Saturday, March 28, 2009

Firefox Update Released

Mozilla has released a new version of Firefox which fixes two vulnerabilities. One of the vulnerabilities affects also Mozilla Seamonkey. Both vulnerabilities makes it possibly to execute arbitrary code in target system.

The first vulnerability can be exploited by luring a user to open specially crafted XML file. That results to browser crash and an attacker may be able to execute malicious code in target system. Also Mozilla Seamonkey is affected by this vulnerability.

The other fixed vulnerability is related to the handling of XUL element. By exploiting the vulnerability an attacker may make target browser crash and execute malicious code in target system. This vulnerability doesn't affect Seamonkey and older Firefox 2.x.x versions.

Vulnerable versions are:
- Mozilla Firefox prior 3.0.8 version
- Mozilla Seamonkey 1.1.15 and earlier versions

Firefox users should get version 3.0.8 either thru browser's in-built updater or by downloading the latest version here. Seamonkey users have to wait for update since it's not released at the moment of writing this. It can be found here when released.

Firefox 3.0.8 release notes can be found here.

Thursday, March 26, 2009

New Java SE Runtime Environment (JRE) Update Available

Sun has released update for Java SE Runtime Environment (JRE) 6 (JRE allows end-users to run Java applications) to fix a bunch of security vulnerabilities and other bugs. By exploiting the vulnerabilities an attacker may be able to cause denial of service, gain escalated privileges and execute arbitrary code in target system.

Found vulnerabilities are related to HTTP and LDAP implementation, JAR -file unpacking, PNG and GIF image handling and saving & handling fonts. Java Plug-in used in web browsers is vulnerable too.

The latest update can be downloaded from Sun's Java SE Downloads site. Release notes of Java SE 6 Update 13 can be read here.

Tuesday, March 24, 2009

Tool For Flash Vulnerability Detecting Released

Hewlett-Packard (HP) has released a free tool named HP SWFScan, which according to the company, can help Flash developers protect their websites against unintended application security vulnerabilities and reduce the risk of hackers accessing sensitive data.

HP SWFScan helps identify vulnerabilities that lie under the surface of an application and are not detectable with traditional dynamic methods. One example of these are for example xss -vulnerabilities (cross site scripting). The tool guides developers on fixing found vulnerabilities in source code so that those get fixed according to best security practices.

"Flash developers often create an unintentional vulnerability by encoding access information such as passwords, encryption keys or database information directly into their applications," states HP.

HP analyzed almost 4,000 web applications developed with Flash. 35 percent of these contained things that violate Adobe security best practices.


Related press release can be read here.

Tuesday, March 17, 2009

Norton Online Living Report 09

Annual Norton Online Living Report has been released. According to the report half of internet using adults visit intentionally on dubious websites. User doesn't create backups and uses easily breakable passwords. Every third adult taking part in the survey told that one's system had gotten infected by malware.

Careless surfing, irresponsibility and malware infected systems are alarming general shows the survey. Still, 99% of adults claims protecting personal information.

The survey covered twelve countries. According to the survey also children could do better. Every fifth child told being blamed for one's way of using internet. Still parents seem to be badly unaware of their children internet use - children tell that they spend time in internet twice as much as their parents think.

The survey was conducted by Harris Interactive assigned by Symantec during October-December 2008. 6,427 over 18 years old adults attended the survey.

Whole report can be downloaded here. The Survey Data is also available.

Wednesday, March 11, 2009

Patch For Adobe Reader And Acrobat Available

A few weeks ago I blogged about unpatched vulnerability in Adobe Reader & Acrobat.

Adobe has now released version 9.1 that fixes mentioned vulnerability. Users of 7 and 8 have to still wait unless they update to 9.1. Adobe is planning to make available updates for Adobe Reader 7 and 8, and Acrobat 7 and 8, by March 18. In addition, Adobe plans to make available Adobe Reader 9.1 for Unix by March 25.

More details and instructions how to get a new version can be found from Adobe's security advisory.

Microsoft Updates For March 2009 Released

Microsoft has released updates for March. This time release contains three updates which fix eight vulnerabilities in Windows operating system. One of the updates is categorized as critical (MS09-006) and other two as important (MS09-007 & MS09-008).

New version of Microsoft Windows Malicious Software Removal Tool was also released.

More information about the updates can be read here.

The easist way to get the update is to use Microsoft automatic update service.

