A second rogue facebook app has hit the social networking site. The issue here is that Facebook allows anyone to write a facebook app (mistake #1) and that apps are not vetted before being made available(mistake #2). Although the first app was used as a mechanism to spread the likes of AV360 (rogue antivirus) it seems that the latest attack is a way to harvest information. I am thinking there is more to come on this malware/hacking vector - Facebook best fess up and start vetting!
READ
Friday, 27 February 2009
Wednesday, 25 February 2009
Adobe patch flash player - due to exploited vuln
A vulnerability in the ubiquitous flash player has been patched by adobe, well when I say patched I mean download the latest version of the player 10.0.22.87 which is no longer susceptible to the attack if you want to be covered. Details of the patch that don't include (but should) these phrases - 'remote code execution', 'pwnage' 'all your cycles are belong to us' - can be found here witha link to the updated version of Flash Player.
This is not the same flaw as the one presently being exploited in Adobe Reader. When you start getting lots of spam with flash content and PDFs and XLSs attached you know whats up.
This is not the same flaw as the one presently being exploited in Adobe Reader. When you start getting lots of spam with flash content and PDFs and XLSs attached you know whats up.
:)
Tuesday, 24 February 2009
Excel 0-Day in the wild :(
A vulnerability has been discovered in excel and excel reader versions after 2000 that allows system compromise (that's pwnage 2 u) from remote. Although it is never a good idea to open office documents from an untrusted source it is now a super-not-very-good-idea(tm). Exploits are already in the wild and more can be expected while it remains unpatched, along with the PDFs you can also expect a few XLSs in your spam emails, which is nice.
Adobe Reader Unofficial Patch
Security researchers have developed an unofficial patch for the adobe reader security flaw while adobe work on an official patch for the problem. The patch replaces a vulnerable dll file so any attempt to exploit the flaw only brings up an error message instead of total pwnage. The patch is only applicable to Adobe Reader 9 so if you are gonna try it you need to upgrade to Reader 9 first.
sourcefire patch
sourcefire patch
Monday, 23 February 2009
Conficker variant updates abilities
A new variant of conficker/downadup is being seen which according to anti-malware testers is even more of a git than the previous incarnations. The updates routines have been altered to remove the need for hard coded domains to be present and the malware can be updated via a push process. The worm's persistence has already been very hard to combat but after this version gets around the new battle of wits will begin. The botnet creating malware will have several ways of updating itself and will not be tied to a known list of domains - the reason the mutation has been forced onto the writers.
It doesn't look good
:(
It doesn't look good
:(
Sunday, 22 February 2009
Facebook terms and conditions saga unspins - for now
Quietly and without much fanfare Facebook have changed their ts and cs back to what they were pre the we-ownz-u change. The sites owners say that they are going to take a look at the conditions and see how best to go forwards. I am a cynic it's true but it's funny that they said before that it had to be done because of something or other whereas now it doesn't - at least for now. Expect same change but with different spin sometime soon.
Story at news.cnet.com
Saturday, 21 February 2009
Adobe Reader critical vulnerability
As software designers add more features to their software it gradually becomes
a) bloated and
b) insecure
This common path is being followed once again by adobe with their acrobat reader software now found on probably nine from ten machines (statistic randomly made up by me and probably bearing little relation to truth (tm)) as they try to make it more functional. The fact that no-one wants or needs any more function from a reader is irrelvant of course and the once 1mb package is now busting out at 30+ megs of irrelevance and exploitfest.
As usual you can expect a long round of emailed PDFs from various botnets, spammers and virus writers coming to a PC near you soon with snappy titles like UPS_invoice.PDF and Fedex_Invoice.PDF.
SocialNetworkingSites.bad health = 'TRUE'
Although I have long suspected that the over familiarity and even obsession that some people get with social 'networking' sites like FaceBook, Bebo and Twitter may have the effect of making people more isolated rather than more 'connected' it now seems that they may make people ill.
A boffin claims that it can in fact make 'destructive measurable physical changes' - like that bad back you got and that ever shallower connetion with other people you are developing.
GO OUTSIDE , CONVERSE FACE TO FACE WITH REAL PEOPLE- or failing that because it is a bit chilly and you should shun the sunlight in case you develop skin cancer, read the paper and discover what a reclusive hypochondriac you are destined to become. :)
http://www.iob.org/userfiles/Sigman_press.pdf
Friday, 20 February 2009
Vista SP2 RC1 released to select few
The release candidate of Vista SP2 has been sent to some select customers so the full release must be iminent Microsoft is targetting Q2 for release of the service pack and the same for Server 2008 SP2.
poot poot
poot poot
Tuesday, 17 February 2009
Facebook - your content is ours, muuuuhaahahaahaa!!!
Consumerist.com's take on facebooks new terms and conditions has been causing a bit of a furore while the social networking site (read data mining site) has been busy trying to put a positive spin on the ts and cs. Trust me, I am only taking ownership of everything you put on the site because I am nice and have your best interests at heart said Mark Zuckerberg as a pig flew past behind.
