Blog

Sophos Labs: Repeat after me: It’s “Facebook”, not “FaceBook”. Learn that lesson and it can be one of the tricks you can use to protect yourself against a spammed-out malware campaign, which tries to trick you into believing that Facebook support has changed your password. Computer users are receiving emails claiming that the popular social network has automatically changed their password to secure their account. Here’s a typical message: ...

Avira TechBlog: This is good news – for the recently acknowledged zero-day security vulnerability within Adobe Flash Player, Acrobat and Reader there will be a first update available tomorrow. Adobe updated their security advisory on that matter to reflect the update schedule – the Flash player update fixing the vulnerability for Windows, Mac, Linux and Solaris will be available tomorrow, Friday, April 15. For the also vulnerable Adobe Reader and Acrobat, updates are planned “no later than the week of April 25, 2011″. The only exception is Adobe Reader X for Windows which will be updated on the regular planned Patchday on June 14, as the integrated sandbox prevents successful exploitation there according to Adobe. ...

Sophos Labs: Millions of blog owners around the world are being advised to consider their password security, after WordPress.com was hacked. To its credit, Automattic – the company behind the WordPress.com blogging platform – didn’t mince its words or try to apply any spin to the incident, explaining it had suffered a “low-level (root) break-in to several of [its] servers, and potentially anything on those servers could have been revealed.” ...

Follow up from: Hacker Gains Access To WordPress.com Servers Tech Crunch: WordPress.com has revealed that someone has gained root-access (“low-level,” as in deep) to several of its servers this morning and that VIP customers’ source code was accessible. WordPress.com VIP customers are all on “code red” and in the process of changing all the passwords/API keys they’ve left in the source code. “Tough note to communicate today: Automattic had a low-level (root) break-in to several of our servers, and potentially anything on those servers could have been revealed. ...

Tech Crunch: WordPress.com has revealed that someone has gained access to several of the their servers this morning and that VIP customers’ source code was accessible. WordPress.com customers are all on ‘code red’ and in the process of changing all the passwords/api keys they’ve left in the source code. “Tough note to communicate today: Automattic had a low-level (root) break-in to several of our servers, and potentially anything on those servers could have been revealed. ...

Fulfilling the hints Microsoft dropped back in March, the Redmond software company unveiled the first platform preview of Internet Explorer 10 at MIX 11 in Las Vegas on Tuesday. This first preview of Internet Explorer 10 builds on the big HTML5 push that began with IE9, and adds support for more advanced Web standards, such as CSS3 Gradients as background images, and CSS3 Flexible Box and multi-column layout. Microsoft said code refreshes will take place approximately every twelve weeks for IE10. ...

BetaNews: Google found itself fending off criticisms from competitor Microsoft on Monday over whether or not its Google Apps product truly had an important government security clearance. Called the Federal Information Security Management Act (FISMA) standard, the Mountain View, Calif. company claimed on its webpage that the Government version of Apps had it. It didn’t. Instead, Google Apps Premier had the proper certification, while the more restrictive Government version was still in the process of getting FISMA certified. This is required by some government agencies in order to participate and win bids for any IT contract. ...

H-Online: In a post on the project’s security announce mailing list, Ubuntu Release Manager Kate Stewart has reminded users that the desktop version of Ubuntu 8.04 LTS, code named Hardy Heron, will reach its end of life in May. Version 8.04 of the Debian-derived Linux distribution was released on 24 April 2008. Based on the 2.6.24 Linux kernel, it placed a stronger focus on stability and ease of use, rather than on new features, and included the GNOME 2.22 desktop environment, as well as a new installer that allowed Ubuntu to be installed directly under Windows without having to boot from CD or re-partition the hard disk. Built-in applications included version 2.4 of the OpenOffice.org office suite, Firefox 3.0 Beta 5, the F-Spot photo manager and the GIMP image editor. After 12 May 2011, no new updates, including security updates and critical fixes, will be available. The server edition of Ubuntu 8.04 LTS will continue to be supported until May 2013. ...

H-Online: It’s a record for Microsoft: 9 critical and 8 important updates close a total of 64 security holes. In the worst case, a number of the vulnerabilities allow for remote code execution; in other words, arbitrary code can be injected and executed, such as from specially crafted documents and websites. Microsoft put 44 of them in the category Exploitability Index 1, meaning that the code that exploits the flaw will probably go into circulation soon. ...

H-Online: In a post on their home page, the Flock developers have announced that support for their Chromium-based social web browser will officially be discontinued on 26 April 2011. Thanking their “loyal users” for their support, the developers encourage the Flock community to migrate to another browser. Flock began life as a cross-platform browser start-up in April 2005. Distinguishing itself from other browsers, Flock automatically managed updates and media from several popular social services, including MySpace, Facebook, Bebo, Digg, YouTube and Twitter. ...