Peaches

The following bulletins have undergone a minor revision increment. Please see the appropriate bulletin for more details. * MS09-002 - Critical Bulletin Information: ===================== * MS09-002 - Critical - http://www.microsoft.com/technet/security/...n/ms09-002.mspx - Reason for Revision: V1.1 (February 16, 2009): Added a link to Microsoft Knowledge Base Article 961260 under Known Issues in the Executive Summary. - Originally posted: February 10, 2009 - Updated: February 16, 2009 - Bulletin Severity Rating: Critical - Version: 1.1 Source of information: Subscript

Microsoft Internet Explorer Two Code Execution Vulnerabilities Secunia Advisory: SA33845 Release Date: 2009-02-10 Last Update: 2009-02-11 Critical: Highly critical Impact: System access Where: From remote Solution Status: Vendor Patch Software:Microsoft Internet Explorer 7.x Description: Two vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system. 1) An error when handling document objects can be exploited to corrupt memory via a specially crafted web page where an object is appended and deleted in a spe

Falt4 CMS Cross-Site Request Forgery and Security BypassSecunia Advisory: SA33973 Release Date: 2009-02-17 Critical: Highly critical Impact: Security Bypass Cross Site Scripting System access Where: From remote Solution Status: Unpatched Description: A security issue and a vulnerability have been discovered in Falt4 CMS, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site request forgery attacks. 1) The security issue is caused due to incorrect security restrictions on the "modules/newsletter/FCKeditor/editor/filemanager/browser/defa

Microsoft Word Malformed Object Pointer Vulnerability Secunia Advisory: SA20153 Release Date: 2006-05-19 Last Update: 2006-06-13 Critical: Extremely critical Impact: System access Where: From remote Solution Status: Vendor Patch Software: Microsoft Office 2000 Microsoft Office 2003 Professional Edition Microsoft Office 2003 Small Business Edition Microsoft Office 2003 Standard Edition Microsoft Office 2003 Student and Teacher Edition Microsoft Office XP Microsoft Word 2000 Microsoft Word 2002 Microsoft Word 2003 Microsoft Word Viewer 2003 Microsoft Works Suite 2001 Microsoft Works Suite

Adobe Flash Player Multiple Security Issues and Vulnerabilities Secunia Advisory: SA32270 Release Date: 2008-10-16 Last Update: 2008-12-12 Critical: Moderately critical Impact: Security Bypass Cross Site Scripting Manipulation of data Exposure of sensitive information Where: From remote Solution Status: Vendor Patch secunia advisories for full details: http://secunia.com/advisories/32270/

NovaBoard Multiple Vulnerabilities Secunia Advisory: SA33966 Release Date: 2009-02-17 Moderately critical Description: brain[pillow] has discovered some vulnerabilities and a security issue in NovaBoard, which can be exploited by malicious people to conduct SQL injection attacks, disclose sensitive information, and bypass certain security restrictions. 1) Input passed to the "topic" parameter in index.php (when "page" is set to "search" and "pf" is set to "1") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries b

New attacks on IE7 go wild Info-stealing software remotely installed By Dan Goodin in San Francisco 17th February 2009 23:11 GMT Cybercriminals have begun attacking a critical hole that Microsoft patched in its Internet Explorer 7 browser last week, corroborating the company's warning that the vulnerability would be easy to exploit.The exploit code is spread through a booby trapped Word document that ultimately installs information-stealing malware on unpatched machines, according to researchers. The vulnerability is one of two IE flaws Microsoft patched last week. The company warned at the t

Bitdefender and GData delete winlogon system file Anti-virus programs by Bitdefender and GData issued a signature update last week that identified the file "winlogon.exe" as a trojan (Trojan.Generic.1423603) and, if set up appropriately, simply deleted it. Both vendors have, in the meantime, announced that this is a false alarm and have made an update available to resolve the issue. Users who have not yet installed this update are advised to block file access, carry out a signature update and restart their computers. If the "winlogon.exe" file has already been deleted, it needs to be r

The National Highway Safety Council has done extensive testing on a newly designed seat belt. Results show that accidents can be reduced by as much as 45% when the belt is properly installed. Correct installation is illustrated below ....... THIS MAY HELP SAVE A LIFE! You smiled didn't you... Yeah you did .. and you just smiled again.

