nCircle Network Security

Anyone perusing porn sites at home will appreciate Microsoft's latest efforts at browser privacy, but it's not clear it will do much for the enterprise. Internet Explorer product manager Andrew Ziegler discussed the new privacy features of IE8, currently in its second beta, in an extensive blog post Monday. Users of the new software will be able to turn on Microsoft's InPrivate Browsing and Blocking features.

When what many observers are calling "porn mode" is turned on, IE8 doesn't store history, cookies, form data, passwords, URLs, search queries or visited links.

Along with the myriad other problems with Apple's MobileMe service -- syncing conflicts, corrupted data, dropped connections -- users can now add another concern: spam.

Apple has provided spammers with a "dead simple way to easily spider their iDisk property to retrieve the entire MobileMe user name list," Michael Arrington charged Thursday on his TechCrunch blog.

Security researchers are still trying to work out exactly who is responsible for the cyberwar tactics that have knocked many Georgian government Web sites offline. While Georgian officials blamed Russia, many security experts have pointed the finger at the Russian Business Network (RBN), a shadowy outfit -- that may no longer even exist -- which has previously provided network services for Russian criminal gangs.

The Internet remains vulnerable to exploits of a critical security flaw in the Domain Name System, a Russian programmer demonstrated last week. Writing on his blog on Friday, Evgeniy Polyakov posted that he had succeeded in getting patched DNS software to return an incorrect location in less than 10 hours.

His work shows that DNS patches, which had appeared to solve the immediate problem, are insufficient.

Cache Poisoning

Teenage hackers temporarily hijacked and defaced several Comcast Web sites and redirected user e-mail in an exploit that appears to expose fundamental weaknesses in the Internet's Domain Name System. The hackers, known as Defiant and EBK, apparently used "social engineering" -- persuading insiders to hand over account information -- to break into Comcast's account at domain registrar Network Solutions.

A security firm has identified serious vulnerabilities in Apple's iCal calendar application. Core Security Technologies reports that it discovered three vulnerabilities in the application, which could enable an attacker to execute arbitrary code or launch a denial of service attack.

The most serious of the vulnerabilities stems from "potential memory corruption" from a bug that attackers can take advantage of with a specially crafted malformed .ics calendar file, Core said.

The name PayPal is almost synonymous with phishing scams. According to anti-phishing service PhishTank statistics from last year, PayPal was the number-one target of scams -- more than twice as often as PayPal's parent, eBay, the second most popular target.

On Friday, PayPal announced it was taking an unusual step to combat phishing abuse: blocking old and insecure browsers from its site. It is "an alarming fact that there is a significant set of users who use very old and vulnerable browsers, such as Internet Explorer 4," the company said.