Peaches

Update Experts
  • Content Count

    2130
  • Joined

  • Last visited

Everything posted by Peaches

  1. 11 February 2009, 09:29 Microsoft’s February Patch Tuesday: four updates In two critical and two important security bulletins, Microsoft has described holes in Internet Explorer, Exchange, SQL Server and MS Office Visio. Microsoft released a cumulative update For Internet Explorer to fix two critical holes in the Microsoft browser. Both vulnerabilities are caused by memory management flaws which, according to the vendor, can easily be exploited to inject code and execute it at the authorised user’s privilege level. (MS09-002) Two holes were also discovered in the Exchange mail
  2. 11 February 2009, 11:38 Internet Explorer executes code in pictures A feature in Internet Explorer, which checked the type of file before presenting it to the user, has been found to allow execution of JavaScript embedded in an image. The MIME sniffing functionality was originally meant to compensate for web servers sending out the wrong content type information when they responded to a request for an image. However it now appears that the feature can be easily confused, and that confusion can be exploited through a crafted image file with embedded HTML and JavaScript code that will
  3. Windows XP's Days are Really Numbered Now Gregg Keizer, Computerworld Saturday, February 07, 2009 10:04 AM PST In 10 weeks, Microsoft Corp. will begin to retire Windows XP by shifting the seven-year-old OS into a more limited support plan. Windows XP, Microsoft's most successful operating system ever, will leave what the company calls "mainstream support" on April 14, and enter "extended support." Typically, Microsoft keeps a product in the former for five years, then moves it into the latter for another five, for a total of 10 years. However, the long span between the releases of XP and its
  4. Critical Flaw in RealPlayer, Firefox Fixes Erik Larkin A serious flaw in the RealPlayer media player from RealNetworks could allow an attacker to take control of a victim PC if you open a poisoned movie file, or even just preview it in Windows Explorer, according to a new notice from Fortinet. The hole in RealPlayer 11 involves the way the program processes Internet Video Recording, or IVR, files. And according to the notice, you wouldn't have to actually open a downloaded, malicious movie to get hit: "A successful attack could take place by merely previewing the IVR file through Win
  5. BitDefender Launches Next-Gen BitDefender Antivirus Scanner for Unices Enhanced solution offers on-demand antivirus and spyware protection for Linux-based users Feb 06, 2009 | 11:33 AM By BitDefender DarkReading BUCHAREST, Romania " February 6, 2009 " BitDefender', a global provider of award-winning antivirus software and data security solutions, has launched a new version of BitDefender Antivirus Scanner for Unices, the on-demand antivirus and antispyware scanner for Linux and FreeBSD, which is free for personal use. The new and improved features of BitDefender Antivirus Scanne
  6. Feb6 iTunes Invoices and Valentine’s Ads Conceal Pharma Spam by Maria Alarcon (Anti-spam Research Engineer) img {max-width:650px;width: expression(this.width > 650 ? 650: true);border-style:none; } February has begun, and as they say, love is in the air. Along with pharma spam, that is. We have recently found spammed messages posing as an invoice from iTunes in its e-mail subject but contains an advertisement for a “special Valentine’s day sale†containing links that lead to pharma websites. iTunes garnered an estimated 3.34 billion dollars in sales for 2008, and t
  7. Doubling Of Rejected Mail Makes China 'Top Of The Bots' A breakdown of rejected emails by IT security specialist iCritical in Q4 2008 highlights a sharp drop in U.S. spam following the closure of the McColo ISP, and a worrying increase from the Far East, especially China Feb 06, 2009 | 05:59 PM By iCritical DarkReading 06 February 2009 " A massive increase in spam originating from China and the Far East could mark the beginning of a worrying trend that will create more problems for organisations already struggling to cope with unwanted emails. The rise could potentially outweig
