A slightly different approach came into my inbox today which asked me to confirm the item in my shopping basket. Now I haven’t shopped with Littlewoods online but you can be sure that thousands of people have and the same scam will be applied to just about every well known online shopping site this season.

The email looks quite believable

The website if you follow the link looks exactly like the real Littlwoods shopping site Account sign in page EXCEPT that the real Littlewwoods or ALL reputable shopping sites will have a Padlock icon and the  site address will start with HTTPS and the address bar will turn green to show that you are on a secure site

This screenshot shows the fake site and I have blanked out the address for safety reasons

These show how a genuine site will appear in Internet Explorer 8 on left and Firefox on right. Both show the padlock icon and a green safe address bar. A genuine shopping site will always start HTTPS to show a secure site when you are asked to put in any details. The front page of the site might be a normal http:
Unfortunately a lot of well known shopping sites haven’t yet signed up to the Extended Valuation green bar very secure system yet so watch for the closed padlock and HTTPS in the address bar to show a secure site. In Firefox browser the closed padlock is on the bottom right hand corner of the page, not in the browser address bar

I strongly recommend using ROBOFORM which keeps all passwords in a secure encrypted database that only you (not a keylogger or malware) can access and use it to create safe secure passwords

Description: Sun’s implementation of the Java Runtime Environment (JRE) and Java Web Start contains multiple vulnerabilities. A specially crafted Java application, an audio or image file or an applet could trigger one of these vulnerabilities, with consequences ranging from arbitrary code execution with the privileges of the current user to denials-of-service and security restriction bypass. Note that, depending upon configuration, Java applets embedded in web pages may be opened automatically upon the loading of the page. One of the error is that the update mechanism does not update JRE to the new version when running on non-English Windows versions. There are errors in decoding DER encoded data and the parsing of HTTP headers which might lead to memory exhaustion. There is an authentication bypass vulnerability in JRE while verifying HMAC digests. Multiple buffer overflow and integer overflow vulnerabilities have been reported in JRE while processing specially crafted audio and image files. There is a command execution vulnerability in JRE which could be triggered by a specially crafted web page. There is a flaw in the implementation of security model permissions in the Java Web Start Installer. Some technical details for some of these vulnerabilities are publicly available.

Status: Vendor not confirmed, no updates available. [edit] Updates are available

References:
Zero Day Initiative Advisories
http://www.zerodayinitiative.com/advisories/ZDI-09-076
http://www.zerodayinitiative.com/advisories/ZDI-09-077
 http://www.zerodayinitiative.com/advisories/ZDI-09-078
http://www.zerodayinitiative.com/advisories/ZDI-09-079
http://www.zerodayinitiative.com/advisories/ZDI-09-080
Sun Security Advisories
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270476-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270475-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269870-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269869-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269868-1
Product Home Page
http://java.sun.com
SecurityFocus BID
http://www.securityfocus.com/bid/36881

for this DO NOT rely on check for updates in JAVA control panel BUT go to http://java.com/en/download/ie_manual.jsp?locale=en&host=java.com:80

if you have a 64 bit version of windows, you need to install the standard 32 bit version AND the 64 bit version http://java.com/en/download/manual.jsp

Mozilla fixes 16 flaws with Firefox 3.5.4:

http://www.computerworld.com/s/article/9140008/Mozilla_fixes_16_flaws_with_Firefox_3.5.4

 Mozilla today patched 16 vulnerabilities in Firefox, 11 of them critical, as it updated the open-source browser to version 3.5.4. 

 The 11 critical Firefox 3.5 vulnerabilities were located in a variety ofn components, including Web worker calls, the GIF color map parser, the string-to-number converter, a trio of third-party media libraries, and both the JavaScript and browser engines.