The following is copied from my forum - Free online scanners ... TrendMicro - http://housecall.trendmicro.com/ Trend Micro's FREE online virus scanner Symantec security check: http://security.symantec.com/sscv6/WelcomePage.asp Test your computer's exposure to online security threats and learn how to make your computer more secure. BitDefender Online Scanner - http://www.bitdefender.com/scan8/ie.html Scan your PC for free BitDefender Online Scanner is an on-demand virus scanner Kaspersky Online scan - http://www.kaspersky.com/virusscanner This online virus scanner is a great way to

Does Microsoft's Patch Tuesday Need Fixing? Bill Brenner, CSO Sunday, February 15, 2009 1:38 PM PST It's been about six years since Microsoft as the day to release security patches, and most IT administrators have come to appreciate a consistent schedule to plan around. But every so often, zero-day vulnerabilities and attacks materialize outside the cycle, causing more than a little heartburn for Windows-based businesses. In December, for example, Microsoft was forced to release an emergency, out-of-cycle patch for Internet Explorer (IE) to close a security hole that allowed attac

February 15, 2009 9:01 PM PST Mobile banking: Safe, at least for now by Elinor Mills Someone asked me recently whether I thought mobile banking was safe or not. I admitted that I don't do it but that doesn't really say much. Then I mumbled something incoherent and vowed to get a real answer. After talking to a number of mobile and security experts, I've come to the conclusion that far from being less secure, mobile banking may even be more secure than logging on to your bank Web site over your PC. And the consensus is that it's probably less risky than using checks, which can

G.I. Joe Game to Launch in Sync with Movie Andy Burt, GamePro Electronic Arts announced last week that it will be helming the video game offshoot of the upcoming G.I. Joe: The Rise of Cobra movie coming out this August. Promising "an exclusive storyline that picks up where the live-action movie leaves off" and 12 characters to choose from, EA expects G.I. Joe: The Game will launch in summer 2009 to coincide with the August 7 theatrical release of the G.I. Joe movie from Paramount Pictures and Spyglass Entertainment. EA says the game will be available on all major console and handheld

Bubba Had Shingles Those of us who spend much time in a doctor's office should appreciate this! Doesn't it seem more and more that physicians are running their practices like an assembly line? Here's what happened to Bubba: Bubba walked into a doctor's office and the receptionist asked him what he had. Bubba said: 'Shingles.' So she wrote down his name, address, medical insurance number and told him to have a seat. Fifteen minutes later a nurse's aide came out and asked Bubba what he had. Bubba said, 'Shingles.' So she wrote down his height, weight, a comp

February 13, 2009 11:46 AM PST Twitter fends off second clickjacking attack by Elinor Mills Twitter fended off a second clickjacking attack on Thursday night as the popular microblogging site plays cat-and-mouse with a prankster, the site confirmed on Friday. "Yes, there was a second approach later in the day, same story as the first but with a slightly modified technique," Twitter co-founder Biz Stone wrote in an e-mail. "We took care of that too. Every day we're finding ways to improve the system." "It's a convoluted cat-and-mouse game," Jeremiah Grossman, chief technology

Twitter attack exposes awesome power of clickjacking Hard to stop, harder to resist By Dan Goodin in San Francisco 13th February 2009 19:56 GMT A worm that forced a wave of people to unintentionally broadcast messages on microblogging site Twitter shows the potential of a vulnerability known as clickjacking to dupe large numbers of internet users into installing malware or visiting malicious pages without any clue they're being attacked. The outbreak was touched off by tweets that led Twitter readers to a button labeled "Don't click." Gullible users (including your reporter) who

Free Defense Against the Conficker Worm Erik Larkin The rampaging Conficker worm (aka Downadup) has managed to infect millions of PCs across the globe, but it has an Achilles heel. One that a company called OpenDNS plans to strike starting Monday. Many types of malicious software like Conficker have to connect to a command center to receive orders, which in the case of Conficker might be to download additional software like a keylogger or data-stealing Trojan. Without those orders, the malware just sits there. Conficker uses an algorithm to create a list of 250 domain names each da

