TechBlog

The H-Online: Oracle has fixed 14 security holes in the Java Standard Edition (Java SE) with a critical patch update. The vulnerabilities allow attackers to use specially crafted Java WebStart applications or web services in order to install malicious code on computers that run flawed versions of Java. Oracle says that such flawed versions are particularly likely to exist on Windows computers because Windows users tend to have admin privileges. The risk is smaller under operating systems such as Linux and Solaris, the company added. ...

SophosLabs: The death of pop superstar Whitney Houston made headlines around the world this weekend, and it didn’t take long for fraudsters and cybercriminals to cash in on the singer’s death. For instance, messages have been seen shared on Facebook claiming to link to a video of Whitney Houston’s autopsy. According to the messages, the video of Whitney Houston’s autopsy “reveals a shocking secret that explains her death”. Here’s what a typical message looks like: ...

The H-Online: According to a report, hackers, allegedly from China, had access to telecoms equipment manufacturer Nortel‘s IT systems over a period of several years – access that they took full advantage of. Citing an internal investigation, the Wall Street Journal reported on Tuesday that, using seven passwords stolen from senior managers, intruders had access to almost all confidential information within Nortel from 2000 onwards. Brian Shields, the manager who led the Nortel investigation, is quoted as saying that the hackers “had access to everything”. Huge volumes of technical documents, research and development (R&D) reports, business plans and emails were downloaded over the course of several years. “They had plenty of time,” said Shields, “All they had to do was figure out what they wanted.” The seven stolen passwords included the password belonging to the company’s then CEO. The attackers have not been identified, but the WSJ notes that they appear to have been working from China. ...

The H-Online: Twitter has announced that it has now enabled HTTPS by default for all users signed into the micro-blogging service. By using HTTPS, all user information including log-in credentials transmitted to the company’s servers are sent using SSL encryption. This means that all data is transmitted in encrypted form and can no longer be read and exploited for fraudulent activities by attackers using tools such as the Firesheep extension for Firefox. ...

SophosLabs: Scammers don’t just lure you into visiting their websites via email, Facebook and Twitter – you can be targeted on your mobile phone too. For instance, there have been numerous people on the internet who have reported receiving messages like the following: Apple needs iPhone5 testers! The first 1000 users who visit [LINK] and enter code 4444 will get to test & keep the new iPhone5. Of course, the promotion has nothing to do with Apple (who do not do public tests of their upcoming products), and – as the iPhone 5 hasn’t even been announced yet – you have close to zero chance of receiving a free smartphone. ...

The H-Online: As expected, Microsoft has released nine bulletins to close a total of 21 holes in its products. Four of the bulletins close critical vulnerabilities in Windows, Internet Explorer, .NET and Silverlight, including an issue in the Windows kernel-mode drivers that became publicly known in December of last year. The company advises those responsible for prioritizing update deployment to focus on the critical patches for Internet Explorer and the C Runtime Library in Windows, as these could be exploited by an attacker to remotely execute arbitrary code on a victim’s system. For an attack to be successful, a user must first visit a malicious web page or open a specially crafted file. The other critical bulletins fix issues in .NET and Silverlight, as well as the Windows kernel. Microsoft notes that it has yet to see any active attacks exploiting these issues in the wild. ...

The H-Online: Adobe has updated Shockwave Player on Windows and Mac OS X to version 11.6.4.634 after identifying nine critical vulnerabilities. The problems affect Shockwave Player 11.6.3.633 and all earlier versions on Windows and Mac OS X – Adobe recommend updating to the new release by downloading it from get.adobe.com/shockwave. To identify whether Shockwave Player is installed on a system, users should visit the test page on Adobe’s site. The majority of the problems are in the Shockwave 3D Asset where seven memory corruption vulnerabilities could lead to code execution; these were all reported by Hongnang Ren of FortiGuard Labs. An eighth memory corruption issue and a heap overflow vulnerability, both of which could also lead to code execution, were reported by “instruder” of vulnhunt.com and bring the flaw tally up to nine. ...

LifeHacker: Chrome 17 is out with a new pre-rendering feature designed to make your pages load faster, and both Firefox and Opera have also released speedy new versions since our last round of speed tests. So, we’ve once again pitted the four most popular web browsers against each other in a battle of startup times, tab loading times, and more, with more surprising results. Continue Reading: http://lifehacker.com/5884941/browser-speed-tests-chrome-17-firefox-10-internet-explorer-9-and-opera-1161 (Hint: As always Chrome is winner, no doubt!) ...

SophosLabs: A hacker, identified as a 17-year-old based in Morocco, claims to have stolen the personal information of 350,000 users from hardcore porn mavens Brazzers. The point, claims the hacker, was to highlight a security vulnerability on the adult site. According to reports, the teen uploaded a small small of the stolen data to the internet, displaying customer emails, usernames and passwords. Presumably to offer up proof that he was behind the breach. ...

SophosLabs: It’s Valentine’s Day tomorrow and the spammers are out in force to make the most of unwitting shoppers on the international day of love. Looking to buy a present for someone this Valentine’s Day? Ooh look what popped into my inbox, an email inviting me to buy my Valentine an *ahem* “romantic” gift. Valentine’s Day, the 14th February, is the day we celebrate our feelings of affection for our boyfriends, girlfriends, husbands and wives. It is traditional to do this with a special romantic gift. Looking for a Valentine’s Day Gift for him or the perfect token of love for her? Look no further than here! ...