Peaches

Title: Microsoft Security Advisory Notification Issued: June 17, 2009 ******************************************************************** Security Advisories Updated or Released Today ============================================== * Microsoft Security Advisory (969898) - Title: Update Rollup for ActiveX Kill Bits - http://www.microsoft.com/technet/security/...ory/969898.mspx - Revision Note: V1.1 (June 17, 2009): Added an entry to Frequently Asked Questions to communicate that for the purpose of automatic updating, this update does not replace the Cumulative Security Update of ActiveX Kill Bi

iPhone OS 3.0 fixes 46 vulnerabilities Apple has released version 3.0 of its iPhone mobile operating system. The update not only includes several new features, but also fixes 46 security vulnerabilities. Version 3.0 of the iPhone OS fixes 23 vulnerabilities in WebKit and Safari alone. According to Apple, many of the problems could have lead to the execution of arbitrary code when visiting a maliciously crafted website. Other vulnerabilities include unexpected application termination or arbitrary code execution when opening a maliciously crafted PDF document or image file and possible disclosu

Microsoft Backtracks, Extends XP Availability to 2011 Gregg Keizer, Computerworld On Tuesday, Michael Silver of Gartner took Microsoft to the woodshed over the company's decision to let computer makers sell PCs with Windows XP for only six months after Windows 7 debuts. Silver blasted the idea as a "real mess," and said that it would make it more difficult for companies to manage their PCs, and more expensive to upgrade them to Windows 7 down the road. Because of Windows 7's Oct. 22 launch date, the six-month cap meant that OEMs would have to stop shipping PCs "downgraded" from Windows 7 Prof

Jun18 Air France Flight 447 Spam Arrives with PowerPoint Exploit 1:33 am (UTC-7) | by Adrian Labiano (Anti-spam Research Engineer) After a blackhat SEO attack, cybercriminals are again using the terrifying catastrophe of Air France Flight 447 or about China-made C919 Jumbo Jets competing with Airbus and Boeing for malicious intent. This time, spam messages are sent with an attached PowerPoint presentation, which is specially crafted to exploit a vulnerability in Microsoft Powerpoint. The spammed emails suggest that there are images in the attached PowerPoint presentation related to both

Hacker Hijacks Millions of Cligs URLs Erik Larkin The Cli.gs URL-shortening service yesterday reported that an attacker managed break in via a software security hole and take over 2.2 million URL links. The Cli.gs service works like TinyURL to convert a long URL into a short link that is easier to use in e-mails, IMs and other messages. And lucky for Cli.gs users, this attack doesn't appear to have been intended to infect hapless surfers. According to security company Sophos, the hacked links took visitors to an Orange County Register blog posting on Twitter hashtags. Antivirus maker Kaspersk

Windows 7 Licensing 'Disaster' Looming for XP Users Galen Gruman, InfoWorld Windows 7, due to ship on Oct. 22, has gotten good reviews as the OS that Vista should have been. And the large percentage of businesses that have held onto XP rather than go to Vista -- about half, according to Gartner -- are no doubt planning to migrate to Windows 7. But Microsoft may be making it harder and costlier for them to do so, notes Gartner analyst Michael Silver. "It's a disaster waiting to happen," he says. Microsoft's potential XP downgrade trapUnder Microsoft's planned enterprise licensing rules, busine

Hydrogen-powered two-seater car unveiled 240 miles from a single tank, anyone? By Alun Taylor 17th June 2009 12:33 GMT Leccy Tech British boffins have unveiled what they believe is the future of urban personal transport - a prototype two seater micro-car powered by a single hydrogen fuel cell. Riversimple’s management team’s no stranger to groundbreaking car designs. The firm’s led by Hugo Spowers, for example, who was involved with the Morgan LIFEcar hydrogen vehicle project. The universities of Oxford and Cranfield have also played roles in the RUC’s development, as has Horizon Fuel Cell T

Spammers Celebrate with Father’s Day Early Father’s Day is a tradition meant for us to show our appreciation for fathers. With the fast changing technology however, people, spammers especially, follow the trend and celebrate the occasion in their own way. Clicking the link in the spam message displays a website that seems to be for the mattress vendor, Tempur-Pedic. It invites users to avail a free Night-Time Renewal kit with DVD. To do so however, requires the user to enter their first name, last name, and email address. Asking for such information wouldn’t be alarming if the website is the