Tuesday, March 10, 2009

Foxit Reader Vulnerable

Foxit Reader is a light alternative to Adobe Reader used for PDF file reading. There's now found vulnerabilities in its way to handle open/execute a file action. That makes the software victim of two kinds of vulnerabilities: authorization bypass and buffer overflow.

Vulnerable are at least builds 1120 and 1301 of Foxit Reader 3.0. Older builds of 3.0 are probably affected too, but they weren't checked.

Foxit Reader users are recommended to update to the latest version (at the moment Foxit Reader 3.0 build 1506). It can be done by either using in-built updater or by downloading new version here.

More information can be read from Foxit Reader security bulletins.

Monday, March 9, 2009

New Rogue Software Around

There're two new rogue security programs around.

Malware Defender 2009 is a clone of System Guard 2009

Associated sites are:
209.249.222.48 Easywinscanner17 com
67.43.237.75 Malwaredefender2009 com
67.43.237.77 Gomaldef09 com

Source and example screenshots: Sunbelt Blog


Another new rogue software is Antispyware Pro 2009.

Its associated sites are:

205.252.24.226 Antispywarepro net
205.252.24.226 Scanspywareonline net
205.252.24.226 Netspywarescan com

Source and example screenshot: Sunbelt Blog

Thursday, March 5, 2009

New Version of Firefox Released

Mozilla has released a new version of its Firefox web browser. Version 3.0.7 contains updates for following vulnerabilities:
MFSA 2009-11 URL spoofing with invisible control characters
MFSA 2009-10 Upgrade PNG library to fix memory safety hazards
MFSA 2009-09 XML data theft via RDFXMLDataSource and cross-domain redirect
MFSA 2009-08 Mozilla Firefox XUL Linked Clones Double Free Vulnerability
MFSA 2009-07 Crashes with evidence of memory corruption (rv:1.9.0.7)

Mozilla recommends all Firefox users to update to the latest version. Firefox 2.x.x version users should update to the 3.0.7 as well since 2.x.x versions are not supported anymore and contain known security vulnerabilities.

Update can be made with automatic update functionality in Firefox or by installing new versions from http://getfirefox.net.

Details about the update can be read from releasenotes of 3.0.7 version.

Tuesday, March 3, 2009

Opera 9.64 Released

There has been released a new version of Opera web browser that fixes several vulnerabilities and security related bugs.

The most severe of fixed vulnerabilities is related to Opera's way to handle JPEG- picture files. By exploiting the vulnerability an attacker may execute arbitrary code in vulnerable system. One of the other vulnerabilities is related to Opera plug-ins allowing cross domain scripting. Details of one "moderately severe" vulnerability is not available yet.

Users with version prior 9.64 are affected and should get the latest version here.

Detailed information about fixed issues and other version changes can be read from Opera 9.64 for Windows changelog.

More information can be found also from correspondent Secunia Advisory.

New Koobface Variant Spreads In Facebook

Security company Trend Micro warns in its blog about new Koobface worm variant.

Facebook user may get a message that looks like it was coming from friend's Facebook account. The message contains friend's picture and name with a link to a video.

The link opens a spoofed version of YouTube site. In the centre of the site there's a message telling that user must install Adobe Flash Player Update.

By clicking install -button user won't get any Flash update. Instead of it Koobface worm's new variant (detected as WORM_KOOBFACE.AZ) is downloaded.

Facebook users are not the only group in danger. The worm searches for cookies created by the following sites first:

* facebook.com
* hi5.com
* friendster.com
* myyearbook.com
* myspace.com
* bebo.com
* tagged.com
* netlog.com
* fubar.com
* livejournal.com


Then it connects to a respective site using login credentials stored in the gathered cookies. It then searches for an infected user’s friends, who are then sent messages containing a link where a copy of the worm is downloaded. It also sends and receives information from an infected machine by connecting to several servers. This allows hackers to execute commands on the affected machine.

Users of mentioned social networking domains are advised to ignore described messages, and refrain from clicking links in unsolicited messages.

Spam Amount Increased And Then Decreased In February

The start of February saw Internet spam levels rise to as high as 79.5 percent of all e-mail messages due to a spike in botnet activity and spammers leveraging the financial crisis and Valentine's Day, according to MessageLabs (now part of security company Symantec).

This is despite the fact that spam levels declined by 1.3 per cent to an average of 73.3 percent for the same month, states the February 2009 MessageLabs Intelligence Report.

Source: PC World