Peaches

May 20, 2009 3:41 PM PDT Adobe to release security updates a la Patch Tuesday by Elinor Mills Correction 4:05 p.m. PDT: This post initially misstated how often the security updates will be. Adobe plans to issue updates quarterly. "Adobe said on Wednesday it will release quarterly security updates to coincide with Microsoft's Patch Tuesday as part of a new approach to product security for Adobe Reader and Acrobat. The security updates will be delivered on a second Tuesday once a quarter, beginning this summer, Brad Arkin, director of product security and privacy, wrote in a blog post. Micro

New Malware Attack Detected by Sophos John Mark V. Tuazon, Computerworld Philippines "A new web-based malware attack comprising almost half of detected infections this week has been detected by IT security and control firm Sophos. Identified as JSRedir-R, the threat has been found targeting high traffic legitimate websites, surreptitiously loading malicious content from third-party sites. It has been detected by Sophos six times more often than Mal/Iframe-F, which has been the most widespread web-based threat for over a year. "No one should be in any doubt that the web is still the main vector

Install Windows 7 From an External Hard Drive Rick Broida Good news, netbook users: There's a reasonably easy way to install the Windows 7 Release Candidate, even if you don't have an external DVD drive. As you may recall from yesterday, Windows 7 gets downloaded as an ISO file and then extracted to a DVD for installation. But netbooks lack DVD drives, meaning you need to find a workaround. My preferred method is installing Windows 7 from an external hard drive. You need one with about 5GB of free space. The process, which takes a little less than an hour, goes like this: 1. Download the Windo

May20 Pushdo/Cutwail – Sniffing for the win (Part 4 of 5) by David Sancho (Malware Researcher) Check out the first, second, and third part of this report. "The bad guys behind this botnet are sly and evil, you have to give them that! From their end, this is just pure business. They cater to Russian companies to advertise their services, be it a law firm or a dance academy, but they have a problem: how to ensure that those spammed messages have been delivered? Well the Pushdo gang have come up with a way of doing just that - by sniffing all emails being sent from every infected machine. That’

20 May 2009, 15:05 Exploit for unpatched vulnerability in Mac OS X - Update "The security specialist Landon Fuller has published an exploit for Mac OS X which allows an attacker to take control of a computer by directing a user with Safari to a rigged web page. The cause of the drive-by-download hole has been known since the beginning of December 2008; known vulnerabilities in the de-serialisation of certain objects in the sandbox of the Java Virtual machine. This can allow an untrusted applet to gain higher system privileges. Sun has since fixed the hole with Java 6 Update 11, released in De

Six months on, Macs still plagued by critical Java vuln No Java applets for you! By Dan Goodin in San Francisco 19th May 2009 18:05 GMT "More than six months after Sun Microsystems warned that a flaw in its Java virtual machine made it trivial for attackers to execute malware on end users' machines, the vulnerability remains unpatched on Apple's Mac platform. Most other operating systems, including Windows and major Linux distributions, fixed the bug months ago. That's a good thing given it is actively being exploited in the wild. Penetration testers, including Immunity and VUPEN Security, con

Napster crossbreeds streaming, download plans Cat comes back. Again. Again. By Austin Modine 19th May 2009 22:05 GMT "Napster - the outfit that shares a name with a bygone music piracy pioneer sued into oblivion - is back with a new $5-per-month streaming/download hybrid plan following its purchase by Best Buy last year. For a fiver a month, US subscribers can now stream music from Napster's claimed catalog of over 7 million songs as well as download and keep five DRM-free MP3s each month. Napster had previously been charging $12.99 for streaming music only. Aside from the US-only aspect of N

May 19, 2009 4:00 AM PDT Protecting yourself from vishing attacks by Marguerite Reardon "You might have heard about online "phishing" scams designed to steal money from unsuspecting Web users, but now criminals are using another type of scam called "vishing" to commit the same crimes. Last week, the Federal Trade Commission filed lawsuits against two telemarketing firms in Florida and a company claiming to sell extended automobile warranties for violating the Do Not Call registry and fraud for selling bogus warranties for between $2,000 and $3,000 a pop. Since 2007, the companies supposedly

