Security

Avira TechBlog: It looks like new Chrome releases aren’t due every six weeks as Google announced a few weeks ago, but once a week now – the company just released Chrome 10.0.648.204 and fixes 6 highly critical security vulnerabilities with it. Those security vulnerabilities allow attackers to smuggle in malware like Trojans without the user noticing. That is why the automatic update mechanism is so important: When clicking on the tool symbol and choosing the “About Google Chrome” menu entry, the version check should show that Chrome is already on the current release – or offer to download and install the update in case that didn’t happen yet. ...

Avira TechBlog: Today is a busy day for those who want to keep their computers secure: Many updates are available, from Adobes Flash Player over Apples Mac OS X operating system to the Firefox web browser. There is a security vulnerability in Flash player which became public as a zero day vulnerability a week ago. It has been attacked in a limited fashion. Now Adobe released this security update which users can download from the website of the company. As this security vulnerability already gets actively exploited, users and administrators should apply the update immediately. ...

Sophos Labs: Good news on the social networking security front is that Twitter has finally got its act together to offer an Always use HTTPS option. If you turn on this option, all of your personalized interaction with Twitter will be encrypted – not only while you are logging in, but also while you are posting tweets. A lot of people fail to recognize the value of using HTTPS on Twitter. As long as your username and password are sent over HTTPS, so no-one can sniff them out of the ether, who cares if your tweets go over plain HTTP? After all, a tweet is meant to be public. ...

Sophos Labs Blog: If you’re interested in computer security, you’ve probably heard of PWN2OWN. It’s a competition which has become an annual fixture at the annual CanSecWest conference in Vancouver, British Columbia. The competition gets its name because, as the CanSecWest organizers explain, “If you can execute arbitrary code (PWN) on these [laptops or mobile phones] through a previously undisclosed browser (Firefox, IE, Safari) exploit, you can go home with one (OWN).” ...

Avira TechBlog: Well, actually we expect some more updates as some security vulnerabilities have been revealed at the Pwn2Own contest during the CanSecWest security conference. Google is the first and pushes out version 10.0.648.133 – which fixes one security vulnerability within WebKit (the base of the Blackberry, Chrome and Safari webbrowsers). As usual, the update is spread via the built-in automatic update mechanism. Users can make sure to use the latest version by clicking on the tool symbol and choosing the “About Chrome” menu entry. ...

Safari just got served. At this year’s Pwn2Own conference, security firms and enthusiasts are doing their very best to discover and deploy exploits to some of the world’s most popular browsers. Chrome, Firefox, Internet Explorer, and Safari, they’re all on the menu for conference attendees and some have definitely faired better than others. Google issued a challenge, promising $20,000 to any person or team that could crack Chrome on the conferences opening day, but the two teams scheduled to take a swing backed down. Firefox is, for the time being, still standing, and, per usual, Microsoft’s Internet Explorer was taken down without much fuss. But which browser faired the worst? That would be Apple’s Safari. A French security research firm named Vulpen managed to break into Safari running on a MacBook Air in a cool five seconds. The company noted that the Safari update issued by Apple yesterday — version 5.0.4 — fixes some of the vulnerabilities, but not all. The takedown of Safari 5.0.3 used exploits that are still available in the updated code base. Go ahead Apple detractors, have a little fun in the comments section. ...

Avira’s Anti-Virus Technology Used by ZeoBIT in New System Utility – MacKeeper Avira provides anti-malware scanning engine to MacKeeper App Tettnang / Silicon Valley, March 11, 2011 – IT security expert Avira announced today that it licensed its industry-leading antivirus product to Silicon Valley-based ZeoBIT to be used in ZeoBIT’s MacKeeper product. MacKeeper is an all-in-one app that includes 16+ unique features for security, cleaning, data control and optimization for Macintosh computers. ...

Google Chrome Security Team wrote: We’re always working hard to enhance the Chrome browser with bug fixes, new defenses and new features. The release of Chrome 10 is no different, and there are some items worth highlighting: Chrome 10: Flash sandboxing With Chrome 10, our first cut of the previously announced Flash sandboxing initiative is now enabled by default for the Windows platform on Vista and newer. Additionally, because we automatically update Flash to the latest and most secure version, this should provide useful defense in depth. ...

BetaNews.com: Android handsets infected with malware are getting a cleaning job from Google. On March 2nd, Google removed 21 apps from the Android Marketplace that contained malicious code (the number of infected apps is now 58). Now Google is “remotely removing the malicious applications from affected devices” and “pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices,” according to a blog post by Rich Cannings, Android security lead. ...

Internet giant buys into security. Internet giant Google has acquired software analytics firm Zynamics, it was announced yesterday. The German company, which was founded in 2004 by CEO Thomas Dullien (aka Halvar Flake) to research the automation of reverse engineering and code analysis, now produces four reverse-engineering tools:BinDiff, VxClass, BinNavi and BinCrowd, which are widely used by researchers in the security community. ...