Security

Ed Bott’s Microsoft Report posted something interesting in ZDNet: You want a good, solid, free antivirus program? Microsoft Security Essentials fills the bill nicely. Unfortunately, even though it was officially released more than a year ago, it’s still one of the best-kept secrets in personal computing. Its installed base of 30 million users worldwide might sound big in raw numbers, but it’s a drop in the bucket compared to the billion-plus Windows PCs in use. ...

A perverted hacker who spied upon more than 200 women via their webcams and microphones, after infecting their computers with malware, was arrested earlier this year by the FBI after a two year investigation. The 31-year-old man broke into victims’ personal computers, and stole personal information. Threatening to share the private information with their parents and email contacts, the man pressured the young women (some of them still young teenagers) into providing him with risqué pictures and videos. ...

Microsoft has released a security advisory concerning a vulnerability affecting Internet Explorer versions 6, 7 and 8. This vulnerability may allow an attacker to execute arbitrary code. Full details here. Visit Microsoft’s page here to get full instructions. You can find the workarounds under the “Suggested Actions” twisty. The workarounds include overriding the Web site CSS with a user-defined style sheet, deploying the Enhanced Mitigation Experience Toolkit, enabling Data Execution Prevention (DEP) for Internet Explorer 7 and setting Internet and Local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting in these zones.

Sophos has released a free antivirus product for consumers using Mac OS: Sophos Anti-Virus Home Edition for Mac. Although commercial antivirus products for Macs have been available for some time, Sophos’ offer is one of the very few free ones. The Internet security firm took its existing enterprise antivirus software and slimmed it down to reduce complexity. Interestingly, the company has no plans to release an equivalent free version for Windows. Windows threats are in the millions while the number of strains of Mac malware is in the thousands. ...

Avira TechBlog: Adobe warns of a new vulnerability in Flash Player and in Reader. The problem is within authplay.dll and the corresponding .lib in the Unix versions. It allows attackers to inject malicious code like Trojans with specially prepared documents or Flash objects. The company works on a patch which it plans to release on the 9th of November. Until then, deleting the authplay library helps to prevent a successful attack. Flash or Reader will crash then when a file requests the services from authplay, but this is clearly better than having an infected system.

Adobe have published details of a critical vulnerability the following applications. Adobe Flash Player 10.1.85.3 and earlier versions Adobe Reader 9.4 and earlier 9.x versions Adobe Acrobat 9.4 and earlier 9.x versions The vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Reader and Acrobat 9.x. Adobe is not currently aware of attacks targeting Flash Player. ...

**Mac: Hi PC, I’m not feeling so hot today… ** PC: Oh, I know ALL about that. I think you have a virus! Security experts by and large agree that security via obscurity is not a wise model for protecting customers over the long term. That’s exactly the model Apple has employed successfully for some time now. However, its luck finally appears to be running short. ...

Internet is great, and everyday millions of people spend their day surfing it, using Google, Gmail, Youtube, Twitter, Facebook, etc. Some people buy at ebay, or Amazon. Even some people use it to work, though these cases maybe not that common As a reader of this blog, you are concerned about security and therefore you already know that connecting through public WiFi is a risky sport. But it is also really convenient, how many of you have done it in McDonalds,Starbucks, etc.? Yeah, me too ...

Currently cyber criminals try to make fast money by spamming out emails in masses in Germany which allegedly stem from an Advocate specialized in copyright. According to the spam mails, the user was downloading copyrighted material. An IP address is in the email to proof that. To not call the attorney to action, the recipient of the mail is offered to send 100 Euros via a payment system called Ukash. Don’t fall for that social engineering, don’t pay! ...

If you want to improve Google’s results and report spammy web pages, there’s a Chrome extension for you.Google Webspam Report adds a link next to each Google search result and automatically fills the spam report form with information like the URL of the page and your query. You can also use the button from Chrome’s toolbar to report pages. The most interesting feature is the integration with Chrome’s browsing history that lets you select recently visited pages and recent Google searches. ...