We all understand that adverts are a necessity in todays world to defray costs in running a website and an occasional rogue or misleading advert will slip through. I use Google adsense here on this blog and hope that all the adverts will be honest and above board. All webmasters, blog owners and Forums admins do need to keep an eye open for such adverts. Google must take a high degree of responsibility and start to police its advertising system more closely and weed out these deliberately misleading adverts.

The Company Justanswer.com who publish the adverts should be ashamed of themselves and I ask all readers to avoid that company and any others that use such underhand tactics to drive vulnerable visitors to their site.

http://blogs.technet.com/msrc/archive/2010/02/28/investigating-a-new-win32hlp-and-internet-explorer-issue.aspx

Hi everyone,
On Friday 2/26/2010, an issue was posted publicly that could allow an attacker to host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop up dialog box. We are not aware of any attacks seeking to exploit this issue at this time and in the current state of our investigation, we have determined that users running Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista, are not affected by this issue.

The issue in question involves the use of VBScript and Windows Help files in Internet Explorer. Windows Help files are included in a long list of what we refer to as “unsafe file types”. These are file types that are designed to invoke automatic actions during normal use of the files. While they can be very valuable productivity tools, they can also be used by attackers to try and compromise a system. To help customers better understand unsafe file types, we have published a white paper on the topic which you can find by clicking this link.
Once we have completed our investigation, we will take appropriate action to protect customers. To minimize risk to computer users, Microsoft continues to encourage responsible disclosure. Reporting vulnerabilities directly to vendors without further disclosure helps ensure that customers receive comprehensive, high-quality updates before cyber criminals learn of – and work to exploit – a vulnerability. Responsible disclosure protects the computer ecosystem and individual computer users from harm.
Anyone believed to have been affected can visit: http://www.microsoft.com/protect/support/default.mspx and should contact the national law enforcement agency in their country. Those in the United States can contact Customer Service and Support at no charge (for computer security related issues) using the PC Safety hotline at 1-866-727-2338 (PCSAFETY). Customers outside of the United States can visit http://support.microsoft.com/international to find local support information.
We continue to encourage customers to follow the “Protect Your Computer” guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at: www.microsoft.com/protect.
We will provide more information on this issue as it becomes available.
Thanks,
Jerry Bryant
Sr. Security Communications Manager Lead
*This posting is provided “AS IS” with no warranties, and confers no rights.*

The full version of the Microsoft Security Bulletin Advance Notification for this release can be found at  http://www.microsoft.com/technet/security/bulletin/ms10-jan.mspx.

http://www.avertlabs.com/research/blog/index.php/2010/01/14/more-details-on-operation-aurora/

http://www.microsoft.com/technet/security/advisory/979352.mspx

I will  keep you posted when I hear more

best advice at this time is make sure antivirus is updated to protect, watch where you surf & consider an alternative browser or set IE protection to high

However bear in mind these have all been targeted attacks against specific companies & institutions so less likely to affect the average user, at least until the skiddies get their hands on the exploit

OK if you are still using IE 6 or 7 on any version of windows

use the fixit Microsoft have issued http://support.microsoft.com/kb/979352

You do not need this fix if you are using Internet Explorer 8 on Windows XP Service Pack 3 (SP3) or on Windows Vista SP1 or later versions ( including Windows 7 ) . This is because Internet Explorer 8 opts-in to DEP by default on these platforms.

Click here to install Flash 10.0.42.34.

Click here to install AIR 1.5.3.

The expanded security advisory explains that critical vulnerabilities could provoke crashes or remote code execution. Adobe Flash Player 10.0.32.18 and earlier versions and Adobe AIR 1.5.2 and earlier versions on all platforms are vulnerable.

7 new vulnerabilities are described cursorily. A patch to an eighth and older vulnerability is also updated. Adobe issues thanks to 6 different researchers for the help they provided with the vulnerabilities.

The advisory also adds that Flash Player version 10.1, which Adobe expects to release in the first half of 2010, will be the last to support PowerPC-based G3 Macs. They are discontinuing support, including security updates, past that version because they are implementing performance enhancements not supported in those processors.

A slightly different approach came into my inbox today which asked me to confirm the item in my shopping basket. Now I haven’t shopped with Littlewoods online but you can be sure that thousands of people have and the same scam will be applied to just about every well known online shopping site this season.

The email looks quite believable

The website if you follow the link looks exactly like the real Littlwoods shopping site Account sign in page EXCEPT that the real Littlewwoods or ALL reputable shopping sites will have a Padlock icon and the  site address will start with HTTPS and the address bar will turn green to show that you are on a secure site

This screenshot shows the fake site and I have blanked out the address for safety reasons

These show how a genuine site will appear in Internet Explorer 8 on left and Firefox on right. Both show the padlock icon and a green safe address bar. A genuine shopping site will always start HTTPS to show a secure site when you are asked to put in any details. The front page of the site might be a normal http:
Unfortunately a lot of well known shopping sites haven’t yet signed up to the Extended Valuation green bar very secure system yet so watch for the closed padlock and HTTPS in the address bar to show a secure site. In Firefox browser the closed padlock is on the bottom right hand corner of the page, not in the browser address bar

I strongly recommend using ROBOFORM which keeps all passwords in a secure encrypted database that only you (not a keylogger or malware) can access and use it to create safe secure passwords

Today Microsoft released Security Advisory 977544 to provide information, including customer guidance, on a publicly reported Denial-of-Service (DoS) vulnerability affecting Server Messaging Block (SMB) Protocol. This vulnerability, in SMBv1 and SMBv2, affects  Windows 7 and Windows Server 2008 R2. Windows Vista, Windows Server 2008, Windows XP, Windows Server 2003 and Windows 2000 are not affected.

It needs to be made  clear that this is a DoS vulnerability that is unrelated to Microsoft Security Bulletin MS09-050 which addressed a remote code execution vulnerability in the SMBv2 protocol. This vulnerability would not allow an attacker to take control or install malware on a user’s system, but could cause the affected system to stop responding until manually restarted.

http://blogs.technet.com/msrc/archive/2009/11/13/microsoft-security-advisory-977544-released.aspx

Description: Sun’s implementation of the Java Runtime Environment (JRE) and Java Web Start contains multiple vulnerabilities. A specially crafted Java application, an audio or image file or an applet could trigger one of these vulnerabilities, with consequences ranging from arbitrary code execution with the privileges of the current user to denials-of-service and security restriction bypass. Note that, depending upon configuration, Java applets embedded in web pages may be opened automatically upon the loading of the page. One of the error is that the update mechanism does not update JRE to the new version when running on non-English Windows versions. There are errors in decoding DER encoded data and the parsing of HTTP headers which might lead to memory exhaustion. There is an authentication bypass vulnerability in JRE while verifying HMAC digests. Multiple buffer overflow and integer overflow vulnerabilities have been reported in JRE while processing specially crafted audio and image files. There is a command execution vulnerability in JRE which could be triggered by a specially crafted web page. There is a flaw in the implementation of security model permissions in the Java Web Start Installer. Some technical details for some of these vulnerabilities are publicly available.

Status: Vendor not confirmed, no updates available. [edit] Updates are available

References:
Zero Day Initiative Advisories
http://www.zerodayinitiative.com/advisories/ZDI-09-076
http://www.zerodayinitiative.com/advisories/ZDI-09-077
 http://www.zerodayinitiative.com/advisories/ZDI-09-078
http://www.zerodayinitiative.com/advisories/ZDI-09-079
http://www.zerodayinitiative.com/advisories/ZDI-09-080
Sun Security Advisories
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270476-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270475-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269870-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269869-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269868-1
Product Home Page
http://java.sun.com
SecurityFocus BID
http://www.securityfocus.com/bid/36881

for this DO NOT rely on check for updates in JAVA control panel BUT go to http://java.com/en/download/ie_manual.jsp?locale=en&host=java.com:80

if you have a 64 bit version of windows, you need to install the standard 32 bit version AND the 64 bit version http://java.com/en/download/manual.jsp

Description: Adobe Shockwave Player, with over 450 million users, is a multimedia player that allows Adobe Director applications to be published and viewed by a browser that is installed with a Shockwave plug-in.

 Multiple vulnerabilities have been reported in Adobe Shockwave Player, which be triggered by a specially crafted Shockwave content.  There is a error in the way the invalid index is used.  There are also a couple of issues caused by the inappropriate use of the invalid pointer.  And the last issue is a memory corruption error when processing string lengths.

 In all the cases successful exploitation might allow an attacker to execute arbitrary code in the context of the logged on user.

There is not enough public information about these vulnerabilities.

Status: Vendor confirmed, updates available.

References:

 Adobe Security Bulletin (APSB09-16)  http://www.adobe.com/support/security/bulletins/apsb09-16.html

Wikipedia Article on Adobe Shockwave  http://en.wikipedia.org/wiki/

Adobe_Shockwave Product Home Page  http://www.adobe.com/products/shockwaveplayer/

 SecurityFocus BID http://www.securityfocus.com/bid/36905

Adobe recommends Shockwave Player users install Shockwave Player version 11.5.2.602 available here: http://get.adobe.com/shockwave/
Remember: You need to install shockwave in Every Browser you use separately, if you wish to use it in your browser

Mozilla fixes 16 flaws with Firefox 3.5.4:

http://www.computerworld.com/s/article/9140008/Mozilla_fixes_16_flaws_with_Firefox_3.5.4

 Mozilla today patched 16 vulnerabilities in Firefox, 11 of them critical, as it updated the open-source browser to version 3.5.4. 

 The 11 critical Firefox 3.5 vulnerabilities were located in a variety ofn components, including Web worker calls, the GIF color map parser, the string-to-number converter, a trio of third-party media libraries, and both the JavaScript and browser engines.