Spyware, Viruses, & Security forum

General discussion

NEWS - October 13, 2010

Java Update Clobbers 29 Security Flaws

Oracle today released a critical update to its widely-installed Java software, fixing at least 29 security vulnerabilities in the program.

Most consumers on Microsoft Windows PCs will have some version of Java installed (if you're not sure whether you have Java or what version might be installed, click this link). Existing users can grab the latest version - Java 6 Update 22 - by visiting the Windows Control Panel, clicking on the Java icon, and then selecting the "Update Now" button on the "Update" tab. If you don't already have this software, I recommend that you keep it that way.

Per Oracle's advisory, updates are available for Windows, Solaris and Linux versions of Java. Apple maintains its own version of Java for OS X systems, and typically issues fixes for its version several months after the official Java release.

Be aware that Java's updater may by default also include free "extras" that you may not want, such as the Yahoo! Toolbar or whatever other moneymaker they decide to bundle with their software this time around, so be sure to de-select that check box during installation if you don?t want the add-ons.

http://krebsonsecurity.com/2010/10/java-update-clobbers-29-security-flaws/
Discussion is locked
You are posting a reply to: NEWS - October 13, 2010
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - October 13, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Microsoft Will Look to Courts for Botnet Takedowns

In reply to: NEWS - October 13, 2010

Microsoft has seen a dramatic drop in the number of computers infected with Waledac, a piece of malicious software affiliated with a botnet that was once responsible for a massive amount of spam.

In the second quarter of this year, the company cleaned only 29,816 computers infected with Waledac, down from 83,580 computers in the first quarter of the year. Microsoft published the statistic in its latest biannual Security Intelligence Report released on Wednesday.

The drop in the number of infected machines shows the success of the legal action Microsoft took earlier in the year, said Adrienne Hall, general manager for Microsoft's Trustworthy Computing group.

Waledac was used to send spam and infect computers with fake antivirus software. It used a complicated peer-to-peer system to communicate with other infected machines.

Microsoft's legal moves against Waledac were unprecedented. The company was granted a rare ex parte temporary restraining order (TRO) to shut down malicious domain names that Waledac's controllers used to communicate with infected machines.

Going to court "gives you a blanket way to put on notice that you are going to look into the perpetrators," Hall said.

http://news.yahoo.com/s/pcworld/20101013/tc_pcworld/microsoftwilllooktocourtsforbotnettakedowns

See : Microsoft Security Intelligence Report (SIR)

Report Related:
Small but lethal Lethic is biggest junk mail villain
U.S. Reigns As Most Bot-Infected Country

Collapse -
Microsoft tool now roots out Zeus malware

In reply to: NEWS - October 13, 2010

"MSRT detection could help the 45 percent of Zeus-infected machines that don't have current antivirus"

Two weeks after law enforcement broke up one of the criminal gangs behind the Zeus malware, Microsoft has taken steps to make it harder for criminals to install the software on PCs.

On Tuesday, Microsoft started detecting Zeus with its Malicious Software Removal Tool (MSRT) - a widely used virus removal program that's free for Windows users. That should make it harder for the many criminals who use Zeus to keep running their software on computers that don't have antivirus software installed - often an easy target up until now.

According to a September 2009 study by security vendor Trusteer, 45 percent of Zeus-infected machines have either no antivirus software or an out-of-date product (pdf). On the other hand, Zeus has been effective at avoiding the type of detection that Microsoft is now adding to its MSRT. According to that same report, 55 percent of Zeus infections were on machines that did have working antivirus programs installed.

Continued:
http://www.networkworld.com/news/2010/101310-microsoft-tool-now-roots-out.html

From the Microsoft Malware Protection Center: MSRT on Zbot, the botnet in a box

Collapse -
Think Your Twitter DM Is Private? Think Again

In reply to: NEWS - October 13, 2010

Twitter has established itself as a means of broadcasting information to wide group of people all at once. But, for those times where you want to talk more intimately, Twitter also has the ability to send a Direct Message (DM) that is private between the two parties. Well, it's supposed to be private, but the reality is perhaps not as secretive as one might expect.

Every 140-character nugget of wisdom you tweet will be fed to anyone who follows your Twitter account, and is also publicly searchable by default. So, if you tweet "Getting sushi for lunch today, who's in?" your Twitter followers will instantly see the message in their Twitter feed, and anyone else that searches based on keywords like "sushi" or "lunch" might also uncover your tweet.

Your intended recipient may not be the only one capable of viewing the private DMs between the two of you. However, if you want to go out for sushi for lunch with your best friend, and you don't necessarily want the rest of the world to know about, or feel as if they have been invited by proxy to join the party, you probably shouldn't sent the tweet to the whole Twitterverse. Instead, send your friend a DM.

http://www.pcworld.com/businesscenter/article/207710/think_your_twitter_dm_is_private_think_again.html

Collapse -
Creative Commons offers "Public Domain Mark" logo

In reply to: NEWS - October 13, 2010

[Screenshot: Logo]

The non-profit group Creative Commons is offering a Public Domain Mark (see above) for use on documents and files to declare them copyright-free.

Creative Common's description: "Using the Public Domain Mark, you can mark a work that is free of known copyright restrictions and clearly convey that status. When applied properly, the PDM allows the work to be easily discovered, and provides valuable information about the work."

Creative Commons is a nonprofit corporation "dedicated to making it easier for people to share and build upon the work of others, consistent with the rules of copyright."

As Posted @ the Sunbelt Blog

Collapse -
Facebook introduces one-time passwords

In reply to: NEWS - October 13, 2010

"Users of sketchy PCs, take note"

Facebook began rolling out a new service on Tuesday that allows people using public computers to log into the site without having to enter their regular password.

Instead, users can login with a one-time password that, upon request, Facebook zaps to their mobile phones. The temporary access code is good for 20 minutes only. The new feature is designed to prevent account compromises that result when credentials are entered into machines that have been compromised by keyloggers and similar types of malware.

"We're launching one-time passwords to make it safer to use public computers in places like hotels, cafes or airports," Jake Brill, a Facebook product manager, blogged here. "If you have any concerns about security of the computer you're using while accessing Facebook, we can text you a one-time password to use instead of your regular password."

http://www.theregister.co.uk/2010/10/13/facebook_one_time_passwords/

Also : Facebook Tightens Security with One-Time Passwords

Collapse -
Former US Official: Invest in Secure Internet Protocols

In reply to: NEWS - October 13, 2010

The state of security on the Internet has become so dire that research is needed in next-generation protocols, a former senior White House official for cybersecurity said on Wednesday.

Developing those protocols would be a better use of research money than investing in the next Xbox game system, said Richard A. Clarke, who served as a special advisor to president George W. Bush on cyber issues and now teaches at Harvard University's Kennedy School for Government.

Clarke wasn't taking an intentional jab at Microsoft per se, but during a 45-minute presentation at the RSA security conference in London on Wednesday, he outlined some of major issues affecting Internet security, including the concepts of cyberwarfare, cyberespionage and the proliferation of highly effective malicious software programs such as Stuxnet.

Stuxnet, which appears intended to manipulate SCADA (supervisory control and data acquisition) systems made by Siemens, used four different zero-day vulnerabilities. Stuxnet was a "narrowly targeted" guided missile, Clarke said.

http://www.pcworld.com/businesscenter/article/207652/former_us_official_invest_in_secure_internet_protocols.html

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.