Mozilla Firefox XML Handler Race Condition Memory Corruption Vulnerability

Mozilla Firefox is prone to a remote memory-corruption vulnerability because of a race condition that may result in double-free or other memory-corruption issues. Attackers may likely exploit this issue to execute arbitrary machine code in the context of the vulnerable application, but this has not been confirmed. Failed exploit attempts will likely crash the application. Mozilla Firefox is vulnerable to this issue. Due to code-reuse, other Mozilla products are also likely affected. It has been reported that the Flock web browser version 0.7.4.1 and the K-Meleon web browser version 1.0.1 are also vulnerable. Vulnerable:  Mozilla Firefox 1.5 beta 2Mozilla Firefox … Continue reading Mozilla Firefox XML Handler Race Condition Memory Corruption Vulnerability

Spymac Announces "Moves It"! – Switch from Windows to Mac

Spymac http://www.spymac.com, the largest Macintosh community and top Macintosh site for sharing photos, movies and music online, announced today “Move It,” the ultimate resource for consumers interested in switching from Windows to Macintosh. The new Spymac online service at http://spymac.com/moveit, lets users ask, learn, blog and connect with other Spymac users to help them through the whole Mac switching process. http://news.ecoustics.com/bbs/messages/10381/260042.html

10 steps to fortify the security of your MySQL installation

For those who wish to enhance or fortify the security of the MySQL installation the following technical 10 steps are a good start. Step 1: Run MySQL in a chroot jailStep 2: Restrict or disable remote accessStep 3: Change default root password and change root usernameStep 4: Remove anonymous accounts and accounts with empty passwordsStep 5: Remove sample databaseStep 6: Run MySQL as an unprivileged userStep 7: Grant minimum privileges for database usersStep 8: Enable MySQL logging and restrict access to logsStep 9: Encrypt data stored in the database using MySQL built-in functionsStep 10: Keep a look out for patches … Continue reading 10 steps to fortify the security of your MySQL installation

AVG Anti-virus Software for Students

AVG UK has announced the availability of their new Student Edition software. College and University students will receive a 50% discount when they buy one of the two top selling AVG Anti-virus products, AVG Professional or AVG plus Firewall. This promotion intends to help students afford a fully featured, security solution for their personal computers. http://www.thechannelshow.com/ChannelNews/inews1507.htm

AOL Insecure Default Directory Permissions

Affected Software:AOL 8.xAOL 9.x Secunia Research has discovered a security issue in AOL, which can be exploited by malicious, local users to gain escalated privileges. The problem is that AOL sets insecure default permissions (grants “Everyone” group “Full Control”) on the “America Online 9.0” directory and all child objects. This can be exploited to remove, manipulate, and replace any of the application’s files. The security issue has been confirmed in AOL 9.0 Security Edition revision 4184.2340. Other versions may also be affected. Solution:  The vendor has issued fixes (see vendor statement in Secunia Research advisory for details).http://secunia.com/secunia_research/2006-8/ http://secunia.com/advisories/18734/

Bit9 joins Anti-Spyware Coalition

The newest member of Anti-Spyware Coalition is Bit9 (www.bit9.com) Bit9 gives IT professionals unprecedented, network-wide visibility and control in real time. They provides the earliest and best possible protection against known and unknown intrusions, including Zero-day attacks. Founded in 2002 and headquartered in Cambridge, Massachusetts, Bit9 is a privately held company

Problem with MS06-042? Work-around available

Microsoft has released security bulletin MS06-042 on August 8th but some users have seen Internet Explorer 6 Service Pack 1 unexpectedly exits after installing the 918899 update. Microsoft has confirmed that this is a problem in the Microsoft products below:Microsoft Internet Explorer 6.0 Service Pack 1, when used with: Microsoft Windows XP Professional Microsoft Windows XP Home Edition Microsoft Windows 2000 Professional Edition Microsoft Windows 2000 Service Pack 4 Microsoft Windows 2000 Advanced Server Provided Work-around:To work around this problem, follow these steps:1. Start Internet Explorer 6.2. On the Tools menu, click Internet Options, and then click the Advanced tab.3. … Continue reading Problem with MS06-042? Work-around available

OpenOffice.org security ‘insufficient’

“The general security of OpenOffice is insufficient,” the researchers wrote in a paper entitled “In-depth analysis of the viral threats with OpenOffice.org documents.” “This suite is up to now still vulnerable to many potential malware attacks,” they wrote. The OpenOffice.org team has already fixed a software bug discovered by the French researchers, and the two groups are in discussions about how to improve the overall security of the software, said Louis Suarez-Potts, an OpenOffice.org community manager. “The one real flaw in the programming logic has been fixed,” Suarez-Potts said. “The others are theoretical.” OpenOffice.org has patched a number of vulnerabilities … Continue reading OpenOffice.org security ‘insufficient’