  8. 6 February 2009, 12:29 Microsoft U-turn on UAC vulnerability After initially dismissing the discovery that user access control (UAC) could be disabled without the users permission as a "by design" feature, Microsoft's Windows 7 engineering team have now relented and announced changes to come in the release candidate for Windows 7. Previously, in a blog posting from Microsoft's Jon DeVaan, he describes the feedback on the issue as "interesting", but said they do not consider the issue a vulnerability in the strictest sense "because malicious software would already need to be running
  9. 6 February 2009, 18:01 HP LaserJets vulnerable to remote file access HP have released a security bulletin which alerts users of certain HP LaserJet printers, Color LaserJet and Digital Senders that the devices have a potential vulnerability that could allow unauthorised access to files in the printer. The affected devices include the HP LaserJet 2410, 2420, 2430, 4250, 9040, 9050, 4345mfp, 9040mfp, 9050mfp, the HP Color Laserjet 4730mfp and 9500mfp and the HP Digital Sender 9200C. Fixed firmware is now available from HP, who advise that the bulletin should be acted on as soon as po
  10. HP UK pulls Linux from all new netbooks Microsoft only option - unless you want an old model By James Sherwood • 6th February 2009 12:17 GMT HP has decided UK consumers don't want Linux-based netbooks. Actually, it appears to believe business buyers don't want the open-source OS either. It emerged today that the company will not now be bringing its Mini 1000 netbook to the UK - at least not with Linux on board. Nor will it release the more business-oriented Mini 2140 with Linux. HP already offers the Mini 1000 Vivienne Tam Edition, along with the Compaq 700, which is the Mini 1
  11. I dug through my stuff and found a copy of ZoneAlarm 5 Pro. which dates back to my Win98 days. But I live in Canada.
  12. 6 February 2009, 12:49 $9 Million stolen in ATM Scam Using cloned U.S. debit cards, over the course of a few hours, criminals were able to steal $9 million from ATM's and accounts. The cards used in the scam apparently came from a late 2008 known attack on the financial service provider RBS World Pay. RBS World Pay provides a service that allows employers to pay employees by depositing money directly onto RBS payroll debit cards. According to the FBI, it was a coordinated attack, in which 130 ATM machines in 49 cities world wide, including Atlanta, Chicago, New York, M
  13. Hi ... If a router has a built in firewall then you are okay but I personally use a software firewall with my router. Sygate is still available as free but there are other good ones - there is ZoneAlarm, commodo that come to mind that are very good.
  14. Future computer programmer in training. Recycling a computer tower. What to do with dead monitors. How to clean your computer.
  15. 5 February 2009, 10:41 Parking tickets lead to malware ISC Sans.org have reported on a novel new way of distributing malware – parking tickets. The scam involved the distribution of fake parking tickets placed on car windscreens, which claimed the vehicles owner had violated parking regulations and directed victims to a website for more details on what they had done wrong. On that website were pictures of some cars and a link to download a "Picture search toolbar" to locate the victims car. It was this link that downloaded the malware, which would ask to install a browser helper
  16. 5 February 2009, 14:38 OpenOffice installs insecure version of Java In a report by the Washington Post, Brian Krebs points out that the current version of Open Office 3.0.1 installs an outdated and insecure version of Java. OpenOffice, a free open source office suite, by default installs Java 6 Update 7, during suite installation. Update 7, originally released last spring, still contains several un-patched security vulnerabilities that could be exploited by an attacker and was released prior to Sun's inclusion of a feature known as "secure static versioning." The feature is intended
  17. Microsoft to Roll Out Two Critical Patches for IE, Exchange Gregg Keizer, Computerworld Thursday, February 05, 2009 2:20 PM PST Microsoft Thursday said it will deliver four security updates on Tuesday, two of them pegged "critical," and will finally issue a patch for SQL Server that it's been working on since last April. The four updates detailed in the advance notice published Thursday will quash bugs in Internet Explorer 7 (IE7); its Exchange mail server software; the Visio application that's part of the Office line-up; and SQL Server. The IE and Exchange vulnerabilities will be l
