copy of the BBC story from the e-mail.
But accessing the Web site triggers the installation of a keylogger, a type of program that monitors keystrokes to steal private information. People who have unwittingly downloaded a keylogger might type in their user names, passwords, and credit card numbers, as usual, unaware that the spyware is sending this information back to a criminal.
"This is a pretty important discovery because there could be a lot of people who could be affected by it," said Ronnie Manning, a Websense spokesperson. It was unclear late Friday how many computers had been compromised by the e-mail scam.
Spoof Pages
Both Microsoft and the BBC advised people not to follow the link.
"We have had people creating spoof pages of our site before," Steve Herrmann, editor of the BBC News Web site, said Friday in a published statement. "But using them in this way to attack people's online security is particularly troubling to us and a cause for serious concern."
The latest alert comes on the heels of other reports detailing vulnerabilities in Internet Explorer 6. Last week, Microsoft and security authorities warned of a critical, unpatched script vulnerability in the browser that could allow a hacker to take complete control of a Windows PC.
Microsoft said it continues to monitor the problems with the help of law enforcement, and is completing development of a cumulative security update for Internet Explorer that is scheduled to be released on April 11.
While the flaw related to the BBC news scam remains unpatched, security vendor eEye Digital Security has created a temporary patch for the script vulnerability.
Microsoft has not certified the eEye patch, and the security firm is calling its fix a stopgap until the official patch is released. "In fact, eEye has engineered the patch to automatically remove itself when Microsoft's official patch comes through," said Marc Maiffret, eEye's cofounder and chief hacking officer.
Browser Bummers
Microsoft's custom is to release all security patches on the second Tuesday of every month. That means that PC users have to wait if a so-called "zero day" vulnerability -- a problem for which there is no available patch -- hits.
In response to feedback from customers requesting a better way to alert Microsoft to problems, the software giant has created an online database to collect information on potential bugs found in the beta version of Internet Explorer 7.
Paul Stamp, an analyst at the consulting company Forrester Research, said that given the ongoing problems associated with Internet Explorer, Microsoft needs a forum for user feedback.
"Browsers are so complex now that there are more bases to cover," Stamp said. "And because Microsoft went years before taking a proactive approach to Explorer bugs, there will be more flaws cropping up."
While the database will not help solve current issues associated with Internet Explorer 6, it represents another step in Microsoft's efforts to improve the security of its software
"I know it's a shabby old building but after all ain't we God's children
And Lord it's a good place for hangin' out .."
J.LeP wrote:Please, someone prove me wrong but methinks this be an April Fools hoax. I googled the University and came up blank. Plus, check the link it's to "rashmagazine," not the BBC page you get from the link.
PLEASE, PROVE ME WRONG, PLEASE
That thought crossed my mind too...I didn't read it...but here's the info on the fake BBC links....something clicked when you said rash magazine..and I remember reading something from a geek friend of mine...
Latest Web Scam Uses BBC News as Bait Tim Willert, newsfactor.com
Fri Mar 31, 7:00 PM ET
Bogus e-mails containing real BBC News stories are tricking PC users into visiting a fake Web site that installs password-stealing software onto their computers. The e-mails are exploiting a newly discovered flaw in Microsoft's Internet Explorer browser, according to Websense Security Labs, a San Diego-based company that uncovered the problem on Thursday.
The messages outlined in the alert contain excerpts from actual BBC stories and provide a link to "Read More." Users who click on the link are taken to a site that features a full copy of the BBC story from the e-mail.
But accessing the Web site triggers the installation of a keylogger, a type of program that monitors keystrokes to steal private information. People who have unwittingly downloaded a keylogger might type in their user names, passwords, and credit card numbers, as usual, unaware that the spyware is sending this information back to a criminal.
"This is a pretty important discovery because there could be a lot of people who could be affected by it," said Ronnie Manning, a Websense spokesperson. It was unclear late Friday how many computers had been compromised by the e-mail scam.
Spoof Pages
Both Microsoft and the BBC advised people not to follow the link.
"We have had people creating spoof pages of our site before," Steve Herrmann, editor of the BBC News Web site, said Friday in a published statement. "But using them in this way to attack people's online security is particularly troubling to us and a cause for serious concern."
The latest alert comes on the heels of other reports detailing vulnerabilities in Internet Explorer 6. Last week, Microsoft and security authorities warned of a critical, unpatched script vulnerability in the browser that could allow a hacker to take complete control of a Windows PC.
