Java Plugin and Web Start Version Specification Security Issue

Affected Software:
Java Web Start 1.x
Sun Java JDK 1.5.x
Sun Java JRE 1.3.x
Sun Java JRE 1.4.x
Sun Java JRE 1.5.x / 5.x


A security issue has been reported in Sun Java Plugin and Sun Java Web Start, which can be exploited by malicious people to bypass certain security restrictions.


The security issue is caused by an error that allows applets and applications to run with a version of the JRE that it is not specified to run with (e.g. that does not have the latest security fixes).


The security issue affects:
* Java Plug-in included with J2SE 5.0 Update 5 and earlier, 1.4.x, 1.3.1, and 1.3.0_02 and later.
* Java Web Start included with J2SE 5.0 Update 5 and earlier, and 1.4.2.
* Java Web Start 1.2, 1.0.2, 1.0.1, and 1.0.


Solution: Updated to a fixed version.


http://secunia.com/advisories/21570/

Microsoft Launches Enforcement Campaign Targeting Web Site “Cybersquatters” Who Use Online Ads

Internet Safety Enforcement Attorney Aaron Kornblum leads Microsoft’s new enforcement campaign that targets Web site cybersquatters and typosquatters. Kornblum says that Microsoft’s Trademark and Internet Safety Enforcement groups began to notice a surge in domain name registrations containing the company’s intellectual property earlier this year while monitoring Web sites registered by online fraudsters known as phishers. This existing anti-phishing “Domain Defense Program,” operated in conjunction with Microsoft vendor Internet Identity of Tacoma, Wash., will be expanded to incorporate these new anti-cybersquatting initiatives.


More at http://www.microsoft.com/presspass/features/2006/aug06/08-22domaindefense.mspx

Microsoft Security Advisory (923762)

Microsoft Security Advisory (923762): Long URLs to sites using HTTP 1.1 and compression Could Cause Internet Explorer 6 Service Pack 1 to Unexpectedly Exit


Published: August 22, 2006


On August 15, 2006 Microsoft announced that it would be re-releasing MS06-042 Tuesday, August 22, 2006 to address an issue affecting Internet Explorer 6 Service Pack 1 customers discussed in Microsoft Knowledge Base Article 923762. Due to an issue discovered in final testing, Microsoft will not be re-releasing MS06-042 today. This update will be re-released for Internet Explorer 6 Service Pack 1 when it meets an appropriate level of quality for broad distribution.


Microsoft is also aware of public reports that this issue can lead to a buffer overrun condition for Internet Explorer 6 Service Pack 1 customers that have applied MS06-042. We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time. Microsoft is aggressively investigating the public reports. Only customers using Internet Explorer 6.0 SP1 are affected, all other customers should continue their deployments of MS06-042. Customers using Internet Explorer 6.0 SP 1 should continue their deployment of MS06-042 and follow the existing guidance provided in Knowledge Base article 923762 and the Suggested Actions section of this Security Advisory.


More at Microsoft

OK I did a Freeware Antivirus Detection Tests

AOL is now providing freeware antivirus (with real-time protection), powered by Kaspersky.  There is some concerns on AOL’s End-User License Agreement in which some users decided not to give the said antivirus a try.  AOL will revised the EULA to address the issue. 


I’m happy to know that some ISP are now providing free security tool to their customers and to non-customers.  Example:  Comcast is providing free McAfee to their subscribers.  Let’s hope that AOL will fully address the EULA issue so users will enjoy the protection from malware with the help of Kaspersky Labs. 


There are freeware antivirus programs available – AVG, AntiVir, Avast! and now… Active Virus Shield.  I got curious on how Active Virus Shield will perform so I fire it up in the infected test machine to see how it will perform in detecting the less than 200 infection/risks in the system.  Then I decided to uninstall it and give way to other freeware antivirus – AVG, AntiVir and Avast!


Result of the Detection Tests by Freeware Antivirus is in Calendar of Updates (screenshot provided)


 

IObit released freeware Advanced WindowsCare v2 Personal

IObit released a second version of their flagship product – Advanced WindowsCare v2 Personal – and are prepared to go head-to-head with Microsoft’s OneCare.


The freeware, which is a new Beta version – Advanced WindowsCare v2 Personal – is a comprehensive PC care tool that takes an integrated approach to help protect, repair and optimize computers. It provides a one-click, all-in-one, speedy solution for PC maintenance and protection; the service is free.


“When compared to our closest competitor,” Hugo Dong, PhD, President of IObit.com said, “Advanced WindowsCare v2 Personal provides more essential and practical formulas for Windows.”


http://press.xtvworld.com/article13515.html

Firefox 2.0 delayed by bug outbreak

The new version of open-source browser Firefox has been delayed for a month.


Version 2.0, codenamed Bon Echo, had been due on 26 September but will now make its debut on 24 October. The test schedule has also been adjusted, with the second beta now appearing a week late on 23 August.


The delay has been put down to a small hill of bugs that still have to be ironed out, totalling 87, according to the project’s latest bug list. The new version will have a raft of new features to keep up with those coming in rivals Opera and Internet Explorer 7, including anti-phishing security, a spell checker, integrated RSS news feed handling, and (once-again fashionable) tabbed browsing.


http://www.techworld.com/security/news/index.cfm?NewsID=6672

AOL AV in adware alarm

Recently released Active Virus Shield, the Kaspersky-based anti-virus product from web giant AOL, is coming under criticism, with allegations ranging from harbouring adware to actually being spyware.


According to a report from PC World, small print in the EULA attached to the product allows AOL to harvest data from users’ machines, bars users from installing ad-blocking software, and reserves the right to send out spam to email addresses required by the sign-up process. The privileges demanded by the EULA would, if put to use, earn the product the label spyware, according to the StopBadware Coalition. AOL has announced that it will be revising the EULA, which has been removed from the download site.


http://www.virusbtn.com/news/virus_news/2006/08_18.xml

Just another Microsoft MVPs site