Archive for October – 2009 – Security and Privacy

Archive for October, 2009

Even Apple admit Windows 7 is wanted by more users

By derek | Filed in Apple, Hardware, microsoft

http://support.apple.com/kb/HT3920

Apple will support Microsoft Windows 7 (Home Premium, Professional, and Ultimate) with Boot Camp in Mac OS X Snow Leopard before the end of the year. This support will require a software update to Boot Camp

To my way of thinking this means that Apple have finally admitted that Windows has a wider user base and is more functional than any Mac OS

However anybody attempting to install any version of windows on a mac computer should be aware that Apple have not and will not issue W7 compatible drivers for much of their hardware so not everything will work using Windows on a Mac

Mozilla fixes 16 flaws with Firefox 3.5.4:

By derek | Filed in browser, firefox, mozilla, updates

http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.4

Mozilla fixes 16 flaws with Firefox 3.5.4:

http://www.computerworld.com/s/article/9140008/Mozilla_fixes_16_flaws_with_Firefox_3.5.4

Mozilla today patched 16 vulnerabilities in Firefox, 11 of them critical, as it updated the open-source browser to version 3.5.4.

The 11 critical Firefox 3.5 vulnerabilities were located in a variety ofn components, including Web worker calls, the GIF color map parser, the string-to-number converter, a trio of third-party media libraries, and both the JavaScript and browser engines.

Tags: browser, firefox, mozilla

More HMRC Phishing and very difficult to block

By derek | Filed in Malware, Phishing, Privacy, Warnings and Alerts

I am getting concerned at the latest phishing attacks aimed at UK citizens who have to submit tax returns by November

The Anti-phishing sites are unable to block the sites or warn you that you are on a phishing site because the html is a web page on your computer so NEVER checked

Even if you press submit, it bounces immediately to the genuine HMRC site so isn’t blocked Read the remainder of this entry »

How to catch out a scumbag fraudster

By derek | Filed in Antivirus, Malware, Rogue Software, Warnings and Alerts

S!ri is well known in the anti-malware community for his SmitfraudFix program that removes rogue softwares and for his tireless work in tracking down and keeping us all up to date with the ever increasing number of fake AV programs & rogue software

If it wasn’t so serious for the poor infected victim who falls for the scam from a lot of website owners who push certain anti-malware programs ( for high commissions) that tend not to fix what they say they do , this would be very funny

Read the full story of how S!ri got his own back on them and exposed them for the fraudsters they are

S!Ri.URZ: Secure Shield fake rogue.

Microsoft Malware Protection Center : Microsoft Security Essentials

By derek | Filed in Antivirus, Malware, microsoft, updates, Warnings and Alerts

Microsoft Malware Protection Center : Microsoft Security Essentials –
Week One:
http://blogs.technet.com/mmpc/archive/2009/10/15/microsoft-security-essentials-week-one.aspx

The Windows 7 numbers are spectacular for an operating system that
hasn’t yet released for global availability. Even better, about 1/3rd
of Windows 7 Microsoft Security Essentials machines are 64-bit, which is
even more resistant to malware than 32-bit due to PatchGuard.

By looking at detections divided by active Microsoft Security Essentials
machines over the whole population, we see far more detections per XP
machine, with the fewest from Win7. This follows our usual observed
trend of seeing less malware on newer OSes and service packs.

Microsoft Patch Registration Cleanup Tool

By derek | Filed in microsoft, updates

Brief Description:
On a computer that has a Windows Installer based product installed, you may receive an error while installing an update for the product and the installation of the update may fail

Windows Installer uses the registry to record information about updates installed for each Windows Installer-based product. These registry keys help identify the state of each update: registered, applied, superseded, or obsoleted. Information about installed updates is stored across several registry keys and values. To allow for the product to be in a serviceable state in which it can be repaired, updated, or uninstalled, it is critical for the data in these registry keys to be synchronized. When the data in these registry keys is no longer synchronized, maintenance mode operations cannot be performed on the product .msi file.

The Patch Registration Cleanup Tool helps resolve some issues that are related to invalid or corrupted update registration. This tool lets you bring the product back to a known state so that you can reinstall updates.

http://support.microsoft.com/?kbid=976220

direct download for the Patch Registration Cleanup Tool

Applies to all currently supported windows versions from XP SP2 up to Windows 7 including all versions of Vista ( SP1 and higher) & server 2003 (SP2 ) and server 2008

Outlook Web Access Social Engineering Malware Scam – Security Labs Alert

By derek | Filed in Antivirus, Exploits, Malware, microsoft, Phishing, Privacy, Warnings and Alerts

Websense® Security Labs™ ThreatSeeker™ Network has discovered a new wave of malicious attacks claiming to be an update for Microsoft Outlook Web Access (OWA). Victims receive a message leading to a site to apply mailbox settings which were supposedly changed due to a “security upgrade.” Read the remainder of this entry »

Hacked Facebook applications reach out to exploit sites in Russia – AVG Blogs | Roger Thompson

By derek | Filed in Exploits, Malware, Warnings and Alerts

Hacked Facebook applications reach out to exploit sites in Russia

All the social networking sites have issues with calling out to exploit pages. Usually what happens is that someone’s website gets hacked, and because they link to it from their MySpace or Facebook page, their contacts and friends sometimes get drawn to the attack sites. This is quite common, and we’ll write about it soon, but today’s story is a little different, in that these seem to be actual Facebook applications that have been hacked. (Please note that the application developer(s) are innocent victims too, and did not intend for their games to be hacked.) Read the remainder of this entry »

Microsoft Security Bulletin Summary for October 2009

By derek | Filed in Exploits, microsoft, updates

Microsoft has issued its biggest ever security update on 13 October.

The update includes 13 bulletins that between them tackle 34 vulnerabilities.

Microsoft said that eight of the bulletins were rated as critical – the most serious sort of vulnerability.

The security patches close loopholes in many different programs including different editions of Windows, Internet Explorer and some elements of Office.

One update, rated as critical, tackles a loophole in Internet Explorer 8 running under Windows 7. The next version of Microsoft’s operating system is due to be released on 22 October.

For home users the best way is to use Microsoft update on your computer.

These updates are vital and need to be installed immediately Read the remainder of this entry »

Fake HMRC emails. Web page contains a zbot trojan

By derek | Filed in Uncategorized

Currently spreading in UK are emails pretending to come from HMRC ( Inland Revenue/Tax Office) warning of a fraud on your account with underpayment of tax

If you follow the link you will arrive on a page looking reasonably like the genuine HMRC page

If you are unwary enough to click on the link telling you to download the statement, you will get a z-bot trojan

Every click on the link gives a different version of the trojan, which makes it hard for Antiviruses to have detections for all of them

Search

Security and Privacy