Need Firewall

Wordpress updated to 2.6

Telix — Thu, 17 Jul 2008 11:10:10 +0000

WordPress blog software has been updated to the 2.6 version. This latest release fixes about 194 bug fixes and a major security-related change to disable remote publishing protocols by default along with new functions such as SSL support, new Atom Publishing Protocol and the variety of XML-RPC protocols by default to shut down a potential security risk. If you manage a WordPress blog, this should be considered an important update.

Opera v9.51

Telix — Thu, 17 Jul 2008 11:05:44 +0000

Opera has released new update for Opera browser v9.51. This update fixes couple of security vulnerabilities and some stability issues. One of the fixed issues includes arbitrary code execution but the exploit has not been published yet. All Opera users can update their browser from http://www.opera.com/download/ location.

Mozilla updates Firefox 2.0.0.16

Telix — Thu, 17 Jul 2008 11:03:17 +0000

For the folks who still didn’t switched to the Firefox 3, the Mozilla Foundation has just released Firefox 2.0.0.16 which fixes two critical security vulnerabilities, command-line URLs launch multiple tabs when Firefox not running and remote code execution by overflowing CSS reference counter. As security advisers reports the last vulnerability affects the Thunderbird users too. The Firefox 2 will still be supported only until December, so all users are advised for upgrade to Firefox 3.

OpenOffice.org ships a fix for a “highly critical” vulnerability

Telix — Wed, 18 Jun 2008 12:15:32 +0000

OpenOffice.org developers are shipped new fix for highly critical vulnerability that affects versions 2.0 to 2.4 of OpenOffice suite. According to the report the flaw could be exploited to launch code execution attacks with manipulated document files and lead to heap overflows and allow a remote unprivileged user who provides a OpenOffice.org document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running OpenOffice.org.

Fake Image Shack links in MSN messages

Telix — Wed, 18 Jun 2008 12:06:46 +0000

Hackers have managed to spread the links for fake ImageShack site that infects the visitors with Backdoor.Win32.SdBot malware. The links to the infected images are distributed via MSN messages where users are asked to check out the photo linked to the fake imageshack address. The message format is like this:

!msn.msg lool!! http ://imageshaack.org /img/Picture275.jpg |!trition.msg lool!! http ://imageshaack.org/img /Picture275.jpg topic set by Everglades on Wed Jun 11 15:41:57

“!msn.msg Haha is that you;)? http ://imageshaack.org /img/Picture275.jpg?|!trition.msg http: //imageshaack.org/img /Picture275.jpg

MSN users are strongly advised to check the links they get via IM and not get fooled with fake websites that spread malware.

Facebook fixed critical XSS vulnerability

Telix — Tue, 27 May 2008 09:15:47 +0000

Facebook, one of most popular social networking sites has been available to a critical XSS, allowing the hackers to install malicious scripts. Researchers who detected this vulnerability also posted a screenshoot demonstrating the problem. One of most recent incidents were serving malware and live exploit URLs, due to vulnerable web applications, introducing Zlob trojans in the form of fake video codecs, and was initially traced back to infrastructure provided by the Russian Business Network. The security folks at Facebook have been notified and as it seems the Facebook team responded very quickly and fixed the issue immediately!

Apple should review Safari “carpet bomb” issue

Telix — Fri, 23 May 2008 10:50:32 +0000

topBadware.org coalition under Google support has called Apple to review the “carpet bomb” issue in the Safari browser. Nitesh Dhanjani has discovered that in Safari browser on Windows hackers can install suspicious software via booby-trapped Web sites. This can happen because the Safari browser cannot be configured to obtain the user’s permission before it downloads a resource. Safari downloads the resource without the user’s consent and places it in a default location, stated Dhanjani.

Windows XP SP3 causing problems at AMD based systems?

Telix — Fri, 23 May 2008 10:44:20 +0000

According to several sources some of the users of latest Windows XP Service Pack 3 have problems causing blue screen at AMD based systems. Microsoft and HP stated that the problem might be around the Power Management feature. HP has posted a work around that has you go boot into Safe Mode and disable the Intel Power Management.

Mozilla is ready for Firefox 3 RC1

Telix — Fri, 16 May 2008 09:33:58 +0000

Mozilla developers have announced that they have stopped the changes to the first release candidate of Firefox 3.0 and is working to get that build to users by the end of the month. As Mike Schroepfer, Mozilla’s vice president of engineering stated they are ready to launch Firefox 3 Release Candidate 1 (RC1) by the end of May. Since RC1 passed many beta stages it is possible that it will be the only release candidate but unveiling of possible bugs and flaws will continue development of new Release Candidates until they are ready for final shipment. Mozilla issued three release candidates in the run-up to the final code of Firefox 2.0, and Schroepfer said that he expected Firefox 3.0 to follow that same pattern.

Microsoft patches three critical bulletins in MS Office and Windows

Telix — Mon, 12 May 2008 10:09:57 +0000

Latest Microsoft Thursday security bulletin patches three critical bulletins for Microsoft Office and Windows and a moderate denial of service vulnerability for the company’s security software. A critical remote code execution vulnerability primarily affecting Microsoft Office (Word) and another critical remote code execution flaw in Publisher, a critical Jet database engine issue that affects Windows 2000, Windows XP and Windows Server 2003 and a denial of service vulnerability in Windows Live OneCare, Microsoft Antigen, Microsoft Windows Defender, Microsoft Forefront Security.