Peaches

D-Link MPEG4 Viewer ActiveX Control Buffer Overflow Vulnerabilities Highly critical "0x29A has discovered two vulnerabilities in D-Link MPEG4 Viewer ActiveX Control (csviewer.ocx), which can be exploited by malicious people to potentially compromise a user's system. The vulnerabilities are caused due to boundary errors when handling the "SetFilePath()" and "SetClientCookie()" methods and can be exploited to cause heap-based buffer overflows via an overly long string as argument. Successful exploitation may allow execution of arbitrary code. The vulnerabilities are confirmed in version 2.11.918

15 May 2009, 11:46 Certificates for Java applets in Lotus Domino are expiring "Next Monday the security certificates used for signing Java applets in Lotus Domino, Quickplace, Quickr, and Sametime will expire. From Tuesday, the 19th of May, any users who access these servers via their web browsers will be confronted with an error message. While, according to IBM, neither the applets' functionality nor their security is compromised, the error messages will cause irritation. Java applets are not used by all Domino applications. For example, recent versions of the webmail interface don't use the

Windows 7 Expected To Kill Vista Researchers at Gartner urge clients to skip Vista altogether if they haven't already deployed the OS. By Paul McDougall InformationWeek May 15, 2009 10:06 AM "The arrival of Windows 7 should put the final nail in the coffin for Windows Vista, one of the most disappointing products in software maker Microsoft's recent history. hat's the opinion of researchers at IT consulting group Gartner, who are advising corporate customers who haven't already made the leap from Windows XP to Vista to forgo the latter entirely. "Microsoft expects to ship Windows 7 in t

HP Recalls 70,000 Fire-Hazardous Batteries The faulty lithium-ion batteries are used in laptops sold under a variety of brands, including HP Pavilion, Compaq Presario, HP, and HP Compaq. By Antone Gonsalves InformationWeek May 15, 2009 01:46 PM "Hewlett-Packard has recalled 70,000 laptop batteries that pose a fire and burn hazard to users. The U.S. Consumer Product Safety Commission announced the recall Thursday, saying there have been two reports of batteries overheating and bursting into flames. The fires caused minor property damage, but no injuries. The faulty lithium-ion batteries a

A LITTLE THREE YEAR-OLD BOY IS SITTING ON THE TOILET. HIS MOTHER THINKS HE HAS BEEN IN THERE TOO LONG, SO SHE GOES IN TO SEE WHAT'S UP. THE LITTLE BOY IS GRIPPING ON TO THE TOILET SEAT WITH HIS LEFT HAND AND HITTING HIMSELF ON TOP OF THE HEAD WITH HIS RIGHT HAND. HIS MOTHER SAYS: "BILLY, ARE YOU ALRIGHT? YOU'VE BEEN IN HERE FOR AWHILE." BILLY SAYS: "I'M FINE, MOMMY. I JUST HAVEN'T GONE 'DOODY' YET." MOTHER SAYS: "OK, YOU CAN STAY HERE A FEW MORE MINUTES. BUT, BILLY, WHY ARE YOU HITTING YOURSELF ON THE HEAD?" BILLY SAYS: "WORKS FOR KETCHUP."

Pirated Windows 7 RC builds botnet by Matthew Broersma "A pirated version of Windows 7 Release Candidate infected with a Trojan horse has created a botnet with tens of thousands of bots under its control, according to researchers at security firm Damballa. The software, which first appeared on April 24, spread as quickly as several hundred new bots per hour, and controlled roughly 27,000 bots by the time Damballa took over the network's command and control server on May 10, the firm said Tuesday. The pirated software was spread via popular piracy sites and online forums, Damballa said. The

Toshiba first with half-a-terabyte SSD laptop 512 solid-state gigabytes on board and ready to buy now By Tony Smith 14th May 2009 09:48 GMT "Toshiba has begun selling what it claims is the first notebook to come with a 512GB solid-state drive as standard. You'll have to live in Japan - or know someone there - to get your mitts on the Dynabook SS RX2 WAJ, but if you manage it you not only get the aforementioned SSD but also a 1.4GHz Intel Core 2 Duo SU9400 processor, 3GB of 667MHz DDR 2 memory, 802.11n Wi-Fi, Bluetooth 2.1+EDR, Gigabit Ethernet and all the usual trimmings." Full story at The R