Spin it whatever way you like the Ts and Cs make Facebook the owner of any info you put on there and able to use (and abuse) it however they like - hmmmm.... is that a problem?
Ahar Jim Lad - TPB charges tossed overboard
Half of the charges trumped up ... erm made against the 4 riders of the apocalypse... sorry against the four men behind the file sharing directory site The Pirate Bay have been dropped on day two of the trial. Charges siting complicity in the production of copyrighted material have been abandoned by the prosecutor.
It appears that the prosecution may not understand the way that bit torrent works which may lead to further amusing developments, or may not because probably half the people there won't understand it either. I wonder how long it might take them to realise that torrents may actually increase sales for some material which otherwise would never see the light of day.
You see it you like it you pay for it, a new concept compared to the old method of you don't really know what you get til after you pay then you can't get your money back when it turns out to be crap or Vista as we call it.
Friday, 13 February 2009
Apple patches Swiss Cheese OSX again
Apple seem to have such a fanboi base that they are keen tell any listening PC users that they don't have to be updating 24/7 - not true, they just don't know it. Updates for OSX have run into the gigabytes already but unlike MS who own up to everything and even update automatically and in the open Apple keep shtum and bury the update interface where nobody ever looks.
The latest patchload covers 20+ vulnerabilities in OSX and safari and is hot on the heels of updates which previously broke wireless access on some apple laptops. Windows users that have previously had Safari force fed to them also need to update to the latest version of the browser. Apple users bemused by the fact that they really do need to update should look for Software Update in the System Preferences.
The latest patchload covers 20+ vulnerabilities in OSX and safari and is hot on the heels of updates which previously broke wireless access on some apple laptops. Windows users that have previously had Safari force fed to them also need to update to the latest version of the browser. Apple users bemused by the fact that they really do need to update should look for Software Update in the System Preferences.
Thursday, 12 February 2009
MS puts up Bounty for conficker writer(s)
Microsoft has put up a bounty of $250k for information that leads to the arrest and conviction of the coder or coders behind the Conficker/Downadup worm. The malware which has infected upwards of ten million computers is one of the biggest outbreaks of infections ever. MS previously offered rewards for the writers of SoBig and Blaster worms and has revitalised it's interest in catching malware coders due to the new worm.
The worm is said to have established a monster botnet but as yet this second phase of nastiness has not gone live. Conficker has been a bit of a nightmare already due to it's multi-vector attack strategy and unwillingness to be removed. Microsofts own Malicious Software Removal Tool however is set up for the task at hand. If you know the coders and you could use $250k you know what to do.
:)
The worm is said to have established a monster botnet but as yet this second phase of nastiness has not gone live. Conficker has been a bit of a nightmare already due to it's multi-vector attack strategy and unwillingness to be removed. Microsofts own Malicious Software Removal Tool however is set up for the task at hand. If you know the coders and you could use $250k you know what to do.
:)
Internet Explorer holes - hardly newsworthy it happens so much
Two more critical vulnerabilities have been found in Microsofts web browser software as usual allowing execution of arbitrary code which in laymans terms - well any terms really - means pwning your PC and doing anything the attacker likes to you, again as usual.
Expect plenty of rogue antivirus program makers to be exploiting these vulnerabilities within 48 hours. I wonder how long til the next holes are discovered - my guess is tomorrow :) Software affected is version 7, 6 and maybe 5 of Internet Explorer and patches have been issued see here (xp) and here (vista) .
Expect plenty of rogue antivirus program makers to be exploiting these vulnerabilities within 48 hours. I wonder how long til the next holes are discovered - my guess is tomorrow :) Software affected is version 7, 6 and maybe 5 of Internet Explorer and patches have been issued see here (xp) and here (vista) .
Wednesday, 11 February 2009
Evesham PC - R.I.P
After a long process of administration the well known PC maker Evesham is finally gone, luckily for users they only used generic stuff so there should be no problem getting drivers and driver updates.
Windows 7 Beta not Public anymore
Microsoft has withdrawn public access to the Windows 7 Beta program. They usually do this with betas but the withdrawal being now pretty much indicates their desire to get Windows 7 out late this year maybe even Q3.
You can still however register for a product key and MSDN and Technet subscribers still can access the downloads. MS has stated there won't be a second beta but that the next release will be RC1.
You can still however register for a product key and MSDN and Technet subscribers still can access the downloads. MS has stated there won't be a second beta but that the next release will be RC1.
Tuesday, 10 February 2009
Valentines day = a hundred new malwares as usual
Computer users should beware (but won't) because a new celebration date is upon us. Virus/Trojan/Spam writers love any date in the diary that has a name of any kind next to it and of course Valentines Day is a biggy, especially for the lovestruck or needy. Email users can expect a deluge of tainted deliveries including e-cards, pdfs and zipped invoices purporting to be from a secret admirer. Love is such a good hook we will be seeing plenty of takers.
