skip to main |
skip to sidebar
Daily Report Tuesday, November 7, 2006
Daily HighlightsA report by the Financial Action Task Force highlights the risks of criminal exploitation of new payment methods, many of which have taken hold on the Internet in recent years; the biggest new online payment brokers are eBay's PayPal, and Neteller. (See item 5)· The Associated Press reports rail passengers in Buffalo, New York, will undergo explosives screening beginning Tuesday, November 7, as part of a program being tested by the Transportation Security Administration. (See item 9)· Fraud investigators say that the U.S. Postal Service’s “change of address” system may be leaving people vulnerable to identity theft with thieves filling out a change of address card and thereby accessing private mail including critical credit card bills. (See item 13)
Information Technology and Telecommunications Sector
30. November 06, Secunia — Microsoft XMLHTTP ActiveX control code execution vulnerability. A vulnerability has been reported in Microsoft XML Core Services, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error in the XMLHTTP 4.0 ActiveX Control. Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious Website using Internet Explorer. NOTE: The vulnerability is already being actively exploited. Solution: Microsoft has recommended various workarounds including setting the kill−bit for the affected ActiveX control. See the vendor's advisory for details: