Mozilla released Firefox 2.0.0.6. Two Security Advisories published

Security Update (July 30, 2007): Security updates have been issued for Firefox that fix critical security vulnerabilities. All users should install this update as soon as possible.

Security Advisories

  • MFSA 2007-27 Unescaped URIs passed to external programs
  • MFSA 2007-26 Privilege escalation through chrome-loaded about:blank windows

Download: http://www.mozilla.com/en-US/firefox/

Release notes: http://www.mozilla.com/en-US/firefox/2.0.0.6/releasenotes/

Mario worm targets retro gamers

Infected emails doing the rounds on the net on Monday promise the chance to run one of the classic Super Mario Bros games by clicking on an attachment.

The infected emails actually harbour the Romario-A worm , which in addition to launching a game starring the linguine-loving Italian plumber, also attempt to infect other unprotected computers by mass-mailing copies of itself.

http://www.theregister.co.uk/2007/07/30/mario_worm/

Robot Genius Announces Free Anti-Malware Download

Robot Genius today announced the availability of its new anti-malware download/plug-in, RGguard. RGguard is a web browser plug-in that protects users from all types of malware including spyware, adware, rootkits and other malicious programs on the web. RGguard knows not just the domain, but also the full path URL that points to each instance of malware. The exactness of the alerts reduces false positives keeping restricted sites to a minimum, and also keeps ‘noisy’ security alerts to a minimum.

http://news.tmcnet.com/news/it/-robot-genius-announces-free-anti-malware-download-/2007/07/30/2822324.htm
http://robotgenius.net/technology/rgguard.jsp or http://robotgenius.net

ICANN seeks to better protect domain name registrants

The Internet regulation body the Internet Corporation for Assigned Names and Numbers is asking for the public’s input as it revises its accreditation process for registrars, the companies that register and sell domain names.

ICANN wants to improve oversight of the Registrar Accreditation Agreement to offer increased protection to people who register domain names, according to a statement.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyId=13&articleId=9028399&intsrc=hm_topic

Seagate: PATA disk drives phased out

Due to the waning popularity of Parallel Advanced Technology Attachment (PATA) technology in favor of the newer and speedier Serial ATA-based disk drives, Seagate LLC has acknowledged plans to stop building the older products.

According to a spokesman from Scotts Valley, Calif.-based Seagate, the company plans to continue to offer PATA drives, often referred to as integrated device electronics (IDE) drives, until late this year or early next year.

Seagate’s move away from the aging PATA standard has been in the works for some time, the spokesman said. The hard drive manufacturer’s engineers stopped work on new projects late last year, he noted.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=government&articleId=9028422&taxonomyId=13&intsrc=kc_top

Testing a Bluetooth worm on Nokia E90 Communicator

Mikko H. Hypp√∂nen, F-Secure’s Chief Research Officer will be delivering presentations on the current state of mobile malware this week in Black Hat Briefings and next week at Usenix Security.

One of the new findings he’ll be announcing is that in the latest Symbian-based smartphones the Bluetooth user interface has been changed to be more malware-resistant.

See the video at http://www.net-security.org/secworld.php?id=5379

Botnets identified and blocked with new hosted service

A security tool that identifies botnets and blocks attacks from these zombie networks is being made available by Trend Micro online in the software-as-a-service model.

The Botnet Identification Service, one of three hosted security applications that are part of Trend Micro’s SecureCloud line, deals with the growing botnet problem with real-time identification of command and control centers that operate zombie networks. The product is targeted at ISPs and educational institutions.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9028463&taxonomyId=17&intsrc=kc_top

No more Panda Software

News from the Panda headquarters:

-  Panda has changed name and brand. This change represents the attitude and response of Panda Software to the new malware dynamic, where threat creators are motivated solely by money
-  The new brand, Panda Security, and the new slogan, “One step ahead”, better reflect the essence of the company, what it does and its vision of the future
- Panda Security proposes a new security model, manifest in a new generation of anti-malware solutions characterized by their ultra-high detection capacity
- “This is not simply a brand change. We are working to adapt the entire company to new market demands,” explains Jorge Dinares, CEO of Panda Security

Source:  http://www.net-security.org/secworld.php?id=5376

 

BTW, They’ve changed their domain from http://www.pandasoftware.com to http://www.pandasecurity.com/

Microsoft study reveals security frustrations

Microsoft on Thursday announced the results of a study with Kingpin Intelligence into the security attitudes of both software development managers and the developers who work for them.

The study showed that, while both parties are passionate about securing code, achieving the required level of security in a typical software development environment can be hindered by time, staffing and budget constraints. However, the study revealed that environments using managed code exhibited considerably fewer of these issues.

http://news.zdnet.co.uk/software/0,1000000121,39288265,00.htm