Subscribe to Malware Help RSS Feed RSS Feed - Subscribe to Malware Help. Org on Twitter Follow on Twitter - Malware Help YouTube Channel YouTube Channel - Subscribe to Malware Help by Email Subscribe by Email

Security

Microsoft fixes a dozen critical Office flaws in four patches

by Shanmuga

"Microsoft released its March 2008 security bulletin, which includes four bulletins, all deemed critical by Microsoft. The most serious of these affects Microsoft Excel, which alone has six specific "Common Vulnerablities and Exposures" vulnerabilities noted, one of which has been exploited in the wild.

Read the full article →

Mozilla adds 900 fixes and upgrades Firefox 3 beta

by Shanmuga

"Mozilla released the latest beta of Firefox 3, including some 900 bug fixes and highlighting for users that it is for testing purposes only. The release comes less than a week after Microsoft showed off the next version of its browser – Internet Explorer 8 – at its annual Mix show for developers.

Read the full article →

Mozilla releases Thunderbird 2.0.0.12

by Shanmuga

Mozilla’s Thunderbird 2 email application is updated to version 2.0.0.12 from 2.0.0.9, looks to be a bug fix release. It fixes 5 security issues among a host of other issues. Their official web log states that "The Gecko 1.8.1.x branch (Thunderbird 2.0.0.x series) will not include any groundbreaking features that Gecko 1.9 will bring, since

Read the full article →

Hacked: Researchers figure out how to crack GSM phone security

by Shanmuga

"Two enterprising researchers claim to have figured out a way to eavesdrop on calls made using GSM mobile phones, cracking open its much-vaunted encryption.

Read the full article →

Security: Disk encryption may not be secure enough

by Shanmuga

"Computer scientists have discovered a novel way to bypass the encryption used in programs like Microsoft’s BitLocker and Apple’s FileVault and then view the contents of supposedly secure files.

Read the full article →

Vulnerabilities: Serious Browser Bugs Spoil Opera Tune

by Shanmuga

"Opera has shipped a high-priority update to its flagship Web browser to correct multiple flaws that put Windows users at risk of malicious hacker attacks.

Read the full article →

Security: Behind the Scenes at Microsoft’s Secure Windows Initiative

by Shanmuga

"Microsoft’s Secure Windows Initiative unit has emerged from the shadows, promising a new level of transparency, as well as details of software vulnerabilities and security bulletins.

Read the full article →

Security: How secure is a Gmail account?

by Shanmuga

"At the last DefCon event, one of the attendees, ‘Hamster’ showed off how the cookies sent by your computer when signing into a Google account can be copied, allowing the account to be cloned by the hacker, and all the implications that carried.

Read the full article →

Security: Microsoft wants to worm its way into your PC

by Shanmuga

"Microsoft is taking a leaf out of the virus writers’ handbook, hoping to use friendly "worms" to distribute software patches surreptitiously.

Read the full article →

Mozilla raises Firefox security bar

by Shanmuga

"Firefox 3.0′s new anti-malware blocker, a tool that prevents some malicious pages from loading, is the browser upgrade’s most important new security feature, Mozilla Corp.’s head of engineering said today.

Read the full article →

Is it time to consider PDF a threat?

by Shanmuga

"Adobe released patches for its Reader and Acrobat programs last Wednesday, but there’s reason to suspect that the company has closed the barn door long after the cattle fled. According to a blog entry at the SANS Internet Storm Center, this particular vulnerability has been exploited in the wild for several weeks. In this case,

Read the full article →

Microsoft Issues Biggest Patch Update in a Year

by Shanmuga

"Microsoft on Tuesday rolled out 11 security updates that patch 17 vulnerabilities in Windows, Office, Internet Explorer, Internet Information Server (IIS) and several other components and technologies. It was the most patch bulletins Microsoft’s has issued since February 2007, even though it yanked one expected update — scheduled last week to fix problems in VBScript

Read the full article →

Firefox 3 beta 3 polishes rough edges

by Shanmuga

"Mozilla has announced the official release of the third Firefox 3 beta, which includes many user interface improvements and a handful of new features. Firefox 3 is rapidly approaching completion, and much of the work that remains to be done is primarily in the category of fit and finish. There will likely only be one

Read the full article →

Mozilla Dismisses New Firefox Flaw Warning

by Shanmuga

"Published reports of an information leakage vulnerability affecting fully patched versions of the open-source Firefox browser have been greatly exaggerated, according to Mozilla chief evangelist Mike Shaver.

Read the full article →

Widespread encryption heralds new attacks

by Shanmuga

"Hackers will become more skilled at using encryption as the technology becomes more widespread, and could use it to launch new forms of attacks, according to security experts..

Read the full article →

Mozilla patches 11 Firefox bugs

by Shanmuga

"Mozilla Corp. late yesterday patched Firefox to quash 11 bugs, including one from three weeks ago that posed a threat to users who had installed any of the more than 600 add-ons for the open-source browser. Firefox 2.0.0.12 fixed four vulnerabilities that Mozilla ranked "critical," one it pegged "high" and three each rated as "moderate"

Read the full article →

Least privilege won’t solve every security problem, but it’s a significant step

by Shanmuga

"First and foremost, least privilege models prevent 90 percent or more of today’s malware. You can’t ignore that statistic. Malware writers may easily code around least privilege when they need to, but it does significantly cut down on software that can cause harm today. Second, least privilege mechanisms make it harder for malware to modify

Read the full article →

Microsoft slates 12 patches for next week

by Shanmuga

"Microsoft Corp. announced today that it will release a dozen security updates next week, matching the patch record set a year ago. Seven of the 12 will be tagged with the company’s highest threat ranking. "There’s not a Windows shop anywhere in the world that won’t need to deploy at least one of these patches,"

Read the full article →

Free tool blocks Facebook, MySpace, and Yahoo ActiveX vulnerabilities

by Shanmuga

"A researcher over at the Internet Storm Center has created a powerful GUI that will set the kill-bits on vulnerable ActiveX controls used in Facebook, Myspace, and Yahoo apps. These popular apps came under attack on Monday after researchers Elazar Broad and Krystian Kloskowski disclosed their findings to a online security newsgroup.

Read the full article →

Adobe, Apple Issue Security Updates

by Shanmuga

"Adobe has released an update to its free Adobe Reader application that corrects more than two dozen bugs, including several security holes. Separately, Apple this week pushed out a patch to plug a single security vulnerability in its iPhoto application.

Read the full article →

The top eight events that changed the course of computer security history

by Shanmuga

"Given the headlines lately, you could be forgiven for thinking that the biggest, baddest events in the history of computer security have all happened within the last few years. After all, there have been so many hacks disclosed that Stephen Northcutt of SANS recently observed, “The way we are going, there are only going to

Read the full article →

Kill ActiveX

by Shanmuga

"A wave of bugs in the plug-in technology used by Microsoft Corp.’s Internet Explorer browser has some security experts, including those at US-CERT, recommending that users disable all ActiveX controls.

Read the full article →

MayDay! Sneakier, More Powerful Botnet on the Loose

by Shanmuga

"A new peer-to-peer (P2P) botnet even more powerful and stealthy than the infamous Storm has begun infiltrating mostly U.S.-based large enterprises, educational institutions, and customers of major ISPs. The MayDay botnet can evade leading antivirus products, and so far has compromised thousands of hosts, according to Damballa, which says 96.5 percent of the infected machines

Read the full article →