Features
- Private emails should always be encrypted
- Password Recovery Speeds
- Trojan Horses
- Why do I need security?
- How to change your Windows 98 password
- Password FAQ
- Setting a BIOS Password
- Physical Security
- Guidelines for choosing a good password
Categories
- Censorship
- DRM
- Malware
- Patches/Fixes
- Privacy
- Security News
- Site Information
- Software Vulnerabilities
About
Vista Can Be Taken Down by an Animated Cursor
From BetaNews:
“In what could be the most embarrassing exploit to impact Windows Vista since its commercial launch in January, security engineers at McAfee’s Avert Labs confirmed today – and posted the video to prove – that the operating system can be caused to enter an interminable crash-restart-crash loop, by means of a buffer overflow triggered by nothing more than a malformed animated cursor file.”
Read the full article at BetaNews
IE7: Are we right back where we started from?
Michael Mullins writes at TechRebublic:
“…But a mere 24 hours later, the first security flaw had already surfaced—sort of. Secunia Advisory 22477 classified it as an IE7 vulnerability, but Microsoft holds that the problem—a flaw in Outlook Express that can purportedly affect many browsers, not just IE7—has been exaggerated.”
Read the full article at TechRepublic
Quickest Patch Ever
Bruce Schneier has an excellent article over at Wired News about the way Microsoft rushed to path a hole in it’s software… and it’s not a security hole that the average person would worry about…
“But to Microsoft, this vulnerability is a big deal. It affects the company’s relationship with major record labels. It affects the company’s product offerings. It affects the company’s bottom line. Fixing this “vulnerability” is in the company’s best interest; never mind the customer.”
Read the full article at Wired News
Microsoft warns of exploit code for dial-up bug
From Network World
The exploit code targets a vulnerability in the Remote Access Connection Manager (RASMAN) service, used by Windows to create network connections over the telephone. The bug, which was patched June 13, is rated critical by Microsoft, the most severe rating available.
Read the full article at Network World
Another IE Spoofing Flaw
Secunia has an advisory about a new security problem with microsofts Internet Explorer browser.
Hai Nam Luke has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks.
The vulnerability is caused due to a race condition in the loading of web content and Macromedia Flash Format files (”.swf”) in browser windows. This can be exploited to spoof the address bar in a browser window showing web content from a malicious web site.
Read the full advisory here, you can also check if your browser is vulnerable here.
Test shows how vulnerable unpatched Windows is
A test has revealed that a Linux server is far less likely to be compromised. In fact, unpatched Red Hat and SuSE servers were not breached at all during a six-week trial, while the equivalent Windows systems were compromised within hours.
Read the full article at Techworld
Apple Safari Browser Automatically Executes Shell Scripts
Heise Online reports
Shortly after reports of the first virus for Mac OS X, a new security flaw has surfaced. The culprit is the option “Open ’safe’ files after downloading” in Apple’s Safari web browser. This feature is activated by default.
Read the full article (in English) at Heise Online
New Batch of WMF Flaws Flagged
Just days after the release of Microsoft’s out-of-cycle WMF patch, researchers publish details—and exploit code—for two new denial-of-service vulnerabilities. Redmond is investigating.
Read the full article at eWeek.com
Two new windows bugs found
Techworld reports: Two new flaws have been found in Windows, just days after Microsoft rushed out a patch covering the same part of the operating system.
Another 10 holes in Microsoft software
Microsoft have released another of their monthly monster patches, this time they’re patching quite a few remote code execution vulnerabilties which are kind of scary.
See this knowledge base article for more info and details of where to get the patches.
