Security Update (July 30, 2007): Security updates have been issued for Firefox that fix critical security vulnerabilities. All users should install this update as soon as possible.
- MFSA 2007-27 Unescaped URIs passed to external programs
- MFSA 2007-26 Privilege escalation through chrome-loaded about:blank windows
Release notes: http://www.mozilla.com/en-US/firefox/184.108.40.206/releasenotes/
Infected emails doing the rounds on the net on Monday promise the chance to run one of the classic Super Mario Bros games by clicking on an attachment.
The infected emails actually harbour the Romario-A worm , which in addition to launching a game starring the linguine-loving Italian plumber, also attempt to infect other unprotected computers by mass-mailing copies of itself.
Robot Genius today announced the availability of its new anti-malware download/plug-in, RGguard. RGguard is a web browser plug-in that protects users from all types of malware including spyware, adware, rootkits and other malicious programs on the web. RGguard knows not just the domain, but also the full path URL that points to each instance of malware. The exactness of the alerts reduces false positives keeping restricted sites to a minimum, and also keeps ‘noisy’ security alerts to a minimum.
http://robotgenius.net/technology/rgguard.jsp or http://robotgenius.net
The Internet regulation body the Internet Corporation for Assigned Names and Numbers is asking for the public’s input as it revises its accreditation process for registrars, the companies that register and sell domain names.
ICANN wants to improve oversight of the Registrar Accreditation Agreement to offer increased protection to people who register domain names, according to a statement.
Due to the waning popularity of Parallel Advanced Technology Attachment (PATA) technology in favor of the newer and speedier Serial ATA-based disk drives, Seagate LLC has acknowledged plans to stop building the older products.
According to a spokesman from Scotts Valley, Calif.-based Seagate, the company plans to continue to offer PATA drives, often referred to as integrated device electronics (IDE) drives, until late this year or early next year.
Seagate’s move away from the aging PATA standard has been in the works for some time, the spokesman said. The hard drive manufacturer’s engineers stopped work on new projects late last year, he noted.
Mikko H. Hyppönen, F-Secure’s Chief Research Officer will be delivering presentations on the current state of mobile malware this week in Black Hat Briefings and next week at Usenix Security.
One of the new findings he’ll be announcing is that in the latest Symbian-based smartphones the Bluetooth user interface has been changed to be more malware-resistant.
See the video at http://www.net-security.org/secworld.php?id=5379
A security tool that identifies botnets and blocks attacks from these zombie networks is being made available by Trend Micro online in the software-as-a-service model.
The Botnet Identification Service, one of three hosted security applications that are part of Trend Micro’s SecureCloud line, deals with the growing botnet problem with real-time identification of command and control centers that operate zombie networks. The product is targeted at ISPs and educational institutions.
News from the Panda headquarters:
– Panda has changed name and brand. This change represents the attitude and response of Panda Software to the new malware dynamic, where threat creators are motivated solely by money
– The new brand, Panda Security, and the new slogan, “One step ahead”, better reflect the essence of the company, what it does and its vision of the future
– Panda Security proposes a new security model, manifest in a new generation of anti-malware solutions characterized by their ultra-high detection capacity
– “This is not simply a brand change. We are working to adapt the entire company to new market demands,” explains Jorge Dinares, CEO of Panda Security
BTW, They’ve changed their domain from http://www.pandasoftware.com to http://www.pandasecurity.com/
Microsoft on Thursday announced the results of a study with Kingpin Intelligence into the security attitudes of both software development managers and the developers who work for them.
The study showed that, while both parties are passionate about securing code, achieving the required level of security in a typical software development environment can be hindered by time, staffing and budget constraints. However, the study revealed that environments using managed code exhibited considerably fewer of these issues.
Microsoft Windows Live Hotmail Webmail service was inaccessible to a portion of its users for several hours today.
Yep, I saw it too: