Archive for November, 2007

After patching QuickTime to version 7.3 and thus disposing of a widely-exploited bug, Apple is facing yet another vulnerability. This particular one affects Windows XP and Vista users, although it's not certain yet, whether Mac OS X is susceptible.
Attack code exploiting this vulnerability has been posted on milw0rm.com, it has to do with malware being […]

The new Windows instant messenger program has been released to private beta-testers last week. The new version will have a new security feature - Anti-SPIM (spam over instant messages).
There has been feedback that the new feature will be annoying at best, but possibly even dangerous. The point is that hackers may and do acquire users' […]

A flaw that had been patched for Mac OS X 10.4 has resurfaced again in Apple's new operating system Leopard. The vulnerability lies in Apple mail and could allow malicious software to be disguised as benign attachments.
"Files on a Mac can contain additional information, such how another program should be used to open them. The […]

Light up some candles, since you've just missed Storm's birthday. To those of you who don't know what Storm is, well, it is the virus with the biggest botnet (essentially, a group of zombie computers controlled remotely) since a lot earlier in the decade. It is assumed that Storm's botnet has at least 1,000,000 PCs.
Storm […]

Not unlike retailers, cyber-criminals are getting ready for Black Friday, which marks the beggining of the holiday season in the United States. Gullible consumers are at great risk of getting cheated.
"The holiday season in general is a huge time for hackers … Black Friday is typically the start," said Paul Henry, vice president of strategic […]

On November 14 Apple released an update for its Mac OS X, patching 41 vulnerabilities at once. 15 of these vulnerabilities were critical since they were flagged as capable of "arbitrary code execution," or, in other words, these flaws could be exploited to compromise a Mac. The remainder fixes took care of bugs that could […]

Dr. Benny Pinkas from the Department of Computer Science at the University of Haifa has expressed his concern on a possible vulnerability in relation to the Windows 2000 random number generator. He said that hackers may exploit CryptGenRandom to reach sensitive personal information including banking details, email passwords and others.
Mark Miller, Microsoft's director for security […]

The 1.1.2 firmware was released last week, in an attempt to disallow third-party applications to run on the iPhone. In a matter of hours it was hacked, albeit mostly not for malicious reasons, such as unlocking the phone for other carriers. Patrik Runald, the security response manager for F-Secure Security Labs, in accordance to this, […]

Encrypted email may protect users from the usual hacker, but probably not against a serious government investigation; A point that was proven by a recent event with the cooperation between Canada's government and hushmail.com.
Last week, encrypted email provider hushmail.com turned over 12 CDs full of email from three of its user accounts to the Canadian […]

Microsoft has released a patch Tuesday, for a flaw that involves third-party anti-piracy software bundled with Windows. The flaw was first found by Symantec's Elia Florio three weeks ago, when the vulnerability, which had not been documented, was being exploited on fully-patched Windows XP and Server 2003. The flaw exists in "secdrv.sys" - a file […]