Mozilla developers have announced that they have stopped the changes to the first release candidate of Firefox 3.0 and is working to get that build to users by the end of the month. As Mike Schroepfer, Mozilla’s vice president of engineering stated they are ready to launch Firefox 3 Release Candidate 1 (RC1) by the end of May. Since RC1 passed many beta stages it is possible that it will be the only release candidate but unveiling of possible bugs and flaws will continue development of new Release Candidates until they are ready for final shipment. Mozilla issued three release candidates in the run-up to the final code of Firefox 2.0, and Schroepfer said that he expected Firefox 3.0 to follow that same pattern.

TechARP.com, a Malaysian website that successfully predicted the release date for Vista SP 1, reported yesterday that Microsoft will officially release Windows XP Service Pack 3 during the second half of April. The site pegged RTM for Windows XP SP3 as “second half of April 2008″ for seven languages, with a follow-on RTM of the remaining supported languages “approximately 21 days” later. Although Microsoft declined comment we would like to see if those rumors are true.

Security vendor Fortinet has detected new malicious SymbianOS Worm that affects S60 2nd Edition phones. Worm is identified as SymbOS/Beselo.A!worm and spreads itself via multimedia file (MMS) with a name either Beauty.jpg, Sex.mp3 or Love.rm. After clicking on attachment the worm harvests all the phone numbers located in the phone’s contact lists and targets them with a viral MMS carrying a Symbian Installation Source version of the worm. In addition to harvesting these numbers, the malware also sends itself to generated numbers located in China. So, if you have a Symbian S60 phone, and you receive a media file, answer “no” to any installation prompt that appears when trying to open the file.
Also we can also recommended having Anti-Virus software running on your phone.

Social networking site Myspace has reached an agreement with the attorneys general of 49 US states to protect children from sexual predators on the site. Measures will include safety tools for online authentication, new design changes for preventing under-aged children to access the site, protecting minors from inappropriate contacts and educative processes for parents and educators. Also Myspace and Attorneys General will work together to support initiatives that will enhance the ability of law enforcement officials to investigate and prosecute Internet crimes.

L.A. Times published interesting story about fighting against online scams in Romania. Recording to L.A. Times Romania is top source of auction site scams. Ebay stated that company is trying to do something about the problem with help of local law enforcement over recent years. Ebay already has sent teams and equipment to help the authorities combat this form of cyber crime, which is run with all the organization of an industrial-scale business.

Due to the package compromise of SquirrelMail 1.4.11, and 1.4.12, we are forced to release 1.4.13. Tests showed that the package alterations introduce a high risk security issue, allowing remote inclusion of files. These changes would allow a remote user the ability to execute exploit code on a victim machine, without any user interaction on the victim’s server. This could grant the attacker the ability to deploy further code on the victim’s server. New patched version is available for download at squirrelmail.org

Apple has shipped new update for Java runtime to patch about 18 vulnerabilities that expose Mac OS X users to remote code execution attacks. The Java Release 6 for Mac OS X 10.4 patches multiple critical holes in Java, Java 1.4 and J2SE 5.0, and includes a well-known issue that was left unpatched by Apple for more than a year.

Intel is preparing to introduce new security features in its next-generation vPro microprocessors which will improve encryption support while making systems easier to install and manage. Built under the code-name ‘Danbury’, the embedded security features is planned to be introduced in early 2008. New microprocessors promise to improve the efficacy of commercial encryption tools via onboard integration hooks for the programs, and by adding a new layer of hard drive protection when vPro-powered computers are powered-down. As Intel’s officials claims, the addition of the Danbury technology will also make it far easier for organisations to put encryption applications into place by directly addressing the common headache of key management within the new embedded security tools. New Danbury tools represents only the latest in line of security and management technologies embedded directly into the vPro lineup by Intel, including the already announced Active Management Technology which is aimed at making it easier for administrators to do remote updates on corporate machines, such as for installing anti-virus updates or operating system security patches.

Same day as Microsoft released fixes for 11 software flaws, UC-CERT reported new vulnerability in Microsoft Access databases that can be used by hackers for attack. According to a US-CERT alert, the attacks are using an unpatched stack buffer overflow vulnerability in the way Microsoft Access handles specially crafted database files. To help protect against this type of attack, do not open attachments from unsolicited email messages and block high-risk file attachments at email gateways. The flaw affects Microsoft Office Access 2003 on Windows XP SP2.

Symantec rolls out December State of Spam Report with reviews of past month’s key trends and analysis. As company claims, monitoring over 450 million inboxes worldwide observed 72% spam emails in overall email traffic. Most of those mails were from spammers from guessed email addresses. Also, as end of the year approaches, there are increase in holiday gift scams, fake lottery, infected snowball images and always present replica products. Spammers were also on the hunt for new email addresses, initiating a massive harvesting campaign. For more trends and analyses read the December State of Spam Report.