TechBlog

Since 2003, the number of exploitable vulnerabilities has fallen considerably in Microsoft’s Office suite. H-Online: Independently of each other, security specialists Dan Kaminsky and Will Dormann from Carnegie Mellon University’s CERT have found that, in the past few years, the number of flaws and exploitable vulnerabilities in individual versions of Microsoft Office has fallen dramatically, achieving results that are even below those ofOpenOffice. However, their findings should be treated with caution, as they are based on automatic evaluations and say little about the actual threat potential. ...

Avira TechBlog: The series continues – Avira AntiVir Personal and Avira AntiVir Professional received the April 2011 VB100 award! The tests were executed in a Windows XP SP3 environment by the Virus Bulletin test engineers. The Avira anti malware solutions performed very well: All WildList samples were detected, all of the polymorphic viruses too. Also, more than 99 percent of the Worms and Bots were blocked. The heuristics test also looks very good: With 96 percent of the yet unknown malware samples filtered out Avira ranks among the best solutions! ...

Adobe Flash Player 10.2.159.1 is now available! Download it from here: http://get.adobe.com/flashplayer/

On its recent patch day, Microsoft released security updates to fix vulnerabilities in multiple versions of its Office products. The patch for PowerPoint 2003 can, however, have negative consequences – after installation existing presentations may be unable to be opened or may cause an error message stating that the file is corrupted and cannot be fully displayed. In the latter case, the content of the presentation can only be partially read and any non-displayed elements, in particular background images, are lost for good after saving. ...

Avira TechBlog: Today some updates need attention – they fix critical security issues and should be installed immediately! The update reign starts off with Apple. Critical security vulnerabilities are closed within the Safari web browser 5.0.5 – they allowed cyber criminals to smuggle in malware. For Mac users, additionally a security update is available for the Snow Leopard operating system. It fixes an issue with stolen certificates which arose a three weeks ago at Comodo and is amazingly tiny for an Apple security update, only 4 MByte. And then for iPhone, iPad and iPod Touch users the update to iOS 4.3.2 is available which basically closes the same security holes for the mobile devices as well. ...

Sophos Labs: Repeat after me: It’s “Facebook”, not “FaceBook”. Learn that lesson and it can be one of the tricks you can use to protect yourself against a spammed-out malware campaign, which tries to trick you into believing that Facebook support has changed your password. Computer users are receiving emails claiming that the popular social network has automatically changed their password to secure their account. Here’s a typical message: ...

Avira TechBlog: This is good news – for the recently acknowledged zero-day security vulnerability within Adobe Flash Player, Acrobat and Reader there will be a first update available tomorrow. Adobe updated their security advisory on that matter to reflect the update schedule – the Flash player update fixing the vulnerability for Windows, Mac, Linux and Solaris will be available tomorrow, Friday, April 15. For the also vulnerable Adobe Reader and Acrobat, updates are planned “no later than the week of April 25, 2011″. The only exception is Adobe Reader X for Windows which will be updated on the regular planned Patchday on June 14, as the integrated sandbox prevents successful exploitation there according to Adobe. ...

Sophos Labs: Millions of blog owners around the world are being advised to consider their password security, after WordPress.com was hacked. To its credit, Automattic – the company behind the WordPress.com blogging platform – didn’t mince its words or try to apply any spin to the incident, explaining it had suffered a “low-level (root) break-in to several of [its] servers, and potentially anything on those servers could have been revealed.” ...

Follow up from: Hacker Gains Access To WordPress.com Servers Tech Crunch: WordPress.com has revealed that someone has gained root-access (“low-level,” as in deep) to several of its servers this morning and that VIP customers’ source code was accessible. WordPress.com VIP customers are all on “code red” and in the process of changing all the passwords/API keys they’ve left in the source code. “Tough note to communicate today: Automattic had a low-level (root) break-in to several of our servers, and potentially anything on those servers could have been revealed. ...

Tech Crunch: WordPress.com has revealed that someone has gained access to several of the their servers this morning and that VIP customers’ source code was accessible. WordPress.com customers are all on ‘code red’ and in the process of changing all the passwords/api keys they’ve left in the source code. “Tough note to communicate today: Automattic had a low-level (root) break-in to several of our servers, and potentially anything on those servers could have been revealed. ...