Blog

There has been an “unprecedented wave” of exploits against vulnerabilities in Oracle’s Java during the third quarter of this year, according to data from the Microsoft Malware Protection Center. The software giant provided the following data to back its claims, outlining three specific vulnerabilities (all of which have patches available) that are being exploited en masse: CVE Attacks Computers Description 2008-5353 3,560,669 1,196,480 A deserialization issue in vulnerable versions of JRE (Java Runtime Environment) allows remote code execution through Java-enabled browsers on multiple platforms, such as Microsoft Windows, Linux, and Apple Mac OS X. 2009-3867 2,638,311 1,119,191 Another remote code execution, multi-platform issue caused by improper parsing of long file:// URL arguments. 2010-0094 213,502 173,123 Another deserialization issue, very similar to CVE-2008-5353. As you can see, the first two are particularly worrying: they’ve gone from hundreds of thousands per quarter to millions. The third one is the newest, so it’s possible that it will also do the same. ...

Google just took a jab at Microsoft. Oh, the search giant already did that last week, and it wasn’t the first time? Yes, you’re right, but now it’s Google CEO Eric Schmidt targeting the software giant’s biggest product, the latest version of which is particularly successful. Schmidt recently made comments about Windows 7 during a question and answer session at the 25th anniversary celebration of MIT’s legendary Media Lab. In a wide-ranging discussion with National Public Radio journalist John Hockenberry, Schmidt proclaimed that the goal of great technology is to get people to use computers less so they can be more productive. That’s fine, but he didn’t stop there. “The hours I spend reprogramming my PC in Windows 7 is not a very good use of my time,” he told students in the MIT Media Lab auditorium according to CRN. “Why I choose to do that in the first place is a problem with judgment,” he added. ...

The time for rumors and speculations is drawing to a close—as far as AMD’s upcoming Radeon HD 6850 and 6870 are concerned, at least. These two next-generation graphics cards are churning away in Damage Labs as we speak, and for the first time, we can bring you official, genuine pictures of them. Here’s the 6870… …and its little brother, the Radeon HD 6850: and More pictures: ...

Apple’s chief executive, Steve Jobs, said that Google’s mobile platform was “fragmented” and bad for developers and consumers. Steve Jobs launched in to an astonishing five-minute critique of rival companies, operating systems and platforms during the earnings call, in which Apple announced record profits of $20bn for the quarter. He said that the Google Android platform was “fragmented”, and not as open as some people made out, while also saying that iPad-style tablet computers with smaller 7in screens would be “dead on arrival”. ...

Google is set to expand into television production by joining forces with Sony to release new TV sets that allow viewers to browse the Internet. The high-definition sets, which were unveiled in New York, will have LCD screens ranging from 24 inches to 46 inches and a remote control system that comes with the standard QWERTY keyboard to enter search requests, send emails or make comments on the Web whilst simultaneously whilst watching television. ...

The New Acrobat X is finally here! What can it do for education? Here is a quick list of new and improved features: New user interface The Interface tool pane brings top user needs out front Customizable Tool Bar Tools Pane reveals most useful tools to improve productivity Tools and Tasks are easier to access HUD display provides more real estate for viewing __ Amazing document repurposing New export options allow for Word and Excel options including headers, footers, and worksheets New scanning engine improves accuracy and file size Efficient tagging and reflow ensure viewing and access on a variety of screens __ ...

Media report about a new privacy leak on Facebook which has been found just recently. It is possible to find out with which persons someone is in contact with – therefore one just has to create a fake account using a known email address of the person to spy upon. Facebook doesn’t verify whether the address is real so the new account can already be used. Up to 20 contacts are visible according to the reports. ...

You might be wondering why the frontpage of Twitter has a big “Edit” line running through it in the screenshot below: The answer, of course, is that this is not the real Twitter page at all. It’s part of an increasingly popular kit used for shenanigans: The scammer downloads the zip, edits the links in the .htm file and places something likely to catch the attention of an end-user underneath the “Edit” line. The fact that the fake content is sitting directly underneath the “New Twitter” promotional text is not a coincidence. ...

Sometimes we encounter childish messages from the authors in the body of malware. A variant of the TDSS family we got recently is even going a step further by offering a convenient location for a malware signature. The samples include the message “Put your signature here”, which is shown when run inside a debugger. While in many cases signatures could be still useful for detection, Avira prefer to use other technologies which are more generic and proactive. This is especially the case with malware families like TDSS/Alureon, whose authors continuously adapt their creations so they are able to work around even proactive detection in a short time. This variant is detected as TR/Crypt.XPACK.Gen3.

RealNetworks, Inc. have published product upgrades addressing vulnerabilities in RealPlayer SP 1.1.4 and earlier. The vulnerabilities may allow an attacker to execute arbitrary code. Windows users of RealPlayer SP 1.1.4 and earlier are advised to upgrade to the latest version here For more information, visit RealNetworks’ security advisory here