Security

The H-Online: Adobe has released a public beta of a sandboxed version of its Flash plugin for Firefox in an effort to improve its security. The new “Protected Mode” for Flash, which has been in development for at least a year according to Adobe engineer Peleus Uhley, runs with restricted privileges and, to further limit its access to the system, can only access system resources through a broker. This should help intercept attackers trying to gain access to a system through malicious Flash files. ...

The H-Online: RealNetworks has released an update to RealPlayer to close a number of holes in its media player application. Version 15.02.71 of RealPlayer addresses a total of seven remote code execution vulnerabilities, rated as highly critical by Secunia, which could be exploited by an attacker to compromise a victim’s system. These include errors when processing RMFF Flags, VIDOBJ_START_CODE and RealAudio coded_frame_size, as well as RV10 Encoded Height/Width, RV20 Frame Size Array and RV40 content. A remote code execution problem in Atrac Sample Decoding has also been fixed but is not found in the 15.x.x branch of the media player; this issue affects Mac RealPlayer 12.0.0.1701 but is reportedly not found in version 12.0.0.1703. ...

The Hacker News: Roland Dela Paz, a threat response engineer with Trend Micro have discovered a piece of malicious software that automatically uploads its stolen data cache to the SendSpace file-sharing service for retrieval. File-storage services offer several advantages for cybercriminals. SendSpace accepts files and then generates a link that can be shared with other people to download the content in the files. The malware has been configured to send files, copy the download link and send it to a command-and-control server along with the password needed to access the archive, Dela Paz wrote. ...

The H-Online: Versions 1.7.5 and 2.5.1 of the open source Joomla! content management system (CMS) have been released to address two information disclosure vulnerabilities. These include one medium severity problem in Joomla! 1.7.x that could allow an unauthorized user to gain access to the error log stored on a victim’s server, and, in both versions, an inadequate validation problem that could be exploited to gain access to private data. The update to Joomla! 2.5, which arrived last month, also fixes 30 bugs, including one that caused batch processing to break. ...

The H-Online: The German Federal Office of Information Security (BSI (German), BSI English) has compiled security recommendations for Windows PCs that will probably sound familiar to regular readers of The H: Anti-virus software – including free solutions –, backups, security updates, an alternative browser such as Google Chrome and “a healthy level of mistrust” are the main components of its proposal for a secure Windows PC. As the UK lacks a governmental organization that makes such recommendations, as usually such organizations recommend policy for public projects, it is worth seeing what Germany’s BSI suggests. ...

SophosLabs: Beware of malware lurking on news websites claiming to containing breaking news stories. I’ve seen a worrying number of Facebook users posting the same status messages today, claiming that the United States has attacked Iran and Saudi Arabia in a move heralding the beginning of World War 3. Well, that would certainly get your attention, wouldn’t it? A typical status message looks like the following: U.S. Attacks Iran and Saudia Arabia. F**k 🙁 [LINK] The Begin of World War 3? ...

The H-Security: Unknown attackers have tried to use an invitation to a prestigious conference to inject a Trojan into companies in the defense sector. The security firms Seculert and Zscaler report that opening an attached PDF flyer caused recipients’ computers to be infected with spyware via a previously undisclosed hole in Acrobat Reader. According to the report, the attack mainly targeted government-related organizations, including military and aerospace contractors, in Europe and in the US. The security firms said that the attacks started back in 2009 and peaked in autumn 2010. Talking to The H’s associates at heise Security, Seculert CTO Aviv Raff added that compromised computers, some of which had been infected for two years, were only discovered a few weeks ago. ...

The H-Security: The PHP developers are working to fix a critical security vulnerability in PHP that they introduced with a recent security patch. The current stable release is affected; however, it is not yet clear whether the questionable patch was also applied to older versions. The cause of the problem is the security update to PHP 5.3.9, which was written to prevent denial of service (DoS) attacks using hash collisions. To do so, the developers limited the maximum possible number of input parameters to 1,000 in php_variables.c using max_input_vars. Because of mistakes in the implementation, hackers can intentionally exceed this limit and inject and execute code. The bug is considered to be critical as code can be remotely injected over the web. ...

SophosLabs: Facebook users are innocently sharing advice with their online friends about how women can avoid being kidnapped and raped, not realizing that they are perpetuating a hoax. Here’s a typical message that is being shared, which comes attached to an image of a young woman gagged and tied up in the trunk of a car. PLEASE READ CAREFULLY This message is for every Girl Who Goes to college or office alone.If u find any child carrying on road showing his/her address n asking u to take him/her to that address,take that child to police station n plz don’t take it to that address . IT IS A NEW WAY GANGS TO STEAL,RAPE and KIDNAP GIRLS .plz circulate to all .don’t feel shy to copy This as ur status . OUR ONE MESSAGE MAY SAVE A GIRL ...

SophosLabs: Facebook’s IPO is the most hyped initial public offering in years, with much speculation about just how many billions of dollars the social networking phenomenon will be valued at. There’s no doubt that 27-year-old Mark Zuckerberg, the founder of Facebook, is going to become a very rich man – and will be able to buy an even larger wardrobe of hoodies. So, congratulations to Zuck and his management team. Although we have often had our concerns about Facebook when it comes to their stand on privacy and security, there’s no doubt that they’ve done something extraordinary in commercial terms. ...