TechBlog

Cross-posted from BetaNews.com: Adobe took the wraps off Creative Suite 6 on Monday, introducing the largest release to date of the content-creation platform. CS6 now includes up to 12 programs and two companion applications, Bridge and Encore, and is available in four editions: Design Standard, Design and Web Premium, Production Premium, and Master Collection. The CS6 beta is one of the most successful in the company’s history, with one million downloads over the past month of availability alone, a record for Adobe. The move was slightly unusual considering the company typically does not offer large-scale betas of its products. ...

SophosLabs is intercepting a spammed-out malware campaign, pretending to be an email about a revealing photo posted online of the recipient. The emails, which have a variety of subject lines and message bodies, arrive with an attached ZIP file (IMG0893.zip) which contains a Trojan horse. Subject lines used in the spammed-out malware campaign include: RE:Check the attachment you have to react somehow to this picture FW:Check the attachment you have to react somehow to this picture RE:You HAVE to check this photo in attachment man RE:They killed your privacy man your photo is all over facebook! NAKED! RE:Why did you put this photo online? ...

The H-Security: The Ruby development team has published an update to the 1.9.3 series of its open source programming language to fix a vulnerability found in the RubyGems package management framework. The maintenance release of the scripting language, labelled 1.9.3-p194, updates RubyGems to close a security hole that caused SSL server verification to fail for remote repositories. This has been addressed by disallowing redirects from https to http connections and by enabling the verification of server SSL certificates in an updated version of RubyGems, 1.8.23; more details on these issues are provided in the latest RubyGems History file. The developers encourage those who use https source in .gemrc or /etc/gemrc to upgrade as soon as possible. ...

The H-Security: The developers of the popular open source blog engine WordPress have released a security update for the software. WordPress 3.3.2 fixes unspecified bugs in three external file upload libraries used in the software and other security problems with the application. The bugs affect both WordPress’s current file uploading library Plupload as well as the SWFUpload and SWFObject libraries; these were bundled with older versions of the application and might still be in use by certain plugins on the current versions of WordPress. The developers did not go into detail about the specifics of the security holes but thanked three people from the WordPress community for responsibly disclosing them. Three more fixes address a privilege escalation in the blog engine’s multi-site system and two cross-site scripting vulnerabilities in the core components of WordPress. More details on all of these patches and also some additional smaller fixes can be found in the change log. ...

The H-Security: The head of Google’s Webspam team, Matt Cutts, announced on Twitter that Google has sent out a message to the webmasters of 20,000 sites informing them that their sites may have been hacked. In the email message, the company warns operators that the affected sites appear to be being used to redirect visitors to a malicious site. Google asks the site administrators to check the files in their web space for an eval(function(p,a,c,k,e,r) JavaScript code segment. The eval() function can be used to execute JavaScript character strings that may have previously been decrypted using an unpack feature. Google also warns of specially crafted .htaccess files. These may cause a file to be redirected only in certain circumstances, for example, when a visitor accesses the page via Google. Consequently, regular visitors to a site, such as the webmaster, will be unaware of the infection. ...

Hi Folks My friend’s blog, Feldstudie.net, is now nominated as best blog in Technical category and he needs your support to with all hard competitors he has. Please visit this link and choose FeldStudie as your nominee: http://www.hitmeister.de/superblogs/2012/technik/ If you use Facebook you can “Like” his page to stay up to date with his latest posts: https://www.facebook.com/Feldstudie Thank you all for your support! -Omid

As I said in the other post, Iran’s Central Bank has announced that the electronic information of 3 million customers of 10 Iranian banks have been compromised. These banks now require their customers to change their ATM pin numbers before they can access their account. This has caused a rush to the ATM machines by the worried customers. The hacker was identified as Khosro Zare’, a former bank-system specialist in Iran who recently left the country. Zare’ claimed in a blog that he hacked the PIN codes to highlight the vulnerability of Iran’s banking system. ...

SophosLabs: More malware for the Mac OS X platform has been discovered, hot on the heels of the revelation that some 600,000 Macs had been infected in the Flashback attack. And just like Flashback, the new Trojan doesn’t require any user interaction to infect your Apple Mac. The Sabpab Trojan horse exploits the same drive-by Java vulnerability used to create the Flashback botnet. The newly discovered Sabpab malware is in many ways a basic backdoor Trojan horse. It connects to a control server using HTTP, receiving commands from remote hackers as to what it should do. The criminals behind the attack can grab screenshots from infected Macs, upload and download files, and execute commands remotely. ...

An Iranian hacker published the information about some 3 million debit cards of 10 Iranian banks, including codes and passwords. The information has been published by someone named “Khosrow Zare Farid” who was the manager of a company which operates SHETAB payment network in Iran and produces and installs POS devices. “Around one year ago I found a critical bug in the system. Then I wrote and sent a formal report to all the CEO of banks in Iran but none of them replied to me. Now I decided to publish the information. Governments tried to catch me by Iran Cyber Army but they failed,” he said, according to Kabir News website ...

Anti-virus experts at Trend Micro have discovered ransomware which blocks systems from booting. In contrast to the localised trojans, which are widely spread around Europe, it does so by inserting itself into the master boot record (MBR). It then restarts the system and instructs the user to pay a ransom of 920 Ukrainian hryvnia (equivalent to about 90 euros) to the criminals via payment service QIWI. If victims pay up, the criminals send them a code to unlock their computers. Users can, however, save themselves 920 hryvnia by following the experts’ instructions for removing the infection. This essentially consists of running the recovery console from the Windows Installation DVD and restoring the original MBR using the fixmbr command. ...