May 19, 2009 7:04 AM PDT 'Gumblar' attacks spreading quickly by Matthew Broersma "The attackers behind a series of rapidly spreading Web site compromises have begun using a new domain to deliver their malicious code, security experts say. The attacks, collectively referred to as "Gumblar" by ScanSafe and "Troj/JSRedir-R" by Sophos, grew 188 percent over the course of a week, ScanSafe said late last week. The Gumblar infections accounted for 42 percent of all infections found on Web sites last week, Sophos said. Over the weekend, the Chinese Web domain used to deliver the malicious code--gum

Gumblar Google-poisoning attack morphs Drive-by download juggernaut relocates and picks up speed By John Leyden Posted in Anti-Virus, 19th May 2009 20:37 GMT A Web attack that poisons Google search results is getting worse, according to security researchers. The attack first relies on compromising normally legitimate website and planting malicious scripts. US CERT reports that stolen FTP credentials are reckoned to be the main technique in play during this stage of the attack but poor configuration settings and vulnerable web applications might also play a part. Surfers who visit compromised

Yes friends,I will confirm it is Fibromyalgia with Chronic Fatigue Syndrome combined. The first 3 yrs. I was totally ambulatory - I could not move, feed myself, dress myself, walk, comb my hair, brush my teeth and anything normal people enjoy was denied to me. I took matters into my own hands to achieve a degree of wellness and live a reasonably normal life ... I travel, I walk, I am an Administrator on 2 other forums - one social and one Security as well as serving as an elected director on a multi million dollar corporation. From ambulatory I rose to achievements beyond my dreams. It can

Google courts Hotmail & Yahoo Mail users New import tool simplifies webmail switching Oliver Garnham Google hopes to steal webmail users from Microsoft and Yahoo with a new tool that's designed to make migrating from Yahoo Mail and Hotmail to Gmail more straightforward. Available now to new Gmail users, and coming to all users of Google's webmail service over the next few weeks, the Import feature simply requires users to enter login details for their Yahoo, Hotmail or AOL accounts. They can then choose to transfer their contacts and/or mail across to Gmail, and also have their messages f

Firefox Update Expected in Early June Gregg Keizer, Computerworld "After months of problems that delayed the last two betas of Firefox 3.5, Mozilla Corp. is now on track to deliver the first release candidate early next month. If Firefox 3.5 Release Candidate (RC) is declared suitable for final release, Mozilla may still make its self-set deadline -- before the end of the first half of the year. Mike Beltzner, the director of Firefox, was optimistic in a note published on the site last Thursday. "We're setting an aggressive code freeze target of next Wednesday, May 20 for Firefox 3.5 RC," he

May18 Pushdo/Cutwail – Can’t touch this (Part 3 of 5) by Robert McArdle (Senior Malware Researcher) "We’ve all been there. Your scheduled scan displays a popup with text similar to “A malicious file c:\definatelyNotAVirus_Honest.exe has been detected on your computer” On finding a malicious file some network administrators will even proactively submit suspicious files to multi-scanner online services such as “Virus Total” - which will scan the file with 40 or so different vendors and give the files detection results. Notice the word that has been used four times above – file. One of the core

18 May 2009, 16:36 Vulnerabilities in sound processing library libsndfile "Two vulnerabilities in the open source sound processing library libsndfile could allow an attacker to compromise a system by playing a media file. A heap buffer overflow can be triggered when playing back specially crafted Creative Labs Audio Files (VOC) and AIFF files. The libsndfile library has been updated to version 1.0.20 which fixes the issues. Version 5.552 of the Winamp media player is affected as it uses the library. An update for Winamp, however, is not yet officially available." See also: libsndfile/Winamp

18 May 2009, 10:02 OWASP LiveCD switching to Ubuntu "The OWASP LiveCD is a collection of open-source security software for web developers as well as external and internal testers/auditors, that does very much the same job as the BackTrack LiveCD does for network and system penetration tests. Matt Tesauro is the project's new maintainer and new versions have appeared since its redesign in the autumn of 2008. "AustinTerrier", the current version, contains a number of freely available tools for fingerprinting web servers (Httprint), web-application scanners such as Grendel Scan and w3af, special

