Tag: security
-
Another Windows hole
A new critical flaw has been found in all versions of Windows since Windows 2000 and affects even current releases like Windows 7 and Server 2008 R2. The vulnerability was found by 2X Software which says that the flaw can be used to create a DoS attack against any Windows systems from the last 10…
-
Privacy and freedom: World Gone Mad Part 1
Last week, a story broke in the US concerning invasion of privacy and has become a huge talking point globally. The Lower Merion School District provided Apple Mac laptops to students ( no private machines were allowed ) and installed remote control software on these, allowing the school to remotely activate web-cams in an apparent…
-
2009 most hacked app – Acrobat Reader
Malicious Acrobat Reader documents made up almost 80% of all exploits for 2009 according to security research company ScanSafe. Vulnerabilities have doubled year on year in Adobe’s PDF reader and they seem to be having a problem in keeping things under any sort of control. To keep yourself safe ( well sort of ) disable…
-
New Windows 7 update phones home
Apologies for the late notice on this but I only just learned of it myself: Microsoft will be releasing “Update for Microsoft Windows (KB971033)” today. This however is not an ordinary update. This one will change the current activation and anti-piracy behaviour of Windows 7 by phoning home every 90 days ( for now ).…
-
New research paints grim picture for AntiVirus software
While I’ve never assumed AV software will protect you from all ills on the Internet, new research from SurfRight shows just how bad things are. A sample of just under 110k users ( a very good sample I think ) shows that 32% ( yes 1/3rd ) of all machines running AV software were infected…
-
Patch Tuesday
This coming Tuesday, Microsoft is releasing a slew of patch fixes, 5 of which are rated critical, 7 important and 1 moderate. All of the critical flaws result in remote code execution and 10 of these patches require a system restart. The list of operating systems affected includes everything from Win2k through to Win2k8 R2.…
-
New Microsoft IE flaw
Microsoft has issued a new security advisory ( 980099 ) to address a publicly disclosed vulnerability in Internet Explorer that may allow information disclosure for Windows XP users or for users who have disabled Internet Explorer Protected Mode. The advisory explains that content can be forced to render incorrectly from local files in such a…
-
IE in trouble again
Only a day after the last patch was released for IE that fixed problems relating to the Google ( and other ) attacks from December, a number of new vulnerabilities have been found in IE ( no version details yet ) which when combined, can lead to remote execution on a Windows PC. Core Security…
-
Widespread Attacks on IE bug start
The first widespread attack to leverage a recently patched flaw in Microsoft’s Internet Explorer browser has surfaced. Starting late Wednesday, researchers began spotting dozens of Web sites that contain the Internet Explorer attack, which works reliably on the IE 6 browser, running on Windows XP. The attack installs a Trojan horse program that is able…
-
17-year old security hole in all Windows versions
I sometimes feel as if I’m picking on Microsoft for its crappy security ( there’s always some new hole to talk about ) but then I sit back and realise that their products really do have poor security and I don’t need to feel ashamed for reporting on it. For example, a Google engineer recently…
-
Microsoft Internet Explorer security patches released
Microsoft on Thursday issued a cumulative critical patch for Internet Explorer that fixes eight vulnerabilities, including a hole targeted in the China-based attacks on Google and other U.S. companies. The security update is rated critical for all supported releases of IE 5, 6, 7, and 8, according to the advisory. The more severe vulnerabilities could…
-
‘Dump Internet Explorer’ says France
It seems it wasn’t only the Germans who thought it necessary to suggest the use of a browser alternative to IE – the French Certa agency ( which looks after cyber threats in France ) have now weighed in on the matter and suggested the same. And they’ve included all versions of IE in this…
-
Microsoft breaks Perl CPAN testers system
As if Microsoft hasn’t got it’s hands full enough with security breaches in it’s software aiding the Chinese in attacks on US companies, it has now been implicated in DoS attacks on the Perl CPAN testers’ system of sites, databases and mirrors. The problem appears to be that Microsoft’s bots do not adhere to the…
-
Google, China and security
A drama of world-wide proportions ( that wouldn’t out of place in a Hollywood blockbuster ) has been playing out over the last week concerning Google’s operations in China. It all started with denial of service attacks against Google’s Gmail service in late December last year ( and attacks against about about 30 other US…
-
Acrobat Reader security issues
A(nother) vulnerability in Acrobat Reader 9.2 has forced Adobe to fix it with an update to 9.3. This problem has been assigned CVE-2009-4324 and there are exploits out in the wild. So upgrade asap.