Microsoft said it continues to monitor the problems with the help of law enforcement, and is completing development of a cumulative security update for Internet Explorer that is scheduled to be released on April 11.
While the flaw related to the BBC news scam remains unpatched, security vendor eEye Digital Security has created a temporary patch for the script vulnerability.
Microsoft has not certified the eEye patch, and the security firm is calling its fix a stopgap until the official patch is released. "In fact, eEye has engineered the patch to automatically remove itself when Microsoft's official patch comes through," said Marc Maiffret, eEye's cofounder and chief hacking officer.
Browser Bummers
Microsoft's custom is to release all security patches on the second Tuesday of every month. That means that PC users have to wait if a so-called "zero day" vulnerability -- a problem for which there is no available patch -- hits.
In response to feedback from customers requesting a better way to alert Microsoft to problems, the software giant has created an online database to collect information on potential bugs found in the beta version of Internet Explorer 7.
Paul Stamp, an analyst at the consulting company Forrester Research, said that given the ongoing problems associated with Internet Explorer, Microsoft needs a forum for user feedback.
"Browsers are so complex now that there are more bases to cover," Stamp said. "And because Microsoft went years before taking a proactive approach to Explorer bugs, there will be more flaws cropping up."
While the database will not help solve current issues associated with Internet Explorer 6, it represents another step in Microsoft's efforts to improve the security of its software
"Houston...we have a problem."
If this is true (thanks 119), can a moderator dump that link ASAP???
And, if anyone has any ideas on fixing this....please share....
"Reading departure signs in some big airport reminds me of the places I've been"
J.LeP wrote:And, if anyone has any ideas on fixing this....please share....
There is no patch yet. MS says 4/11, maybe sooner.
What a pain in the ass.
McAfee Threat Center: BREAKING ADVISORY
April 3, 2006. On March 30 new exploit code was published for the unpatched createTextRange vulnerability in Internet Explorer. This code is more reliable than previously published exploit code. The previously reported code has been found on malicious web sites and for this reason we expect that the new code will be used in the wild as well.
Follow the suggestion on MS website Adisory 917077
I am purposely not putting any links in this post.
And a BIG thanks Prth119!
We've gotta roll with the punches
Learn to play all of our hunches
Makin' the best of whatever comes your way
Forget that blind ambition
And learn to trust your intuition
Plowin' straight ahead come what may.
As alarming as it seems on the surface, I think this was just a humor page. Apparently people have been using BBC page templates for malicious use. It doesnt mean they all are. I checked in my event viewer and nothing had been installed on my machine. Of course, I'm not totally sure that the link was safe, but I'm not worried about it unless I read more.
warmsugar wrote:This seemed to be aimed at men so, for us older women & I can testify...JB music helps the ol' change of life thingy. And my hubby will testify he is sure of it because he is still alive!! HA HA When I get to feeling depressed...I go to my Margarita room & chill ...where my pC is to check on BN, play music, have a dink or not & just relax. I emerge a better woman instead of a bitter woman.
It works when your ready to kill your infuriating 17 y/o son too!!! Proved that yesterday!!!!!
I designed and created that BBC webpage, myself. I inserted the link. It's completely harmless and it was meant in fun.
It's true that some malicious people create hoaxes for the purpose of hurting others, but I assure you that there's nothing there that would hurt anyone's computer just by reading the funny story.
Some may appreciate the fun story, and the moderator should consider putting the story link back on the page. There's more to come, as well... In fact, I recently heard about a news story involving the Pope, Jimmy Buffett and a bag of bonefish. Maybe I'll write that one, too. Stay tuned.
I designed and created that BBC webpage, myself. I inserted the link. It's completely harmless and it was meant in fun.
It's true that some malicious people create hoaxes for the purpose of hurting others, but I assure you that there's nothing there that would hurt anyone's computer just by reading the funny story.
Some may appreciate the fun story, and the moderator should consider putting the story link back on the page. There's more to come, as well... In fact, I recently heard about a news story involving the Pope, Jimmy Buffett and a bag of bonefish. Maybe I'll write that one, too. Stay tuned.
Really funny Mr. Twain I am not laughing
Your fun wasted 2 hours of my sleep last night reading about the unpatched createTextRange vulnerability in Internet Explorer.
