TechBlog

SOFTPEDIA: According to statistics gathered by cloud security provider Zscaler, 56.4% of enterprise users have out of date Adobe Reader plug-in versions inside their browsers. The company gathered statistics about browser plug-ins and presented the results in its “State of the Web” report [pdf] for the second quarter of 2011. “Nearly every browser is running some combination of plug-ins, add-ons or extensions. As with most software, older versions of plug-ins typically have more security vulnerabilities. This adds up to a tempting target for hackers,” the company warns. ...

H-Online: Security specialist Sophos reports that it has discovered new spam email messages that claim to be an advisory related to an update to the open source Firefox web browser. The fake advisory asks users to update their Firefox installations, “for security reasons”, and includes a download link to the supposed update. According to Graham Cluley of Sophos, the download leads to an executable file that bundles an installer for the Windows version of Firefox 5.0.1 and a password-stealing trojan (Troj/PWS-BSF). As noted by Cluley, users should always exercise caution when clicking on links in emails. ...

The Hacker News: Microsoft has announced that it will release 13 bulletins to address 22 vulnerabilities in Windows, Office, Internet Explorer, .NET and Visual Studio on its next Patch Tuesday. Another “critical” bulletin affects Windows server operating systems, and addresses a code-execution risk on unpatched systems. Also of note is an update restricted to newer versions of Windows (Windows 7 and Windows 2008) that tackles a potential, though difficult to exploit, code-execution risk. ...

SophosLabs: Facebook has taken security to a whole new level. I think this speaks for itself.

H-Security Online: Version 7.7 of QuickTime is now available for users running Windows XP SP2 or later and Mac OS X v10.5.8 Leopard. The maintenance and security update addresses a total of 14 security vulnerabilities in the multimedia application. QuickTime 7.7 closes holes on both platforms that could be used by an attacker to, for example, crash the application or execute arbitrary code on a victim’s system. For an attack to be successful, a victim must first open a specially crafted file or a malicious web site. A cross-origin issue that may lead to the disclosure of video data from another web site has also been fixed. The company notes that, for Mac OS X 10.6 users, these holes have already been addressed in 10.6.8; the latest version of Mac OS X, 10.7 Lion, is not affected. ...

The Google Chrome team announced the arrival of Chrome 13.0.782.107 to the Stable Channel for Windows, Mac, Linux, and Chrome Frame. Spanning 5200+ revisions, Chrome 13, contains some exciting new features like Instant Page rendering. To find out about other new features, check out the Official Chrome Blog. Change log is available here: Google Chrome Releases: Stable Channel Update

Microsoft announced the release of a Camera Codec pack for Windows that offers support for the RAW file format from within Windows Explorer as well as Windows Live Photo Gallery 2011. The Codec Pack has support for more than 120 RAW file formats from brands such as Canon, Nikon, Sony, Olympus, Pentax, Leica, Minolta, Panasonic, and Espon. The Codec Pack will allow you to generate thumbnail images from RAW files, once it is installed. ...

BetaNews: There is a lot of buzz about a recent set of tests by NSS Labs that show the Smartscreen reputation system in Internet Explorer 9 head and shoulders and most of the rest of the body above the competition in blocking malware on the web. I think the results of the test are even more important than they seem, considering previous reports that Microsoft plans to make Smartscreen a base part of Windows 8. This would extend parts of the protection to any executable hitting the file system. This would be big news. ...

My Personal Opinion: I doubt if that site is really their official website or not Sophos Labs: Within days of the hacktivist group Anonymous announcing it was setting up its own social network (after being unceremoniously booted off Google+), its plans have taken a somewhat humiliating turn. AnonPlus, Anonymous’s planned social network, has been defaced by rival hackers. A group of hackers apparently based in Turkey replaced AnonPlus’s main webpage with an image of a dog wearing a suit, mocking the more normal Anonymous logo, and messages in Turkish and English: ...

Anonymous claims to have stolen around a gigabyte of classified NATO data The H-Online Security wrote: In a post on Twitter, the Anonymous hacker group said that it has managed to steal a number of secret documents from one of NATO‘s servers. As proof, Anonymous published two PDF documents from 2007 and 2008 that are allegedly from NATO. The classification “NATO Restricted” suggests that the documents are intended only for circulation within the organisation – if they are genuine. The hacktivists say they copied a gigabyte of data in total, but added that it would be “irresponsible” to publish most of the material. ...