  18. Scammers Jump on the Stimulus Bandwagon Gregg Keizer, Computerworld Feb 05, 2009 2:05 PM PST Although the U.S. government's economic stimulus package hasn't even gotten out of Congress, scammers aren't waiting; they've launched multiple campaigns that tempt users into revealing personal information, a security researcher warned Thursday. One spam-and-scam example, said Dermot Harnett, a principal researcher with Symantec Corp. , poses as a message from the Internal Revenue Service (IRS) , and claims that the recipient qualifies for something called a "Stimulus Payment." "After th
  19. A New Internet Attack: Parking Tickets Erik Larkin Trojan-pushing parking tickets? Yes, really. The Internet Storm Center, which tracks Internet attacks and threats, documented a case in Grand Forks, North Dakota where someone put yellow fliers on cars that claimed to ticket a parking violation. The fliers named a Web site that purportedly had pictures of your supposed violation. To see the pictures, according to additional commentary from the McAfee Avert Labs, the site instructs you to download a toolbar named PictureSearchToolbar.exe. Do so, and you end up with a Trojan. That Tr
  20. 4 February 2009, 10:36 Firefox 3.0.6 fixes vulnerabilities Firefox 3.0.6 has been released, fixing several vulnerabilities in the open source browser. Version 3.0.6 fixes six bugs, one of which is an issue related to JavaScript that affects the browsers layout engine. The update fixes a critical vulnerability, also found in Mozilla's Thunderbird e-mail client and the SeaMonkey Internet Suite, which can allow an attacker to gain access to exploited machines. The update improves stability and improves scripting commands, including those found in popular extensions like Adblock Plus.
  21. Mozilla Firefox Multiple Vulnerabilities Secunia Advisory: SA33799 Release Date: 2009-02-04 Critical: Highly critical Impact: Security Bypass Cross Site Scripting Exposure of system information Exposure of sensitive information System access Where: From remote Solution Status: Vendor Patch Software:Mozilla Firefox 3.x Subscribe: Instant alerts on relevant vulnerabilities CVE reference:CVE-2009-0352 CVE-2009-0353 CVE-2009-0354 CVE-2009-0355 CVE-2009-0356 CVE-2009-0357 CVE-2009-0358 Description: Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited
  22. Nokia PC Suite Multimedia Player Playlist Processing Buffer Overflow Secunia Advisory: SA33796 Release Date: 2009-02-04 Critical: Highly critical Impact: System access Where: From remote Solution Status: Unpatched Software:Nokia PC Suite 6.x Subscribe: Instant alerts on relevant vulnerabilities Description: 0in has discovered a vulnerability in Nokia PC Suite, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the included Nokia Multimedia Player when processing playlist files. This ca
  23. SUSE update for amarok Secunia Advisory: SA33819 Release Date: 2009-02-04 Critical: Highly critical Impact: System access Where: From remote Solution Status: Vendor Patch OS:openSUSE 10.3 openSUSE 11.0 openSUSE 11.1 SUSE Linux Enterprise Server 10 Subscribe: Instant alerts on relevant vulnerabilities CVE reference:CVE-2009-0135 CVE-2009-0136 Description: SUSE has issued an update for amarok. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system. For more information: SA33505 Solution: Apply updated via YaST Online
  24. 4 February 2009, 09:32 Budget encrypted USB hard drives easily cracked In an evaluation of the security of external USB hard drives, the Staray S125 and S325 from Chinese manufacturer Raidon, our tests show the security features of these drives offer very little protection. The flaws in this case include weak encryption and keys stored in plain text. In our new feature, Cracking budget encryption, we describe in detail one approach to cracking such drives. See also: Enclosed by not encrypted, heise Security feature. Heise security: http://www.heise-online.co.uk/security/Bud...
  25. SanDisk 4GB Cruzer Contour U3 USB Flash Drive Review by Andrew Brandt, PC World The SanDisk Cruzer Contour U3 flash drive can take a licking and still maintain your data, but it lacks high-end encryption. In our recent look at eight encrypted portable drives, we considered two USB flash drives, including SanDisk's Cruzer Contour. The Cruzer Contour ($100 for 16GB) isn't so much a security tool as it is a speedy flash-memory thumb drive with a nifty mechanism to retract the USB connector: The piece recesses inside a sliding cover that you can manipulate with just your thumb. Inside, it's a hi