We've gotta roll with the punches
Learn to play all of our hunches
Makin' the best of whatever comes your way
Forget that blind ambition
And learn to trust your intuition
Plowin' straight ahead come what may.
Piratical wrote:Really funny Mr. Twain I am not laughing
Your fun wasted 2 hours of my sleep last night reading about the unpatched createTextRange vulnerability in Internet Explorer.
What can I say? The Internet's a wild and wooly place. I can't help it if there are others out there who make it bad for the rest of us.
Very true.
BTW, what is your relationship with Rash Magazine?
We've gotta roll with the punches
Learn to play all of our hunches
Makin' the best of whatever comes your way
Forget that blind ambition
And learn to trust your intuition
Plowin' straight ahead come what may.
I designed and created that BBC webpage, myself. I inserted the link. It's completely harmless and it was meant in fun.
It's true that some malicious people create hoaxes for the purpose of hurting others, but I assure you that there's nothing there that would hurt anyone's computer just by reading the funny story.
Some may appreciate the fun story, and the moderator should consider putting the story link back on the page. There's more to come, as well... In fact, I recently heard about a news story involving the Pope, Jimmy Buffett and a bag of bonefish. Maybe I'll write that one, too. Stay tuned.
I'm sure the link and potential vulnerability wasn't intentional, and if you have any way of assuring us our computers aren't compromised in any way, that would be great!
I'm sure the link and potential vulnerability wasn't intentional, and if you have any way of assuring us our computers aren't compromised in any way, that would be great!
All I can really say is that the page was built to look like a real BBC news article. But otherwise, it's a normal, run-of-the-mill, webpage. Nothing else hidden or built in. There is no potential vulnerability, and your computers certainly haven't been compromised in any way.
My stab at the little page was very much like a Saturday Night Live Skit. A Parody. Like a funny commercial on Laugh-in. I figured most people would immediately recognize it as a joke. Not a Hoax.
You'll see some similar fun stuff at a parody news site called the Onion http://www.theonion.com
I'm sure the link and potential vulnerability wasn't intentional, and if you have any way of assuring us our computers aren't compromised in any way, that would be great!
All I can really say is that the page was built to look like a real BBC news article. But otherwise, it's a normal, run-of-the-mill, webpage. Nothing else hidden or built in. There is no potential vulnerability, and your computers certainly haven't been compromised in any way.
My stab at the little page was very much like a Saturday Night Live Skit. A Parody. Like a funny commercial on Laugh-in. I figured most people would immediately recognize it as a joke. Not a Hoax.
You'll see some similar fun stuff at a parody news site called the Onion http://www.theonion.com
Looks like I had one heck of a first day on BN.
Yes Mr. Twain, you do see funny stuff on The Onion, but you don't see it also posted as one of the top threats on the security websites and Microsoft listing it as a security advisory that was last updated 4/3/2006, the same day as your post.
IMHO your timing was irresponsible, sort of like yelling bomb in an airport because you want to be funny.
We've gotta roll with the punches
Learn to play all of our hunches
Makin' the best of whatever comes your way
Forget that blind ambition
And learn to trust your intuition
Plowin' straight ahead come what may.
Piratical wrote:Yes Mr. Twain, you do see funny stuff on The Onion, but you don't see it also posted as one of the top threats on the security websites and Microsoft listing it as a security advisory that was last updated 4/3/2006, the same day as your post.
IMHO your timing was irresponsible, sort of like yelling bomb in an airport because you want to be funny.
Is there anything you've read that relates a threat to "rash magazine"? Because I sure havn't found any. I think the only issue here is that it was in the form of BBC news template. Mr. Twain may have not even known about the significance of making it look like BBC news.
Mr. Twain, can you change it to look like MSNBC?
Perhaps any future ones you want to write should look like CNN or something.
How did it get on rashmagazine.com? Do you have storage space there or did you just e-mail the story to them?
Burny Charles wrote:I think the only issue here is that it was in the form of BBC news template. Mr. Twain may have not even known about the significance of making it look like BBC news.
That was exactly my point Burny.
Burny Charles wrote:How did it get on rashmagazine.com? Do you have storage space there or did you just e-mail the story to them?
Mr. Twain hasn't answered that question yet. It has been asked twice now.
We've gotta roll with the punches
Learn to play all of our hunches
Makin' the best of whatever comes your way
Forget that blind ambition
And learn to trust your intuition
Plowin' straight ahead come what may.
