Report

The H-Online: The German Federal Office of Information Security (BSI (German), BSI English) has compiled security recommendations for Windows PCs that will probably sound familiar to regular readers of The H: Anti-virus software – including free solutions –, backups, security updates, an alternative browser such as Google Chrome and “a healthy level of mistrust” are the main components of its proposal for a secure Windows PC. As the UK lacks a governmental organization that makes such recommendations, as usually such organizations recommend policy for public projects, it is worth seeing what Germany’s BSI suggests. ...

The H-Security: The PHP developers are working to fix a critical security vulnerability in PHP that they introduced with a recent security patch. The current stable release is affected; however, it is not yet clear whether the questionable patch was also applied to older versions. The cause of the problem is the security update to PHP 5.3.9, which was written to prevent denial of service (DoS) attacks using hash collisions. To do so, the developers limited the maximum possible number of input parameters to 1,000 in php_variables.c using max_input_vars. Because of mistakes in the implementation, hackers can intentionally exceed this limit and inject and execute code. The bug is considered to be critical as code can be remotely injected over the web. ...

Earlier today we have seen a new Facebook clickjacking scam which spreads quite fast. I KNOW WHEN YOU LOOK AT MY PROFILE USING THIS: http://bit.ly/ NEW! See who views your profile! www..com Do you want to know who is looking at your photos right now? Find out who looks at your profile the most and what they look at! or other variant even more provocative: CLICK HERE TO SEE WHO IS STALKING YOU: http://bit.ly NEW! See who views your profile! www..com Do you want to know who is looking at your photos right now? Find out who looks at your profile the most and what they look at! ...

Drew Houston’s wildly popular service allows people to access the latest version of all their digital stuff on any device no matter where they are. Every day 325 million files are saved on Dropbox. Drew Houston, 28, chief executive and co-founder of Dropbox, last fall pocketed $250 million from seven of Silicon Valley’s top venture capital firms. That eye-popping sum pegged the value of his company at $4 billion and his own net worth — at least on paper — at an estimated $600 million. (Matt Staver, Bloomberg / July 6, 2011) ...

The H-Online: The first patches for the zero-day flaw in Adobe’s Acrobat and Reader applications, which the company confirmed was being exploited in the wild, have been released. The initial problem was caused by a memory corruption when processing Universal 3D (U3D) files, which could allow attackers to potentially take control of an affected system. The patches released also address a newly revealed critical flaw (CVE-2011-4369) which can cause memory corruption when processing Product Representation Compact (PRC) 3D files. ...

The H-Online Security: Microsoft has confirmed a report from Budapest-based Laboratory of Cryptography and System Security (CrySyS), which claimed that the Duqu bot spreads by exploiting a zero day vulnerability in the Windows kernel. How it spreads had previously been unknown. CrySyS discovered the Windows vulnerability whilst analysing the installer. The bot, which anti-virus software firm Symantec believes is related to Stuxnet, infects target systems using a specially crafted Word file which injects the malware into the system using a kernel exploit. Microsoft is already working on a patch. ...

The H-Security: In a blog posting, the MyBB development team has confirmed that the download package for version 1.6.4 of MyBB had been modified to include malicious code. Unknown attackers were able to exploit a vulnerability in the MyBB web site’s CMS (content management system) to inject and execute PHP code. The attackers placed a contaminated version of MyBB, containing a backdoor, on the server. It is unclear exactly when the hack took place, meaning that all downloads of 1.6.4 prior to 6 October could be affected. Users with MyBB systems are advised to check their installations and apply a patch. For rapid disinfection, the developers are advising users to replace the /index.php file with a clean version and to delete the /install/ directory. ...

The building housing the Dutch company DigiNotar, which issues digital Web site certificates and was hacked last month. The New York Times: He claims to be 21 years old, a student of software engineering in Tehran who reveres Ayatollah Ali Khamenei and despises dissidents in his country. _“I’m totally independent,” he said in an e-mail exchange with The New York Times. “I just share my findings with some people in Iran. They are free to do anything they want with my findings and things I share with them, but I’m not responsible.” _He Said. ...

SophosLabs: Following the widely-publicised disgrace of Dutch digital certificate issuer DigiNotar, a person calling himself ComodoHacker claimed that he’d breached four other Certificate Authorities (CAs), too. Only one of these CAs was named: GlobalSign, the world’s fifth-biggest issuer of digital certificates. In my opinion, GlobalSign would have been justified in ignoring this claim altogether. It comes across as a stream of made-up, self-serving puffery, including bluster like this: You see? I’m so smart, sharp, dangerous, powerful, etc. huh? ...

Business Insider: A new poll in France says 7 out of 10 people think Microsoft did more to change the world than Apple. We think we would have similar results in other countries, if only because a lot more people (still!) use Microsoft products than Apple products, at least for personal computing which is (still!) the most important part of computing. It’s hard to see a mention of Steve Jobs without the worlds “change the world” or “changing an industry.” And let’s give him his due. Let’s give him his due as one of the greatest entrepreneurs in history, as an amazing entrepreneur and visionary who left many “dents” in the universe. And he did change many industries, like music, film, and yes, personal computing. ...