News

First, make a note: after Adobe updates, restart your machine immediately to remove the Adobe Download Manger – it can be a vector for malcode. Now, back to our story. Aviv Raff has discovered a vulnerability with Adobe’s web site in combination with its Download Manager, an ActiveX script that is used to download updates for Reader and Flash. After a Reader or Flash update the download manager remains running on a user’s machine until it is rebooted. Malicious operators could exploit it to download their code of choice. ...

Representatives of computer companies and governments meeting at the EastWest Institute security meeting in Brussels said that an industry culture of obscure jargon is preventing the world’s two billion Internet users from putting security measures in place to protect themselves. The group met to figure out how to protect computer users from massive abuse, fraud, online theft, vandalism and espionage. The New York Times story carried the following quotes from those at the meeting: ...

Peter Coogan at Symantec put up a very interesting blog post yesterday about a crimeware kit called SpyEye v1.0.7 (on sale now on Russian sites — $500) that has a module that will kill a Zeus bot infection on a victim’s computer so the bot created by SpyEye can take it over. In September, Computer Weekly reported the Swedish telco Telia Sonera shut down the Internet connections of Latvian company Real Host after it was linked to the Zeus botnet. At the time, researchers said they believed Real Host’s servers had captured about 3.6 million PCs for the Zeus botnet. ...

A new user in the Netherlands became the 60 millionth person to sign up with LinkedIn, the professional social networking site. Facebook says it has 400 million users of whom half log in every day. Both are fabulous tools for communications and socializing, but making members’ identities and personal information so easily available carries some big risks. Our good friends at Sophos have pointed out that information can be harvested from LinkedIn for spear phishing. The site can contain enough information to be a virtual company directory. ...

A lot of Facebook members are becoming fans of “I don’t care about your farm, or your fish, or your park, or your mafia!!” This is basically a privacy issue I suppose. Shortly after noon today there were about 4,000 Facebook members joining every 10 minutes! If the surge continues it might become a Facebook denial-of-service issue! http://www.facebook.com/pages/I-dont-care-about-your-farm-or-your-fish-or-your-park-or-your-mafia/207382931457 The Wall Street Journal reported on this last night about 10 p.m. At that point they said 2,000 people were joining per minute. “Backlash Against Social Games Brews On Facebook” ...

At the BlackHat DC conference and SchmooCon, Nicolas Seriot, an independent researcher and Tyler Shields of Veracode have independently presented two very similar papers. The papers analyse weaknesses in security and application delivery models for iPhone and Blackberry and provide interesting read, especially if you are looking to write the next spyware application or a bot for one of the platforms. For me, the most interesting part of the papers is the one that shows that regardless of the implemented security mechanisms like data caging, providing applications with its own private storage, a third party application will be able to access a lot of potentially confidential data, like contact lists, sms and email storage and even the Blackberry’s microphone. ...

“YOURLS is a small set of PHP scripts that will allow you to run your own URL shortening service (a la TinyURL). You can make it private or public, you can pick custom keyword URL. It comes with its own API.” http://yourls.org/ It’s installed on your web server (needs PHP 4.3 or better and MYSQL 4.1 with mod_rewrite enabled.) _“Benefits: Not reliant on third party service Sends link juice to your domain, not a service provider Customize your short links Build your brand (showing your URL)” Story here. ...

(CNN)(The Frisky) — For anyone who is remotely active on Facebook, you no doubt have been faced at some point with inane updates on one of your friend’s kid’s colds or how wedding-planning was coming along for one of your engaged buddies. That’s why, when parenting Web site Babble published “Facebook’s Most Annoying Parents,” I immediately thought, “But what about all the annoying couples?” So, without further ado, I present to you the top four most annoying couples on Facebook. ** ** The too-much-in-love couple ...

Making good on a promise delivered just about one year ago, Facebook announced that its popular chat feature can now be accessed through any Jabber (XMPP)-compatible desktop instant messaging software, including AIM, iChat, Pidgin, Adium, Miranda, Trillian and… Users can simply connect their Facebook account with their instant messaging client of choice and they can then chat with Facebook friends without having to stay logged into the social networking site. Further, Facebook Chat has been integrated into the Facebook Connect platform for developers so other services wishing to integrate instant messaging into their sites. ...

Security blogger Brian Krebs is reporting that some Windows XP users are reporting blue screen of death on reboot after installing Microsoft’s Tuesday patch KB977165 (MS010–15: “Vulnerabilities in Windows kernel could allow elevation of privilege.”) “Turns out, a non-trivial number of XP users are reporting that their systems suffer from the dreaded Blue Screen of Death (BSoD) and fall into an interminable reboot loop after installing the latest batch of patches from Redmond,” ...