Security Log

Computerworld - CA Reveals Antivirus Flaw
Computer Associates International Inc. disclosed a serious security flaw in its antivirus products. The bug, which affects the Vet antivirus engine underlying CA's enterprise and consumer security software, could be exploited by a remote attacker via a specially crafted Microsoft Word document to cause a heap overflow and execute malicious code, according to CA. Enterprise users received a patch at the beginning of this month.
Files Encrypted, Held Hostage
A hacker has found a way to encode computer files and hold them hostage until the victim pays for a decoder tool, said Websense Inc., which uncovered the extortion attempt. But there's a way to avoid paying ransom: Lurhq Corp. said it found the encryption scheme relatively easy to break.
Security Bookshelf
•Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks, by Michal Zalewski (No Starch Press, 2005).
When I first flipped open this book, I was intimidated by the author's use of a somewhat complex mathematical equation to determine the type of browser used to send IP packets. But I became fascinated by his approach to network security from a reconnaissance point of view; most security books focus on attacks. Though the book probably isn't for entry-level security pros, senior analysts and engineers will find it useful. Most chapters start with an interesting anecdote before getting down to some fairly technical details. Zalewski's explanations make it clear that he's tops in the industry.
-- Mathias Thurman