Blog

H-Online: Officially, Adobe’s current update for Flash Player has closed only 13 holes, but unofficially it is said to have closed several hundred. Security specialist Tavis Ormandy, who works for Google, claims that he discovered 400 holes and notified Adobe of them. The specialist has now complained that, while the holes have been closed, they haven’t been mentioned in the official advisory, and he hasn’t been given credit for their discovery. ...

Posted by the Stop. Think. Connect. Campaign on Homeland Security Cyber predators are real. They use the anonymity of the Internet to target victims, especially today’s youth, with unwanted solicitations, harassment, and fraud. It’s important that parents discuss ways to stay safe online with their children, particularly before they use social networking sites. US-CERT offers the following tips for parents to help ensure their children stay safe online: Monitor computer activity – Keep your computer in an open area and be aware of what your children are doing, including who they’re talking to and what websites they’re visiting. Inform children of online risks – Discuss appropriate Internet behavior that is suitable for the child’s age, knowledge, and maturity. Talk to children about the dangers and risks of the Internet so that they recognize suspicious activity and secure their personal information. Keep lines of communication open – Let your children know that they can approach you with any questions or concerns about behaviors or problems they may have encountered on the Internet. Stop. Think. Connect. Protect yourself and help keep the web a safer place for everyone. For more information on Stop.Think.Connect., please visit www.dhs.gov/stopthinkconnect.

SOFTPEDIA: According to statistics gathered by cloud security provider Zscaler, 56.4% of enterprise users have out of date Adobe Reader plug-in versions inside their browsers. The company gathered statistics about browser plug-ins and presented the results in its “State of the Web” report [pdf] for the second quarter of 2011. “Nearly every browser is running some combination of plug-ins, add-ons or extensions. As with most software, older versions of plug-ins typically have more security vulnerabilities. This adds up to a tempting target for hackers,” the company warns. ...

H-Online: Security specialist Sophos reports that it has discovered new spam email messages that claim to be an advisory related to an update to the open source Firefox web browser. The fake advisory asks users to update their Firefox installations, “for security reasons”, and includes a download link to the supposed update. According to Graham Cluley of Sophos, the download leads to an executable file that bundles an installer for the Windows version of Firefox 5.0.1 and a password-stealing trojan (Troj/PWS-BSF). As noted by Cluley, users should always exercise caution when clicking on links in emails. ...

The Hacker News: Microsoft has announced that it will release 13 bulletins to address 22 vulnerabilities in Windows, Office, Internet Explorer, .NET and Visual Studio on its next Patch Tuesday. Another “critical” bulletin affects Windows server operating systems, and addresses a code-execution risk on unpatched systems. Also of note is an update restricted to newer versions of Windows (Windows 7 and Windows 2008) that tackles a potential, though difficult to exploit, code-execution risk. ...

SophosLabs: Facebook has taken security to a whole new level. I think this speaks for itself.

H-Security Online: Version 7.7 of QuickTime is now available for users running Windows XP SP2 or later and Mac OS X v10.5.8 Leopard. The maintenance and security update addresses a total of 14 security vulnerabilities in the multimedia application. QuickTime 7.7 closes holes on both platforms that could be used by an attacker to, for example, crash the application or execute arbitrary code on a victim’s system. For an attack to be successful, a victim must first open a specially crafted file or a malicious web site. A cross-origin issue that may lead to the disclosure of video data from another web site has also been fixed. The company notes that, for Mac OS X 10.6 users, these holes have already been addressed in 10.6.8; the latest version of Mac OS X, 10.7 Lion, is not affected. ...

The Google Chrome team announced the arrival of Chrome 13.0.782.107 to the Stable Channel for Windows, Mac, Linux, and Chrome Frame. Spanning 5200+ revisions, Chrome 13, contains some exciting new features like Instant Page rendering. To find out about other new features, check out the Official Chrome Blog. Change log is available here: Google Chrome Releases: Stable Channel Update

Microsoft announced the release of a Camera Codec pack for Windows that offers support for the RAW file format from within Windows Explorer as well as Windows Live Photo Gallery 2011. The Codec Pack has support for more than 120 RAW file formats from brands such as Canon, Nikon, Sony, Olympus, Pentax, Leica, Minolta, Panasonic, and Espon. The Codec Pack will allow you to generate thumbnail images from RAW files, once it is installed. ...

BetaNews: There is a lot of buzz about a recent set of tests by NSS Labs that show the Smartscreen reputation system in Internet Explorer 9 head and shoulders and most of the rest of the body above the competition in blocking malware on the web. I think the results of the test are even more important than they seem, considering previous reports that Microsoft plans to make Smartscreen a base part of Windows 8. This would extend parts of the protection to any executable hitting the file system. This would be big news. ...