US-CERT is addressing the issue of spyware. According to Spyware Confidential, they’ve released a document (pdf) on the matter, including techniques to guard against spyware. Education and awareness are two elements that are highly emphasized.
Tag: internet explorer
-
Zeroday Internet Explorer vulnerability update
The infocon level at incidents.org has been lowered back to green although there is still no patch for this issue from Microsoft and the threat still exists. They like to use the higher level to get attention to an issue, but not leave it on higher alert level for extended periods. They also have noted that Microsoft has updated their advisory.
-
Update on Internet Explorer Zero Day exploit
Yesterday I mentioned a SANS report on a possible zero day exploit against Internet Explorer. Today they have more details in the handlers diary. Among other things SANS has issued a patch for it.
-
Internet Explorer zero-day exploit?
The folks over at The Sans Institute (Incidents.org) are reporting on a possible zero-day ( 0-day ) exploit against Microsoft Internet Explorer. (A zero day exploit is the name given to an exploit of a previously unknown vulnerability.) Their analysis essentially had the machine they were using go to 100% cpu and it did not give the claimed behavior. They’re thinking this may just be an exploit of one of the other vulnerabilities disclosed Tuesday (MS05-038)
-
Mozilla Firefox passes 80 million downloads
According to the counter at spreadfirefox.com, Firefox has now surpassed 80 million downloads. (Well 80.1 million when I looked.) Version 1.0 of Mozilla Firefox was released ~9 months ago.
-
IE too dangerous to use?
In all fairness this is a year old news release from US-CERT. Beware of IE, certainly there have been patches for IE since this release (3 this week.) But have all of the issues they raise been dealt with? According to Secunia there are still 20 advisories related to Internet Explorer that are unpatched.
-
Sunbeltblog has more info on the identity theft keylogger and will offer removal tool
There another two fascinating posts in the saga of the massive identity theft that was reported in the Sunbelt blog. For starters they detail the beast here. It sounds truly devious, MAY still be related to coolwebsearch after all. It turns off Windows firewall and runs through Internet Explorer (thereby bypassing any other software firewall.)
(more…) -
Raft of Microsoft updates out – time to get updating
The promised batch of windows updates for today are now out and it turns out there were 3 critical updates out of the 6 released. It looks as though the biggy is an RPC problem with the plug and play system (Plug and play needing a remote procedure call?) This is one that could likely be quickly exloited. There is a workaround on this of having port 139 and 445 firewalled (many places do that by default now, last I checked my ISP does.) Don’t take that as a tool for complacence though. Patch it anyway!
-
Browser competition, market decisions and open standards
I just read a blog entry at zdnet. The writer, John Carroll, essentially asserts that the free market has chosen that monopoly in the case of the web browser IS what’s best for it. There are a few things that I think he fails to take into account in his perspective on browsers and competition.