Cybercriminals Using Facebook To Drive Rogue Antimalware Business PandaLabs discovers Boface.BJ.worm, which uses Facebook to download and install rogue antimalware and trick users into believing they are infected and consequently buy a fake antivirus solution May 14, 2009 | 11:20 AM GLENDALE, Calif., May 14 /PRNewswire/ -- PandaLabs, "Panda Security's malware analysis and detection laboratory, today announced that it has discovered that variant number 56 of the Boface family of worms has just appeared, Boface.BJ.worm. Largely due to the enormous global popularity of Facebook and the potentia

Sun Solaris Thunderbird Multiple Vulnerabilities Highly critical Sun has acknowledged some vulnerabilities in Thunderbird included in Solaris, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, or potentially compromise a user's system. Secunia - http://secunia.com/advisories/35080/

Apple patches 67 bugs in Mac OS X Update fixes hack exploited at Pwn2Own contest Gregg Keizer "Apple has released a security update that patches 67 vulnerabilities in Mac OS X. "Security Update 2009-002, which was bundled with the upgrade for Leopard to Mac OS X 10.5.7, and available separately for users of Tiger, plugged holes in BIND, CoreGraphics, Disk Images, Flash Player, iChat, Kerberos, QuickDraw Manager, Safari, Spotlight, WebKit and other bits and pieces of the operating system. "For Apple, updates this size are now becoming the norm," said Andrew Storms, director of security operati

Canon Powershot A590IS Review by Alexa Wriggins For a beginner's camera, the PowerShot A590IS offers amazing image quality and superb stabilization. "For a bargain-bin price of $150, it has a lot of features: 8-megapixel resolution, 4X optical zoom, optical image stabilization, face detection (which recognizes faces in the frame and optimizes the autofocus accordingly) and a smaller-but-serviceable 2.5-inch LCD screen. And conveniently it runs on two AA batteries." Read full review - http://www.pcworld.com/reviews/product/314...hot_a590is.html >>>>>>>>>>>>&g

Microsoft Urged to Give Vista Ultimate Users Free Windows 7 Upgrades Gregg Keizer, Computerworld "Microsoft Corp. should give Windows Vista Ultimate owners a free upgrade to Windows 7, an analyst said Monday. "I'd like to see a free upgrade [to Windows 7] for Vista Ultimate users," said Michael Cherry, an analyst with Directions on Microsoft. "It would buy them a lot of good will, and I don't think it would cost them much." Cherry cited Microsoft's failure to deliver on the promise of "Ultimate Extras" as his reason for urging the company to compensate users. Ultimate Extras was one of the fe

Microsoft slings out Office 2010 technical preview Testy fingers at the ready By Kelly Fiveash • 13th May 2009 13:15 GMT "Microsoft will ship a technical preview of Office 2010 to invite-only users in July, the company has confirmed. The Office 2010 beta is expected to land at some point in the second half of 2009 and will come in 32-bit and 64-bit flavours. It can run on Windows XP SP3, Vista and Windows 7. Additionally it will also work on any computer that can run Office 2007, said Microsoft. Ahead of that a few thousand people will be handed a technical preview of Microsoft’s upcoming Off

May13 Pushdo/Cutwail – From Russia with love [Art of spamming] Part 2 by Robert McArdle (Senior Malware Researcher) "Russia has always been famous for some of its better known exports such as Oil, Gas, Vodka and Andrei Arshavin (for our non-European readers, he kicks a leather ball around a pitch without wearing any body armour). Unfortunately nowadays we can add spam botnets to that list. The famous Storm botnet from 2008 had strong links to the so-called Russian Business Network operating out of St.Petersburg, and from our research it appears that Pushdo is linked to the Moscow area. Like

13 May 2009, 10:17 Adobe closes critical Acrobat and Reader holes "As promised last week, Adobe has released security updates that patch several security flaws in its Adobe Reader and Acrobat products. The updates fix a recently announced critical buffer overflow in the JavaScript function getAnnots() that could be used by an attacker to crash either application and potentially allow them to take control of the affected system. For an attack to be successful the user must first open a specially crafted malicious PDF document. Version 9.1.1, 8.1.5 and 7.1.2 of Adobe Reader and Acrobat fix the

13 May 2009, 12:31 Security Update for SquirrelMail "The SquirrelMail developers have announced the release of version 1.4.18 of their open source standards based webmail package. The update fixes multiple security problems, including several cross-site scripting (XSS) vulnerabilities and a session fixation issue, which could be used to steal user log-in credentials. A "dangerous" server-side code execution vulnerability has also been patched, however, the developers do not provide any other details. The release also includes three new languages and enhancements to the filter plug-ins and add

