Consumer versions of McAfee Inc's leading software for securing PCs are susceptible to a flaw that can expose passwords and other sensitive information stored on personal computers, researchers have said.
The vulnerability affects many of McAfee's most popular consumer products, including its Internet Security Suite, SpamKiller, Privacy Service and Virus Scan Plus titles, Marc Maiffret, chief hacking officer at eEye Digital Security Inc, a competing maker of security products, said Monday.
McAfee spokeswoman Sio-bhan MacDermott confirmed the vulnerability and said software engineers were testing a fix. She said officials expected to release the patch today using a feature that automatically updates McAfee products over the Internet. The flaw does not affect next year's versions of McAfee products, which were released on Saturday, she said.
Maiffret said he has found a way to connect to PCs running the flawed McAfee products over the Internet and make them run code of his choosing. The flaw, if exploited, would make it possible for a criminal to track bank account numbers, and access, modify and delete sensitive files and do other damage on machines running the McAfee products, he said.
The reported flaw came on the same day that McAfee posted an item on its Web site taking a swipe at Microsoft Corp, whose products increasingly compete with the offerings of McAfee, Symantec Corp. and other security companies.
It warned that a code had been released that exploited flaws in a feature used to automate certain administrative tasks in Microsoft's Windows operating system.
"Microsoft products have always been an attractive target for hackers and malware authors," according a posting on the McAfee Web log.
Maiffret's company, which in the past has discovered embarrassing flaws in products sold by Apple Computer Inc, Microsoft, Symantec and McAfee, said he was withholding technical details of Monday's vulnerability to prevent criminals from learning how to exploit it.
The flaw comes two weeks after Aliso Viejo, California-based eEye disclosed a hole in McAfee program for protecting business computers. In that case, Santa Clara, California-based McAfee said it had fixed the defect three months earlier but did not warn customers about it until eEye made it public.
In May, eEye uncovered a similarly dangerous flaw in security software by Symantec.
Neither Maiffret nor McAfee said they were aware of any attacks that target the flaw disclosed on Monday.
"The vulnerability isn't public, so you shouldn't see exploits for it," Maiffret said, adding that users of McAfee products should make sure they are configured to automatically check for updates each day.
ROLLER-COASTER RIDE: More than five earthquakes ranging from magnitude 4.4 to 5.5 on the Richter scale shook eastern Taiwan in rapid succession yesterday afternoon Back-to-back weather fronts are forecast to hit Taiwan this week, resulting in rain across the nation in the coming days, the Central Weather Administration said yesterday, as it also warned residents in mountainous regions to be wary of landslides and rockfalls. As the first front approached, sporadic rainfall began in central and northern parts of Taiwan yesterday, the agency said, adding that rain is forecast to intensify in those regions today, while brief showers would also affect other parts of the nation. A second weather system is forecast to arrive on Thursday, bringing additional rain to the whole nation until Sunday, it
LANDSLIDES POSSIBLE: The agency advised the public to avoid visiting mountainous regions due to more expected aftershocks and rainfall from a series of weather fronts A series of earthquakes over the past few days were likely aftershocks of the April 3 earthquake in Hualien County, with further aftershocks to be expected for up to a year, the Central Weather Administration (CWA) said yesterday. Based on the nation’s experience after the quake on Sept. 21, 1999, more aftershocks are possible over the next six months to a year, the agency said. A total of 103 earthquakes of magnitude 4 on the local magnitude scale or higher hit Hualien County from 5:08pm on Monday to 10:27am yesterday, with 27 of them exceeding magnitude 5. They included two, of magnitude
CONDITIONAL: The PRC imposes secret requirements that the funding it provides cannot be spent in states with diplomatic relations with Taiwan, Emma Reilly said China has been bribing UN officials to obtain “special benefits” and to block funding from countries that have diplomatic ties with Taiwan, a former UN employee told the British House of Commons on Tuesday. At a House of Commons Foreign Affairs Committee hearing into “international relations within the multilateral system,” former Office of the UN High Commissioner for Human Rights (OHCHR) employee Emma Reilly said in a written statement that “Beijing paid bribes to the two successive Presidents of the [UN] General Assembly” during the two-year negotiation of the Sustainable Development Goals. Another way China exercises influence within the UN Secretariat is
Taiwan’s first drag queen to compete on the internationally acclaimed RuPaul’s Drag Race, Nymphia Wind (妮妃雅), was on Friday crowned the “Next Drag Superstar.” Dressed in a sparkling banana dress, Nymphia Wind swept onto the stage for the final, and stole the show. “Taiwan this is for you,” she said right after show host RuPaul announced her as the winner. “To those who feel like they don’t belong, just remember to live fearlessly and to live their truth,” she said on stage. One of the frontrunners for the past 15 episodes, the 28-year-old breezed through to the final after weeks of showcasing her unique