Windows XP to Windows 7 - via wipe/reload/restore data/re-install programs
Microsoft have said that they are supporting upgrades from XP to windows 7 but to the rest of us that means they are not :( Although the redmond giant will be selling upgrade media it won't be doing any upgrade in any sense of the word previously encountered. Users keen to upgrade (that is users forced to upgrade due to XP support being phased out and Vista being generally acknowledged as being worse than pen and paper) will find they can't keep their program installations like an upgrade usually allows but will be forced to re-install everything.
The user data will of course be transferred with the latest incarnation of the 'files and settings transfer wizard' but the process will be much more drawn out than a real upgrade install.
Deep Joy
The user data will of course be transferred with the latest incarnation of the 'files and settings transfer wizard' but the process will be much more drawn out than a real upgrade install.
Deep Joy
Sunday, 8 February 2009
Kaspersky - makers of Anti-Hacker .....erm hacked
Kaspersky is one of the industry leaders in the IT security field. They also produce the Anti-Hacker program. A little embarrassing then if they get hacked like they just have. A support portal on the kaspersky usa website has been the subject of an SQL injection attack.
The attack was undertaken by white hats so it is unlikely any details were actually stolen but the full exposure of the database was apparently achieved. If the makers of IT security products can't stop it happening what chance the rest of us?
iTunes DRM death - almost the last rites
iTunes is now over 80% DRM free and is going to be totally DRM free by late spring. The file format may not be mp3 but the format used - m4a - is compatible with a wide range of music players and probably all new ones. DRM free doesn't mean personal information free though, your iTunes registered email is embedded in each track, so don't go putting them all up as torrents :)
Software Updates
Firefox has been updated to 3.0.6 due to some exploitable holes being found - see http://news.cnet.com/8301-17939_109-10156374-2.html and Apple have just updated their iPod software - probably same same but apple don't like to admit when people find exploits, they still believe in security through obscurity, the same thing that MS got so much flak over.
VLC has just gone to 0.9.8.a and Java RTE is up to 1.6.0.12 so many updates in so many softwares, if you can try secunia PSI it will keep you informed or check in regularly at the filehippo front page http://www.filehippo.com/ .
In Depth Malware
Those of you who may develop an interest in malware - maybe because it has cost you money :) - can get some real in depth and up to the minute information about the latest malwares that are out there from this site Threatfire Blog . You may also be interested in the product.
As I said before we aren't going to be shy of giving an opinion even where it may be 'politically' incorrect. This is what we have found with Threatfire in usage, most of the time it is great.
The rest of the time well it isn't. What occasionally happens is the PC will start to lock up at various times and usually there is a pattern like right after the desktop loads or right after you open a specific program. Now I have great respect for the makers of Threatfire and the team involved but if you have these problems on a PC with TF installed - just uninstall it and it will fix it. It may not even be TF that is really the problem but something else which is interfering with it but when your PC doesn't work you just want to get on - there are lots of security solutions out there.
I like Threatfire and I recommend you give it a try, maybe nothing on your PC will interfere with it in a bad way and in that case you get some good extra protection for free. As you now know that the most likely cause of a hanging PC with TF is the TF installation not playing nice with something else you are using you can always uninstall if you find that you get that symptom so there is nothing to lose.
As I said before we aren't going to be shy of giving an opinion even where it may be 'politically' incorrect. This is what we have found with Threatfire in usage, most of the time it is great.
The rest of the time well it isn't. What occasionally happens is the PC will start to lock up at various times and usually there is a pattern like right after the desktop loads or right after you open a specific program. Now I have great respect for the makers of Threatfire and the team involved but if you have these problems on a PC with TF installed - just uninstall it and it will fix it. It may not even be TF that is really the problem but something else which is interfering with it but when your PC doesn't work you just want to get on - there are lots of security solutions out there.
I like Threatfire and I recommend you give it a try, maybe nothing on your PC will interfere with it in a bad way and in that case you get some good extra protection for free. As you now know that the most likely cause of a hanging PC with TF is the TF installation not playing nice with something else you are using you can always uninstall if you find that you get that symptom so there is nothing to lose.
Vista Black Screen of Death
Still no new information on the cause(s) on the infamous VBSOD there seems to be a few different causes which revolve around the start process stalling due to a driver or service that fails to load. With no way of getting into the system and no recovery console like the XP version had it seems that this problem remains a show stopper for many Vista users.
Unfortunately even if you get the system back through system restore it can go blackscreen again the next day due to the same driver/service problem.
It still sucks!
Unfortunately even if you get the system back through system restore it can go blackscreen again the next day due to the same driver/service problem.
It still sucks!
Conficker Worm
Downadup / Conficker worm is the most prevalent thing at the moment, causing many problems. Due to it's many ways of infection and nasty habits it's been stromping it's way across networks. Make sure your patched up to date and also get the download of Microsoft Malicious Software Removal Tool to make sure that you are protected from the common routes of infection (exploits via the web / LAN).
Subscribe to:
Posts (Atom)