12 May 2009, 19:58 "Microsoft update closes fourteen vulnerabilities in PowerPoint Although, as announced, Microsoft is distributing only a single update (MS09-017) today, Patch Tuesday, it's a biggie that closes fourteen security vulnerabilities in PowerPoint 2000, 2002, 2003 and 2007, and in PowerPoint Viewer 2003 and 2007. Microsoft describes at least twelve of the fourteen vulnerabilities as critical in PowerPoint 2000, because they allow code to be injected and run on a system. That's true in principle of the other PowerPoint versions too, but Microsoft considers their vulnerabilities to

A WEEK AT THE GYM If you read this without laughing out loud, then there is something wrong with you. This is dedicated to every woman who ever attempted to get into a regular workout routine. Dear Diary... For my fiftieth birthday this year, my husband (the sweet dear) purchased me a week of personal training at the local health club. Although I am still in great shape (from playing on my high school softball team), I decided it would be a good idea to go ahead and give it a try. I called the club and made my reservations with a personal trainer named Bruce, who described himself as a 26 y

The Hidden Secrets of Online Quizzes You can have a ball taking online quizzes on Facebook and other sites, but here are some things you should know before you do. JR Raphael, PC World "I am a genius. I'm charismatic, kind, and understanding. I'm also a Disney princess named Aurora and the reincarnation of Marilyn Monroe. But I'm not crazy (at least, not completely). I've just been taking a lot of online quizzes lately--you know, the ones all over the Web promising to reveal your IQ, personality traits, or celebrity resemblances. Aside from discovering my inner Sleeping Beauty, I've also learn

May12 2009 Pushdo/Cutwail – The Art of Spamming (Part 1 of 5) by David Sancho (Malware Researcher) "Unless you’ve been off the internet for the last seven years, you’ve probably heard of the massive security problem that botnets have become. These large collections of infected computers commanded by criminal outfits can launch coordinated attacks, host malicious websites or send spam… lots and lots of spam. If you actually ARE coming onto the internet for the first time in seven years, welcome back, and I hope you bought Google shares back in 2002; they’ve been doing quite well. One of the bi

Multiple Antivirus Websites XSSed in One HitWebsites belonging to no less than six antivirus vendors have been found to suffer from cross-site scripting weaknesses that could facilitate phishing attacks. Most of these companies were faced with similar flaws affecting their online resources in the past. A grey-hat hacker, going by the name of Methodman, who seems to have specialized in finding XSS vulnerabilities in high-profile websites, has just announced another hit. More specifically, he has disclosed cross-site scripting flaws in eight websites operated by six antivirus vendors: Symantec,

Report: ATM/Debit Card Fraud On The Rise Half of financial institutions experienced fraud complaints as a result of major data breaches May 12, 2009 | 02:07 PM By Kelly Jackson Higgins DarkReading "Credit card fraud may get most of the publicity when it comes to identity theft, but ATM and debit card theft is expected to grow 10 to 14 percent this year, according to a survey of financial institutions released today. It turns out the study was well-timed, too: Police officials in New York City yesterday reported that a fraud ring had stolen $500,000 from hundreds of bank customers' accounts

12 May 2009, 12:20 Lost+found: Bootkits, Undercover FBI Agents, Sysinternals Tools Too short for news, too good to lose; lost+found is a round up of useful security information. Today, Bootkits, Undercover FBI Agents and Sysinternals Tools "Nitin and Vipin Kumar of NV labs have now expanded their VBootkit that manipulated the Vista boot process to work on Windows 7. It allows unsigned code to gain access to the kernel: Vbootkit 2.0. CNET News has published an interview detailing the experience of an FBI agent who was undercover for two years in order to gain access to the "digital underground

One of these ought to cause a smile! 1. Jesse Jackson, Jim Baker and Jimmy Swaggert have written an impressive new book. It's called "Ministers Do More Than Lay People." 2. Transvestite: A guy who likes to eat, drink and be Mary. 3. The difference between the Pope and your boss....the Pope only expects you to kiss his ring. 4. My mind works like lightning. One brilliant flash and it is gone. 5. The only time the world beats a path to your door is if you're in the bathroom. 6. I hate sex in the movies. Tried it once. The seat folded up, the drink spilled and that ice, well, it really chilled th