An implementation flaw allows attackers to bypass the encryption mechanism used for Microsoft Office documents. Although this isn't news, having been made public in 2005, no (officially acknowledged) attack or tool for exploiting the vulnerability has existed until now. Which probably explains why Microsoft has never fixed the problem with an update for older versions of Office.
French crypto expert Eric Filiol in his presentationPDF at the recent Black Hat security conference emphasised that the situation has now changed. He says his tool can decrypt a document within a few minutes. Filiol said he began working on the statistical analysis of the RC4 algorithm used in Office back in 1994. Talking to heise Security, the expert explained why he has only now published his results: "I was employed by the French military at the time. Everything I did was classified. Now I am free speak about it."
Microsoft has revealed that its latest round of patches won't install on XP machines if they're infected with a rootkit.
Back in February, a security patch left some XP users complaining of endless reboots and Blue Screens of Death. An investigation followed and Microsoft discovered the problems occurred on machines infected with the Alureon rootkit, which interacted badly with patch KB977165 for the Windows kernel.
PCs using file-share sites and publishes the user's net history on a public website before demanding a fee for its removal.
The Japanese trojan virus installs itself on computers using a popular file-share service called Winni, used by up to 200m people.