Anyone who has shared a computer with a roommate, family member, or co-worker knows it's pretty hard to keep everything organized. But beyond having separate user accounts or personal folders, some data you have on your hard drive just isn't meant to be seen by other users. Whether it's your personal account numbers, journal entries, or other private files, a secure place to store items on your shared computer is necessary for your privacy.
On Wednesday, Apple released QuickTime 7.4.1. The update is for users of Mac OS X v10.3.9, Mac OS X v10.4.7, Mac OS X v10.5 or later, and Windows Vista and Windows XP SP2. It addresses the vulnerability described in CVE-2008-0234.
By enticing a user to visit a maliciously crafted Web page, Apple says that an attacker may use an unpatched version of QuickTime to cause an unexpected application termination or arbitrary code execution. The vulnerability is a heap buffer overflow that exists in QuickTime's handling of HTTP responses when RTSP tunneling is … Read more
On Tuesday, Apple issued a security update for iPhoto. The update is for users of Mac OS X v10.4.9 or later running iPhoto '08 (part of iLife 08). It addresses the vulnerability detailed in CVE-2008-0043.
To be vulnerable, Apple says, a user must subscribe to a maliciously crafted photocast. A remote attacker may then execute arbitrary code on the compromised machine. The fix addresses how iPhoto handles format strings when processing photocast subscriptions.
Apple credits Nathan McFeters of Ernst & Young's Advanced Security Center for reporting this vulnerability.
Spam now accounts for 78.5 percent of all e-mail traffic, according to a new report from Symantec. That's up from previous months. And Europe, not the United States, can now claim to be the source of most spam.
Other notable points culled from the "State of Spam" report for February 2008 (PDF) include:There was an appreciable decline of image spam during January 2008. The overall file size of spam messages has also decreased. Product spam, the largest category, makes up 28 percent of all spam. Internet Web hosting and Web design spam makes up 23 … Read more
The New York Times recently reported a heartwarming story about a lost digital camera being returned after a kindhearted stranger analyzed the photos on the camera to find the owner.
The camera was left in the backseat of a New York taxi, and contained sightseeing photos of Manhattan, as well as Florida snapshots including people wearing name tags. Leads took the hunt to Ireland, back to New York, and finally to Syndey, Australia, where the rightful owner lives. He was "over the moon" with gratitude to get his camera back.
This story has a happy ending, and perhaps most of us would be glad to get our camera back in that situation, but it also made me uneasy to realize how much personally identifiable information was stored on one camera card. I would rather have a locked camera than could not be accessed if it was found, than have a stranger be able to peer into my photos.
The situation is even more crucial when it involves smartphones.… Read more
On Tuesday, exploits for the Yahoo apps were reported circulating. There is currently no patch from the individual vendors, so the only workaround is to disable the several specific, vulnerable ActiveX controls. (ActiveX controls were developed by Microsoft for use with Internet Explorer and other browsers.)
The SANS … Read more
Google is using its Postini acquisition to offer security features for any e-mail system.
The company is set to launch several new security products on Tuesday that are part of its Google Apps platform but are targeted at organizations that aren't using Gmail and other Web-hosted applications from Google.
The Powered by Postini services are message filtering with spam and malware filtering, for $3 per user per year; message filtering plus enhanced virus detection, content policy management, and other support to stop e-mail data leaks, for $12 per user per year; and message discovery, which adds one year of … Read more
When contemplating the features you want in a laptop for school, consider an integrated fingerprint reader. A fingerprint reader will simplify your life, secures your identity (a fingerprint can not be shared), and more importantly, the reader protects you from prying parents.
Several manufacturers offer integrated fingerprint readers on select models: Toshiba, Lenovo, Sony, HP, Dell and Fujitsu.… Read more
On the heels of ActiveX vulnerabilities in the image uploading tools for Facebook and MySpace.com, researchers warned Monday that Yahoo Instant Messenger and Yahoo Messenger are vulnerable to ActiveX-based attacks.
Researcher Elazar Broad has disclosed a Boundary Condition vulnerability within mediagrid.dll, version 2.2.2 56. Researchers Krystian Kloskowski and Broad have disclosed a second Boundary Condition vulnerability within datagrid.dll, version 2.2.2 56c. And Kloskowski alone has disclosed a buffer overflow within datagrid.dll 2.2.2 56, which affects the AddImage function.
The three vulnerabilities are present within Yahoo Instant Messenger version 3.5 … Read more
Secunia says, "The security issue is caused due to the JRE processing external XML entity references even though the 'external general entities' property is set to FALSE. This can be exploited to e.g. access certain URLs or cause a DoS (denial of service) via malicious XML documents."
Sun says that the JDK and JRE 6 Update 4 for multiple platforms is available for download.