Evaluating firewalls and doing leak tests ... For detailed information including screenshots - http://www.jam-software.com/freeware/index.shtml

Are you looking for a new desktop wallpaper ... look no further ... great selection here: http://www.smashingmagazine.com/2009/04/30...endar-may-2009/ Great desktop wallpaper can also be found here: http://www.serenescreen.com/ also check out the freebies here: http://www.smashingmagazine.com/category/freebies/

16 May 2009, 15:28 Security hole in IIS 6.0 "A WebDAV vulnerability in Microsoft's Internet Information Server 6.0 (IIS) allows attackers to access password-protected directories and download and even upload arbitrary files. According to a report, the access isn't limited to WebDAV folders: the vulnerability affects all the directories controlled by the web server. It is caused by a flaw in the processing of unicode characters. Nicolaos Rangos, who discovered the hole, reports that a request with a header like the following example, prompts the IIS to return a protected file from a regular fo

PDF Flaw Patched -- But Does Anybody Know? Gregg Keizer, Computerworld "As expected, Adobe patched a zero-day vulnerability in its popular Adobe Reader software last week, marking the second time in three months that it delivered an update on the same day Microsoft issued its monthly fixes. But while Microsoft's PowerPoint patch received lots of attention, the Adobe update should be at the top of people's to-do list, a security expert said today. "Adobe's is more important than Microsoft's," said Wolfgang Kandek, chief technology officer at Qualys. "Even though Microsoft's had more visibility

Malware's Newest Threat: Fake URLs Joshua Gliddon, Computerworld Australia "According to Websense Security Labs, criminals are seeking to mislead web surfers by flooding the internet with URLs that include words like FaceBook, MySpace and Twitter. The fake domains, which have no connection to the legitimate websites, are designed to trick users into entering sensitive information, such as passwords, bank account details and PIN numbers, or into downloading malicious code." details at PCWorld - http://www.pcworld.com/businesscenter/arti..._fake_urls.html

Next Ubuntu alpha reveals video change By Gavin Clarke in San Francisco "The next Ubuntu should see improved video performance, along with updates to the underlying Linux and open-source infrastructure. A change in the video architecture has been revealed as the Ubuntu development team released alpha code for the next, planned edition: Ubuntu 9.10, codenamed Karmic Koala. Ubuntu 9.10 will feature a new Intel video driver architecture to solve problems in Ubuntu 9.04, released just last month. Ubuntu 9.10 will switch from the current EXA acceleration method to UXA. A kernel-mode setting, meanw

NVIDIA Releases First GeForce 3D Vision Drivers for Windows 7 – Download HereAlso updates the Windows Vista drivers "As some of you (well, especially those of you who've paid a visit to our Gadgets section) probably know already, a Softpedia team has recently had the chance to take NVIDIA's GeForce 3D Vision system for a quick test and we were very impressed by the potential of this amazing technology. However, back then, we noticed some driver-related issues, but it seems that the GPU manufacturer is quite keen on solving them, since it has just released a couple of new drivers for the GeFo

Facebook Slammed with Another Phishing Attack Brennon Slattery "Facebook was hit with yet another phishing attack yesterday as malicious e-mails went to some of the social networking site's 200 million users. The attack, which Facebook is actively fighting, asked members to leave Facebook and access outside sites that then stole user names and passwords. The malicious e-mail messages were of the garden variety for scams: poor grammar, misspellings, and a request to visit an external site that included the domain name www.151.im, www.121.im or www.123.im (do yourself a favor and don't click on

Microsoft's Software Pipeline Set to Burst John Fontana, Network World LOS ANGELES -- If there was one revelation at this week's Microsoft TechEd conference it was that the company's product pipeline is stuffed with new software timed for release in the next seven to 12 months that will force corporate IT to deftly plan and strategize how it wants to deal with the onslaught. Four of Microsoft's major platforms are queued up to be released near the end of 2009 or early 2010. Windows 7, Windows Server 2008 R2 and Exchange 2010 are all slated to ship by year-end, as is the company's new identity