Reminder: Update for Windows Update Agent beginning August 2009 and etc…

Just a reminder to everyone using Windows 🙂 There will be update to Windows Update announced by WU Team few weeks ago. I alraedy blog this on the 10th of July and people who visits Calendar of Updates is reminded every week so they’ll get manually or automatic. So….. July is finished at my end because it’s now August 1 here.  Sun Microsystem, Microsoft and Adobe gave us some patches that I hope everybody that is using the affected software/version has patched. Then there’s iPhone patch for Apple iPhone users. There’s lots of new security issues that was revealed or … Continue reading Reminder: Update for Windows Update Agent beginning August 2009 and etc…

Hiding an infection in an unused SSL site

From StopBadware blog: Today we saw an interesting case where no one could find badware in a website that Google reported as infected—until Google tipped us off to check the site using https (i.e., instead of testing http://example.com, we tested https://example.com). Sure enough, when we used https, an apparently unused default site loaded, along with a hidden iframe that connected to a Chinese server and downloaded a malicious payload. In addition to being difficult to track down, my colleague Oliver points out that intrusion detection systems, network firewalls, and other devices that scan traffic as it passes through a network … Continue reading Hiding an infection in an unused SSL site

Apple patches Black Hat SMS vuln

Yesterday, The Reg reported that researchers had discovered a vulnerability in the iPhone and other mobile devices that made them vulnerable to an SMS hack. This morning, Apple fixed it. http://www.theregister.co.uk/2009/07/31/iphone_sms_vulnerability_patch/ Good work but… they need to stop that pre-checked.  See Ban that Check and Installers Hall of Shame – Patchers Demand Security Updates Only Details of the security update in iPhone in http://support.apple.com/kb/HT3754

Surveillance camera hack swaps live feed with spoof video

Defcon Corporate teleconferences and other sensitive video feeds traveling over internet are a lot more vulnerable to interception thanks to the release of free software tools that offer penetration testers and attackers a point-and-click interface. At the Defcon hacker conference in Las Vegas, the Viper Lab researchers demonstrated new additions to UCSniff, a package of tools for sniffing internet-based phone conversations. The updates offer tools that streamline the process of intercepting video feeds, even when they are embedded in voice-over-internet-protocol traffic. Taking a page from movies like The Thomas Crown Affair, the researchers showed how a companion tool called VideoJak … Continue reading Surveillance camera hack swaps live feed with spoof video

Practicing safe surfing can derail attempts to cruise ‘Net anonymously

Google Safe service can reveal end users even if they hide behind proxies A Google service that helps protect Internet surfers from malicious sites also gathers data about browsing activities that users are trying to keep secret, a researcher told Black Hat attendees. Google Safe, a database service that warns Internet users when they are about to enter infected pages, marks browsers so the users can be identified even if they proxy all their traffic through another IP address, says Robert Hansen, CEO of Internet security firm SecTheory. “It’s a privacy-security tradeoff,” Hansen says. Firefox and Chrome browsers are both … Continue reading Practicing safe surfing can derail attempts to cruise ‘Net anonymously

Conficker talk sanitized at Black Hat to protect investigation

The international security team tracking down Conficker thought the masterminds behind it would have been apprehended by now, according to one of the leaders of the effort to stamp out the resilient worm. But that’s not the way it has worked out, and a talk at Black Hat yesterday had to be scaled back because it contained information about Conficker that might tip investigators’ hand and send the perpetrators further underground, says Mikko Hypponen, chief research officer at F-Secure and a member of the Conficker Working Group.  When Hypponen submitted the abstract for his Black Hat briefing more than six … Continue reading Conficker talk sanitized at Black Hat to protect investigation

Installers Hall of Shame – Patchers Demand Security Updates Only

MVP and SBS Diva, Susan Bradley blog about Patchers Demand Security Updates Only at http://msmvps.com/blogs/bradley/archive/2009/07/31/patchers-demand-security-updates-only.aspx And you can find what she’s talking about in MVP Steve Wechler’s blog over at MVP Lawrence Abrams (Grinler) website: Hey, Software "Vendors", Stop installing **** with your security updates !!! http://www.bleepingcomputer.com/blogs/mowgreen/index.php?showentry=1564 I added the above in CoU discussion about unwanted add-ons See also the "demand" of many people has at Calendar of Updates forum: Installers Hall of Shame (Unwanted add-on) Products with Ask Toolbar You see vendors…. people don’t like add-ons on any products especially when you are releasing updates.  People do not like … Continue reading Installers Hall of Shame – Patchers Demand Security Updates Only

New version of Ad-Aware on August 25

We’ve been updating you from time to time with bits of news about our upcoming new version of Ad-Aware. Now that the Ad-Aware launch is only weeks away, we would like to take a minute to make sure that you’re all aware of the upcoming launch – August 25, 2009 – and the added security it will bring. http://www.lavasoft.com/mylavasoft/company/blog/mark-your-calendars-–-august-25-2009 What’s New? The Neutralizer -Lavasoft’s new advanced removal tool combats malware that attempts to restore itself even after rebooting your system. Genotype Detection Technology – Based on heuristics, the new Genotype technology allows Ad-Aware to stay one step ahead of today’s … Continue reading New version of Ad-Aware on August 25

Following the Money: Rogue Anti-virus Software

By its very nature, the architecture and limited rules governing the Web make it difficult to track individuals who might be involved in improper activity. Cyber-sleuths often must navigate through a maze of dead-end records, pseudonyms or anonymous corporations, usually based overseas. The success rate is fairly low. Even if you manage to trace one link in the chain — such as a payment processor or Web host — the business or person involved claims that he or she was merely providing a legal service to an unknown client who turns out to be a scammer. But every so often, … Continue reading Following the Money: Rogue Anti-virus Software

Adobe released v9.1.3 of its PDF Reader with security fixes

Adobe Reader v9.13 Available via Updater of the program. The Adobe Reader 9.1.3 Update addresses customer issues and security vulnerabilities. Adobe recommends that you always install the latest updates. For offline installation: Download the patch for Windows: ftp://ftp.adobe.com/pub/adobe/reader/win/9.x/9.1.3/misc/AdbeRdrUpd913_all_incr.msp Download the patch for Mac: ftp://ftp.adobe.com/pub/adobe/reader/mac/9.x/9.1.3/misc/ What it will fix is in mentioned in the advisory:  http://www.adobe.com/support/security/advisories/apsa09-03.html  Wait for the bulletin if you want but the update is available in the program’s updater. Edit to add: Update on Vulnerability identifier: APSB09-10 July 31, 2009 – Bulletin updated with Adobe Reader and Acrobat updates, and correct Adobe Flash Player 9 download link http://www.adobe.com/support/security/bulletins/apsb09-10.html