Expect 13 Windows patches, some critical

Expect 13 Windows patches, some critical: "Plan for a very busy Patch Tuesday.

Microsoft said on its TechNet site that it expects to issue 13 security bulletins Tuesday, some of them for critical security holes in Windows Media Player, MSN Messenger, Microsoft Office and Visual Studio.

The software giant won't reveal full details of vulnerabilities to be patched until Tuesday afternoon. But Thursday it revealed that its patch release will address:

* 'Moderate' security holes affecting SharePoint Services and Office;
* 'Important' vulnerabilities in the .NET Framework;
* One or more 'critical' vulnerabilities affecting Microsoft Office and Visual Studio; and
* One or more 'critical' flaws in Windows, Windows Media Player and MSN Messenger."

NevOn: Hidden dangers with public Wi-Fi

NevOn: Hidden dangers with public Wi-Fi: "It's becoming a common thing to see people sitting in public places - train stations, airports, the local Starbucks - with their laptops, doing their email or writing their blogs, or any manner of things that they'd do when in the office or at home.

How do you know that the wi-fi network you've connected to really is secure?"

Is your password on this list?

Here's a lengthy list of the most common passwords. If yours is on it, change it now. And, take to heart the warning in the introduction to the list that any word which appears in the dictionary is not a good password.

GeodSoft How-To: Common and Bad Passwords

Opinion from PC Magazine: Panic Over Spyware

John Dvorak has disovered there's a problem with spyware! Seriously, this article is well worth reading. Despite your best efforts, your PC may be still be vulnerable to some of the latest nasties.

Opinion from PC Magazine: Panic Over Spyware: "Now, if you think that the free antispyware programs are going to help with the nastiest of infections, you are kidding yourself. I've chatted with four spyware vendors over the past couple of weeks and they all agree that it's gotten so bad that the public is only partially aware of the problem. Few users know that their machines are infected.

There is now a firm belief that organized crime, including the Russian mafia, is behind much of this activity. The scene is no longer dominated by kids out for fun.

So what is the spyware used for? There appear to be four primary uses."

Critical Update for Windows XP Service Pack 2 Firewall

If you use a dial-up connection, you must install this update on your Windows XP SP2 system.

Description of the Critical Update for Windows XP Service Pack 2: "After you set up Microsoft Windows Firewall in Microsoft Windows XP Service Pack 2 (SP2), you may discover that your computer can be accessed by anyone on the Internet when you use a dial-up connection to connect to the Internet."

The security lingo of 2004

Are you up-to-date on all of the lingo? If you still think phishing refers to attending concerts by a jam band or zombies are characters in "B" horror movies, this article may help.

The security lingo of 2004: "Using some of the security lingo of the last 12 months, you could say 2004 was the year bots hijacked machines and created armies of zombie PCs, opening backdoors for spammers, phishers and all kinds of phreaks."

USATODAY.com - Unprotected PCs can be hijacked in minutes

The time it takes for an unprotected PC to be attacked on the net has decreased to essentially zero according to a new study reported in USA Today.

Simply connecting to the Internet — and doing nothing else — exposes your PC to non-stop, automated break-in attempts by intruders looking to take control of your machine surreptitiously.

While most break-in tries fail, an unprotected PC can get hijacked within minutes of accessing the Internet. Once hijacked, it is likely to get grouped with other compromised PCs to dispense spam, conduct denial-of-service attacks or carry out identity-theft scams.

Those are key findings of a test conducted by USA TODAY and Avantgarde, a San Francisco tech marketing and design firm. The experiment involved monitoring six "honeypot" computers for two weeks — set up to see what kind of malicious traffic they would attract. Once breached, the test computers were shut down before they could be used to attack other PCs.

The test did not measure Web attacks that require user participation, namely spyware, which gets spread by visiting contagious Web sites, or e-mail viruses, which proliferate via e-mail attachments.