- Private emails should always be encrypted
- Password Recovery Speeds
- Trojan Horses
- Why do I need security?
- How to change your Windows 98 password
- Password FAQ
- Setting a BIOS Password
- Physical Security
- Guidelines for choosing a good password
- Security News
- Site Information
- Software Vulnerabilities
“In what could be the most embarrassing exploit to impact Windows Vista since its commercial launch in January, security engineers at McAfee’s Avert Labs confirmed today – and posted the video to prove – that the operating system can be caused to enter an interminable crash-restart-crash loop, by means of a buffer overflow triggered by nothing more than a malformed animated cursor file.”
Michael Mullins writes at TechRebublic:
“…But a mere 24 hours later, the first security flaw had already surfaced—sort of. Secunia Advisory 22477 classified it as an IE7 vulnerability, but Microsoft holds that the problem—a flaw in Outlook Express that can purportedly affect many browsers, not just IE7—has been exaggerated.”
“But to Microsoft, this vulnerability is a big deal. It affects the company’s relationship with major record labels. It affects the company’s product offerings. It affects the company’s bottom line. Fixing this “vulnerability” is in the company’s best interest; never mind the customer.”
From Network World
The exploit code targets a vulnerability in the Remote Access Connection Manager (RASMAN) service, used by Windows to create network connections over the telephone. The bug, which was patched June 13, is rated critical by Microsoft, the most severe rating available.
Secunia has an advisory about a new security problem with microsofts Internet Explorer browser.
Hai Nam Luke has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks.
The vulnerability is caused due to a race condition in the loading of web content and Macromedia Flash Format files (“.swf”) in browser windows. This can be exploited to spoof the address bar in a browser window showing web content from a malicious web site.
A test has revealed that a Linux server is far less likely to be compromised. In fact, unpatched Red Hat and SuSE servers were not breached at all during a six-week trial, while the equivalent Windows systems were compromised within hours.
Heise Online reports
Shortly after reports of the first virus for Mac OS X, a new security flaw has surfaced. The culprit is the option “Open ‘safe’ files after downloading” in Apple’s Safari web browser. This feature is activated by default.
Just days after the release of Microsoft’s out-of-cycle WMF patch, researchers publish details—and exploit code—for two new denial-of-service vulnerabilities. Redmond is investigating.
Microsoft have released another of their monthly monster patches, this time they’re patching quite a few remote code execution vulnerabilties which are kind of scary.
See this knowledge base article for more info and details of where to get the patches.