This is getting to be like clockwork, but it sounds like this may be one of the nastiest problems so far. It appears that there is a problem with one of the recent patches from Microsoft MS06-49. It looks as though the problem is data corruption for small files (under 4096 bytes.) There’s a google groups thread here. The key factor seems to be that IF the folder is compressed, the data within is subject to this possible corruption.
Blog
-
Chase throws data on 2.6 million customers in landfill
Chase Card services mistakenly threw out backup tapes that contained the card information of around 2.6 million customers (according to the article Circuit City card holders (former and current.)) 5 data tapes were mistakenly trashed in July. Fortunately, they think the tapes were destroyed at the landfill, and are 1)notifying the affect, 2)working with authorities. So, it may be that no data in this case was actually leaked… it does underscore one thing….
-
Beware with video codec downloads….
Some time back I remember an article I had on vcodec not being a legitimate video codec. At the time there was some malware claiming to be vcodec and “required” to view some content…. well, posing as a codec download is a good way to trick people into downloading it seems and there are more out there that use the same trick. Sunbeltblog brings not one, but two fake codec sites to watch for today.
-
Beware visiting Samsung’s site
Betanews is reporting that Samsung’s site has been hacked and is currently serving up malware in some areas. user intervention is required for it to run on the users pc, but be cautious. Samsung has been notified, but as of Friday morning (according to the report) the trojan horse is still there. I really wonder if it hasn’t occured to them to pull the whole thing offline to clean things up?
-
Sharing contacts between Outlook and Outlook Express
Not too long ago I was installing a fax machine for someone that supported Outlook Express’ addressbook, but not Outlook’s default addressbook. My first thought was to get Outlook (2002)/Outlook Express using the same contact format and then we’d be in business… But…, they had an exchange server so, Outlook was installed in Corporate/Workgroup mode, which means, officially “you can’t get there from here.” But…. there is still a way. Details from slipstick.com, it turns out there is a registry edit that can get you around the Corporate/Workgroup “limitation”. This may not work for all installs, and is not guaranteed or supported, but…
-
Being cautious with web links
Once upon a time the bad payload of a malicious email was it’s attachment, that still happens, but in many cases the links are the real lure – like a worm dangled in the water in front of a hungry fish…. the links though hide a danger on the other side…. the hook in our analogy. Brian Krebs writes about a utility called linkscanner that scans a given link to see if it’s hosting up malware. It’s from a place called Exploit Prevention Labs. I don’t know that I’d trust it completely as a safety net, but it might be worthwhile as another level in the defences.
-
ICQ client and toolbar vulnerabilities
Sans brings this from AOL, advising of vulnerabilities in the ICQ client and the ICQ toolbar for IE. The latest version of ICQ client is 5.1 and is claimed to not be vulnerable. (Toolbar version 1.3 is said to be vulnerable as well. No more recent version of that is available – you might consider disabling the toolbar.)
-
Another Debian server security breach
According to this story, there has been another compromise of a debian project server. (Is this the third in the last year?)… the Alioth webserver was offline most of the 5th of September…
It was simply stopped because we discovered that some script kiddies were running an IRC proxy. After thorough investigation, we discovered that they exploited a pmwiki security hole[1] to deface some web pages, to install some malicious php pages which in turn were used to setup the IRC proxy.
-
Firefox code under the microscope
So, the stories are out of the analysis of the code for Mozilla Firefox. It seems there were a large number of potential flaws found (71 potential security vulnerabilities) according to the article. This was done using an automated tool and many say, that in order to evaluate the true severity of the flaws, you have to be familiar with the code. Some, I’m sure will pounce on this with the “I thought open source software was supposed to be more secure…. I’m going back…” but it’s time to stop and think about things a moment. Open Source software…. anyone can access the source, anyone can analyze it for problems, anyone can run an automated tool to test it…..
-
Microsoft’s priorities…
I didn’t really think of this in context, but George Ou points out that Microsoft issued an “out of cycle” patch for their DRM software in response to the FairUse4WM software that stripped DRM protections from Windows Media Files. It took a mere 3 days from being made aware of the issue to releasing a patch. In context, we have seen numerous instances in the last year of “zero-day” vulnerabilities becoming known just after a monthly patch day, and Microsoft waiting until the next patch day to release a fix. So why the different response?