Not One but Two New OS X Malware by Det Caraig (Technical Communications) Two new malware for Mac OS X were recently discovered. Even though there are indeed relatively fewer Mac malware compared with Windows, many Mac users who still believe they are somehow magically immune from attacks may run the risk of encountering any of these two. One of the newest Mac OS X malware, a Trojan detected as OSX_RSPLUG.C may be unknowingly downloaded by a user while visiting malicious websites. The said websites encourage users to download a software that is needed to play a promised hardcore pornographic

Salesforce Enticing Customers With Force.com Free Edition The initiative lets customers build Web applications and, if they wish, their own branded Web site to be operated on the Salesforce.com infrastructure. By Charles Babcock InformationWeek June 16, 2009 06:00 AM "Salesforce.com often signs up customers who come to its Force.com set of tools and build their first application online. So Salesforce.com is making that experience free through a new offering on Monday, Force.com Free Edition. An application with up to 100 authenticated employee users or up to 250,000 public page views pe

SystemRescueCd 1.2.1 Is Powered by Linux Kernel 2.6.29.4Gentoo-based operating system for system administration and data recovery François Dupoux announced on June 15th the immediate availability of the SystemRescueCd 1.2.1 Linux distribution. Being powered by Linux kernel 2.6.29.4, the new version of this tiny Gentoo-based OS for system administration and data recovery comes with a few important updated packages and a couple of improvements. Without further introduction, let's have a detailed look at the main features of SystemRescueCd 1.2.1: · Updated the standard Linux kernel packages to v

16 June 2009, 12:47 TrueCrypt 6.2a released "The TrueCrypt developers have released version 6.2a of their open source, cross platform disk encryption tool. The maintenance release includes improvements to file container creation performance and fixes an error that occurred when system decryption was completed on Windows machines. The release also includes several additional bug fixes for the original 6.2 release from last month. Windows 7 support, command line options for volume creation and 'Raw' CD/DVD volumes are all features planned for future versions. TrueCrypt 6.2a is available to down

16 June 2009, 10:17 Apple closes vulnerabilities in Java Apple has released Java for Mac OS X 10.4 Release 9 and Java for Mac OS X 10.5 Update 4 to fix several well-known security vulnerabilities in Java. In mid-May, security specialist Landon Fuller published an exploit for Mac OS X to demonstrate how easy it was to exploit the Java vulnerability. Since then Apple has been criticised for leaving it's users unprotected for far to long. Independent security specialist Rich Mogull has called for the introduction of a "Secure Software Development" program for Apples most important products and t

Viewsonic Releases Three New 120Hz 3D ProjectorsFinally, a bit more affordable June 16, 2009 I know there are a lot of people out there that would just love to get their hands on a 3D projector but the price is usually too steep in order to make it the least bit affordable. Well, 3D loving boys and girls, guess what I have for you today! Yep, you guessed it! Three new 3D-enabled 120Hz DLP projectors from Viewsonic. Best thing? They are also quite affordable (meaning that if you really, really want one, you can get it if you save two or three months’ wages). Let me start with the PJD6381, a 3D

June 14, 2009 10:35 AM PDT Does Microsoft's Bing have Google running scared? Microsoft may have developed a contender that threatens Google's Web search dominance. "In a story headlined "Fear grips Google," the New York Post reports that the launch of Microsoft's Bing search engine has so upset Google co-founder Sergey Brin that he has top engineers working on "urgent upgrades" to Google's service. Brin is said to be leading a team to determine how Microsoft's search algorithm differs from the closely guarded one Google employs. The tabloid also notes that it's rare for Google's co-founders

15 June 2009, 13:27 Security problems in multiple anti-virus products "Symantec has reported a security problem in several of its anti-virus products for business and private users. As a result of a bug, the software can be fooled into overlooking malware when searching through specially crafted archives. The manipulation to create such archives formats them incorrectly, but even so, some applications and unpackers are still able to extract files from them. This lack of detection is a particular problem at security gateways on network boundaries, with the result that for instance, for bu

