Buffer Overflow Vulnerabilities in the Java Runtime Environment (JRE) with Processing Image Files and Fonts may Allow Privileges to be Escalated

CR 6804996: A buffer overflow vulnerability in the Java Runtime Environment with processing PNG images may allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. CR 6804997: A buffer overflow vulnerability in the Java Runtime Environment with processing GIF images may allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application may grant itself permissions to read and write local files or execute local applications … Continue reading Buffer Overflow Vulnerabilities in the Java Runtime Environment (JRE) with Processing Image Files and Fonts may Allow Privileges to be Escalated

Apple Mac users warned of web-based malware threats

IT security and control firm Sophos is warning Apple Mac users to be on their guard against websites hosting malicious code designed to infect their systems. The advice follows the discovery of a new version of the OSX/RSPlug Trojan horse that is being distributed via a legitimate-looking website offering HDTV software. Watch the video:  Apple Mac malware: Caught on camera: http://www.sophos.com/pressoffice/news/articles/2009/03/mac-malware.htm  

IE8 Market Share Holding Steady, But Small

News reports from earlier this week said that IE8’s market share was taking a hit as bugs prompted users to revert back to IE7 almost immediately. Hourly data from Net Applications, however, suggests that drops in the browser’s adoption rates have not been particularly steep, and puts IE8’s most recent market share at 2.14 percent. IE7, which debuted in January 2007, currently has 47.32 percent of the market. Omniture places average IE8 market share at 0.9 percent, IE7 at 49.5 percent, and IE6 at 22.9 percent. About 5.6 percent of PCMag.com readers were using IE8 as of Monday, Omniture said, … Continue reading IE8 Market Share Holding Steady, But Small

Anti-Malware protection with IE8’s SmartScreen Filter

Eric Lawrence, MS IE Program Manager blog today how the IE8 SmartScreen filter helps to prevent phishing and malware attacks. Here are some key statistics: We have delivered over 10 million malware blocks in the past six months That’s a block for one out of 40 users, every week We’ve seen (and blocked) one in every 200 downloads as malicious Not all malware protection is created equal– just because a browser has anti-malware features doesn’t mean it protects users from the most relevant threats. Comprehensive Protection With the demonstrated efficacy of IE8’s SmartScreen filter, we know that internet crime will … Continue reading Anti-Malware protection with IE8’s SmartScreen Filter

Report a Webpage Problem Internet Explorer 8 Add-On

The Microsoft Report a Webpage Problem Internet Explorer Add-on allows the user to submit a report to Microsoft for webpages they believe are having rendering problems, scripting errors, or various other types of problems.  The Report a Webpage Problem Internet Explorer Add-on appears as a toolbar button and a “Report a Webpage Problem…” item on the Tools menu. More info and download at http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=8e4cf8f2-84db-4df3-b2ec-c64ccf58e4bb

Malware SPAM: DHL_HELP as attachment

There’s a report of fake DHL email with DHL_DOC.zip as attachment (which is malware).  See report here. Email message: Hello! We were not able to deliver postal package you sent on the 14th of March in time because the recipients address is not correct. Please print out the invoice copy attached and collect the package at our office. Your personal manager: Vanessa Oliver, Customer Service: 1-800-CALL-DHL Fax: 888-221-6211 DHL International, Ltd. All Rights Reserved. Today’ I received the same malware SPAM also but another filename: DHL_HELP.ZIP (inside is DHL_HELP.EXE). Only 4 malware scanners will detect it.

Sun released update 13 for Java 6

The full internal version number for this update release is 1.6.0_13-b03 (where "b" means "build"). The external version number is 6u13. Read the release note before you upgrade at http://java.sun.com/javase/6/webnotes/6u13.html If you’re ready, download it from http://www.java.com/en/download/manual.jsp Not sure what version you got? Go to http://www.java.com/en/download/installed.jsp to check what you have.  Thanks to MVP Gordon for the fast update information!

Spybot S&D Team’s response on IE8 issues

http://www.safer-networking.org/en/news/2009-03-25.html Various reports from the Internet and from our own testing seem to indicate that there is a problem between Internet Explorer 8 and the immunization feature of Spybot – Search & Destroy causing a slow startup of IE 8. Seeing all those different opinions floating around, we want to clarify what the Immunization feature does. It is one level of our protection that does protect you even if Spybot-S&D is completely shut down. This is possible by using the browsers own lists for blocked sites, by filling them with a huge list of bad sites known to us. And … Continue reading Spybot S&D Team’s response on IE8 issues

All vendors who added Ask on their products have the same excuse

Symantec respond to the feedback by a long time Norton user on the addition of Ask in Norton products.  The response is from Rowan Trollope, Senior Vice President of Symantec. IMHO, those kind of response by vendors who added unwanted and non-essential component in exchange of $ per install or PC… is simply an excuse. Excuses like: it’ll helps protect, it’s flexible, it’s no longer installed by default. http://www.calendarofupdates.com/updates/index.php?showtopic=17621&st=0&gopid=76863&#entry76863

Do you want ESET Smart Security license?

If yes, you have the chance to have the protection offered by ESET.  All you need to do is guess all or most of the icons:  http://www.calendarofupdates.com/updates/index.php?showtopic=17739 Contest will finish on March 26.  We’ll announce the winners on March 28, 2009.