I blog about it last year and posted in Calendar of Updates forums that Mac users should install antivirus program.
Today, I’m blogging again and going to make a post at CoU forums (the same thread) that Mac users really need malware scanners also.
Read why at http://www.dozleng.com/internetsecurity/?p=243
IE Team describes the ActiveX improvements in IE8 and summarize the existing ActiveX-related security features carried over from earlier browser versions:
- Per-User (Non-Admin) ActiveX
- ActiveX Opt-In
- Per-Site ActiveX
- Enforcing Per-Site with ATL SiteLock Technology
- Reducing Exploit Risk with DEP/NX, “Killbits,” and Servicing
- Working with Users through Manage Add-Ons
More info at http://blogs.msdn.com/ie/archive/2008/05/07/ie8-security-part-ii-activex-improvements.aspx
Everyone who downloaded the most recent Vietnamese language pack since February 18, 2008 got an infected copy. While we cannot determine the exact number of compromised downloads, there have been 16,667 total downloads of the Vietnamese language pack since November 2007, so we anticipate the impact on users to be limited.
Mozilla does virus scans at upload time but the virus scanner did not catch this issue until several months after the upload. We are also adding after-the-fact scans of everything to address this sort of case in the future.
http://blog.mozilla.com/security/2008/05/07/compromised-file-in-vietnamese-language-pack-for-firefox-2/
/me wonder what virus scanner they are using. And what is the name of the risk name flagged *now* by their antivirus scanner. Time for Mozilla guys to upload their installer or other files to Virustotal to see if any of the 32 malware scanners will flag anything <G>
APSB08-13 Security Update available for Adobe Reader and Acrobat 7 and 8
http://www.adobe.com/support/security/bulletins/apsb08-13.html
Critical vulnerabilities have been identified in Adobe Reader and Acrobat 8.1.1 and earlier versions. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system.
Adobe recommends users of Acrobat 8 and Adobe Reader install the 8.1.2 update and users of Acrobat 7 install the 7.1.0 update to protect themselves from potential vulnerabilities. This is an update to resolve the issues previously reported in Security Advisory APSA08-01.
APSA08-05 Potential vulnerability in After Effects CS3
http://www.adobe.com/support/security/advisories/apsa08-05.html
Adobe is aware of a recently published security issue in After Effects CS3 that could potentially cause code execution. An attacker would need to convince a user to open a malicious BMP file in After Effects to successfully exploit the issue.
Swen worm is on the loose again and it is pretending to be a security update for May 2008 by Microsoft. The email includes Q231448.exe file as attachment. It's fake and infected.
http://www.dozleng.com/updates/index.php?showtopic=18177
The new version of Windows Genuine Advantage Validation tool was first released on March 26 when user visits WGA website www.microsoft.com/genuine.
Today, Microsoft pushed it at Windows Update website. It was documented at their website (release date and that is today). This new version is to ready XP systems for the upcoming SP3.
More info at http://www.dozleng.com/updates/index.php?act=calendar&cal_id=1&code=showevent&event_id=50336
Dell’s New Premium Support and Integration Services Build on Existing Tools and Improvements for Consumers
* Dedicated Tech Teams Work One-on-One with Customers in North America
* Beyond-the-Box Retail Services Focus On Digital Lifestyle in the Home
* Customer Satisfaction Continues to Rise
http://www.dell.com/content/topics/global.aspx/corp/pressoffice/en/2008/2008_04_21_rr_000?c=us&l=en&s=corp
The core idea of the upcoming fee-based service is to provide customers in the United States access to a dedicated support team to provide support for all Dell-branded products that are still under warranty in that customer's household. These dedicated service teams will operate in North America and have the flexibility to address a comprehensive range of issues across Dell's product line.
http://direct2dell.com/one2one/archive/2008/04/21/what-s-next-for-dell-customer-service.aspx
Chris Keroack, Release Manager, Windows Serviceability at Microsoft announced the following:
Today we are happy to announce that Windows XP Service Pack 3 (SP3) has released to manufacturing (RTM). Windows XP SP3 bits are now working their way through our manufacturing channels to be available to OEM and Enterprise customers.
We are also in the final stages of preparing for release to the web (i.e. you!) on April 29th, via Windows Update and the Microsoft Download Center. Online documentation for Windows XP SP3, such as Microsoft Knowledge Base articles and the Microsoft TechNet Windows XP TechCenter, will be updated then. For customers who use Windows XP at home, Windows XP SP3 Automatic Update distribution for users at home will begin in early summer.
Thanks to everyone here who installed the public betas – you not only gave us detailed feedback but also helped each other out with timely troubleshooting. Through the beta program we found several important issues and were able to confirm some essential fixes. We couldn’t have done this without you.
We will still be monitoring this forum during the next few weeks in case you have more feedback about the release of Windows XP SP3.
http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=3214173&SiteID=17
http://blogs.technet.com/kevinremde/archive/2008/04/21/breaking-news-a-big-day-for-updates.aspx
Very short test to see if anti-malware will still detect old threats in addition to detecting newer ones of rogue programs
http://www.dozleng.com/updates/index.php?showtopic=18078
The software that advertisers use to track people's behavior online is difficult to block. Advocates are calling for a 'do not track' registry.
Peter Swire, an Ohio State University law professor who served as privacy czar in the Clinton administration, and Annie Anton, an associate professor of software engineering at North Carolina State University, highlighted the issue last week in a filing to the FTC. They encouraged the agency to create a public "white list" of allowable opt-out cookies, maintained by the government or a private-sector organization.
"The FTC can shine a spotlight on this problem," Swire said in an interview.
http://www.latimes.com/technology/la-fi-privacy19apr19,1,7079153.story
Symantec's book called Crimeware: Understanding New Attacks and Defenses is now available.
The book covers the following topics:
- A general overview of Crimeware, including taxonomy of well known threats, such as keyloggers, screenscrapers, rootkits, botnets, and the like.
- A more detailed study of well known existing threats. such as rootkits and botnets.
- The business models associated with crimeware activity and how the money flows.
- How crimeware can propagate across both social networks and peer-to-peer networks.
- The legal ramifications of surreptitious software.
- User education and how well it works (and, how it doesn’t work).
- Recent threat topics like click fraud and crimeware in the browser.
- Future threats, such as crimeware in RFID devices, mobile devices, and other general embedded devices like routers.
- Emerging areas, such as election-related threats and threats related to massively multiplayer online games.
- Defenses, such as the reduction of coding errors and the use of virtual machines—along with details on recent academic research in automated protection as well as mitigation by alternate authentication mechanisms.
http://www.symantec.com/enterprise/security_response/weblog/2008/04/crimeware_book_now_available.html
Researchers at Carnegie Mellon University have shown that given a buggy program with an unknown vulnerability, and a patch, it is possible automatically to create an exploit for unpatched systems. They demonstrate this by showing automatic patch-based exploit generation for several Windows vulnerabilities and patches can be achieved within a few minutes of when a patch is first released. From the article: 'One important security implication is that current patch distribution schemes which stagger patch distribution over long time periods, such as Windows Update... can detract from overall security, and should be redesigned.' The full paper is available as PDF, and will appear at the IEEE Security and Privacy Symposium in May.
http://it.slashdot.org/article.pl?sid=08/04/18/1459225
More Posts
Next page »