Adobe Launches Acrobat.com Out Of Beta The document collaboration service offers businesses an online alternative to Microsoft Office, Google Docs, and other tools. By Antone Gonsalves InformationWeek June 15, 2009 01:31 PM "Adobe Systems on Monday launched out of beta Acrobat.com, a document collaboration service that offers businesses an online alternative to Microsoft Office. While it's too early to say whether Acrobat.com will make a dent in Microsoft's dominance of the productivity software market, the service is likely to appeal to professionals already using Adobe's creativity sof

FireStats SQL Injection and File Inclusion Vulnerabilities Highly critical Some vulnerabilities have been reported in the FireStats plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks or to compromise a vulnerable system. 1) Input passed via unspecified parameters is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed via the "fs_javascript" parameter to wp-content/plugins/firestats/firestats-w

Green Dam URL Processing Buffer Overflow Vulnerability Highly critical A vulnerability has been reported in Green Dam, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when filtering URLs and can be exploited to cause a stack-based buffer overflow by redirecting the browser to an overly long URL. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in version 3.17. Other versions may also be affected. secu

Hubby Pie Can be prepared 20 years ahead. Ingredients .. crust: 1 hard-skinned hubby 1 comfortable sofa filling: 1 TV remote control 6 pack of coke or beer 1 packet chips [crisps] 1 family size pizza 1 large serve nacho 1 melted cheese sandwich 15 years patience lifetime of living care 1 ounce of resignation Method: Cram one thick-skinned hubby into a well worn greased and comfortable sofa and leave to set [probably will take length of one sport show], remove from family room and bring to th

Mobile internet? It ain't just for the iPhone 'Dumb' handsets involved in half of sessions "Statistics released by mobile software company Novarra show that it's not just owners of status-symbol handsets who are surfing the internet these days, with around half the mobile sessions coming from "dumb" handsets. The figures only cover networks that have deployed Novarra's software, which pre-loads content and optimises it for the receiving device, as well as logging customers' internet usage. Novarra reckons the product opens up the internet to dumb handsets, and presents the figures to prove it,

Buggy 'smart meters' open door to power-grid botnet Grid-burrowing worm only the beginning "New electricity meters being rolled out to millions of homes and businesses are riddled with security bugs that could bring down the power grid, according to a security researcher who plans to demonstrate several attacks at a security conference next month. The so-called smart meters for the first time provide two-way communications between electricity users and the power plants that serve them. Prodded by billions of dollars from President Obama's economic stimulus package, utilities in Seattle, Housto

New Kaspersky Antivirus Protects Netbooks John E. Dunn, Techworld.com "Kaspersky Lab has announced an anti-malware product specifically designed for netbooks, the first to fill a potentially lucrative new software niche. According to the company, Kaspersky Internet Security Special Edition for Ultra-Portables has been "optimized" for netbooks running the Intel Atom, Intel Celeron-M, or VIA C7-M processors that power the current generation of Windows XP-based small-screen wonders. The product is so optimized that the company says it will not run on systems that don't use these microprocessors e

Viral web infection siphons ad dollars from Google Only getting bigger 14th May 2009 20:49 GMT A compromise that is moving virally across websites is making unwitting people who surf to them part of a botnet that redirects Google search results, a security researcher has warned. During the past week, the number of websites identified as infected have almost tripled, according to researcher Mary Landesman with real-time malware scanning specialist ScanSafe tracking the attacks since March. Normally, web compromises die out after a few weeks, as search engines and anti-virus programs grow wise

12 June 2009, 15:31 Morro, Microsoft's free anti-malware tool, in beta soon "Media reports say Microsoft is already testing Morro, its promised new anti-virus product, on its own employees. It will shortly offer a public test or beta version for downloading, but no precise dates have been given. There isn't much more new information yet. When heise Security asked Microsoft Deutschland about it, press spokesman Thomas Baumgärtner could only confirm that Morro is scheduled for the second half of 2009. Morro is a replacement for OneCare, the more or less unsuccessful commercial security softwar