Must-Have Security Fixes for IE7, Microsoft Servers Erik Larkin Today's monthly patch batch from Microsoft fixes a critical flaw in Internet Explorer 7 that could allow a malicious Web site to install malware on a vulnerable PC, along with a patch for the Visio diagramming software. And businesses that run a Microsoft Exchange or SQL server will want to apply essential fixes right away. Microsoft's bulletin says attack code that targets the MS09-002 IE7 flaw "can be crafted easily," so be sure you get this one via Windows Update. The Internet Storm Center posts that there aren't yet

Feb13 2009 WALEDAC Spreads More Malware Love by Argie Gallego (Anti-spam Research Engineer) img {max-width:650px;width: expression(this.width > 650 ? 650: true);border-style:none; } Along with the flowers, heart-shaped boxes of chocolates, and other sundry Valentine’s Day gifts that come rolling in at this time of the year, there are always malware attacks attempting to take advantage of the holiday. A recently reported case of malware-related spam contains a short Valentine’s message — and with an embedded URL that leads to malicious content, under the guise of Lâ€

Tech Insight: How Attackers Use Your Metadata Against You Using easily accessible data about your files, bad guys can wreak havoc on your sensitive information Feb 13, 2009 | 04:43 PM By John Sawyer DarkReading A Special Analysis For Dark Reading First of Two Articles To steal your identity, a cybercriminal doesn't have to have direct access to your bank account or other personal information. Often, he collects information about you from a variety of seemingly innocuous sources, then uses that data to map out a strategy to crack your online defenses and drain your accounts.

Free Defense Against the Conficker Worm Erik Larkin The rampaging Conficker worm (aka Downadup) has managed to infect millions of PCs across the globe, but it has an Achilles heel. One that a company called OpenDNS plans to strike starting Monday. Many types of malicious software like Conficker have to connect to a command center to receive orders, which in the case of Conficker might be to download additional software like a keylogger or data-stealing Trojan. Without those orders, the malware just sits there. Conficker uses an algorithm to create a list of 250 domain names each da

Virulent Worm Exploits Missing Patches The Conficker worm shows why it's so important to keep PCs up-to-date. Erik Larkin, PC World Think massive worm outbreaks are obsolete? Then say hello to the Conficker worm, aka Downadup. In January it slithered onto millions of computers unprotected by a critical patch that Microsoft had issued back in October. The patch fixed a hole in the Windows Server service, most desktop and server versions of Windows use. Without it, a PC is vulnerable to attack by infected PCs across a network. A firewall can block external attacks of this sort, but busi

"Does this sound familiar? A window suddenly pops up on your screen from a supposed antivirus vendor, warning you of a system infection. Click the close box, and it simply expands. What to do? And what does it mean? Read on how fake antivirus infections can point to more serious problems--and how you can extricate yourself." Fake Infection Warnings Can Be Real Trouble Erik Larkin, PC World timestamp(1234304100000,'longDateTime') "Michael Vana knew something was up when he saw the pop-up from "Antivirus 2009" in the middle of his screen. The former Northwest Airlines avionics t

13 February 2009, 10:31 Apple closes critical security vulnerability in Safari Apple has released Security Update 2009-001, which fixes numerous security vulnerabilities in Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6 and Mac OS X Server v10.5.6. Many of the vulnerabilities found could be used to infiltrate and execute code on systems. The updates fix the mid-January reported vulnerability in the Safari browser, by which an attacker can use a specially crafted RSS feed to allow files to be read from a users hard drive. There is a separate update for users of the W

11 February 2009, 10:37 RIM closes critical hole in BlackBerry The BlackBerry manufacturer RIM has released an update for its BlackBerry Application Web Loader for Windows. The update addresses a critical vulnerability in an ActiveX control. An attacker can create a buffer overflow exploit in the ActiveX control which could be triggered when a user visits a malicious site. The control is normally started by the web page to allow additional software for the BlackBerry to be downloaded to the phone, via USB. As an alternative, users can update to the killbit for the ActiveX control, w