Incidents.org is reporting scanning for phpbb include vulnerabilities through Google. Apparently there is an IRC botnet being “cultivated”. They are scanning for versions of phpBB prior to 2.0.10, the current release is 2.0.18.
The new IRC bot scans for vulnerable systems using Google, when successful it announces that “oopz and sirh0t and Aleks g0t pwned u!”, and has UDP flooding and UDP/ICMP/TCP scanning capabilities.
The file phpbb_patch was found on exploited systems.
That most wonderful day of the month has come when we get an idea of what vulnerabilities we may see exploited…. Seriously, if you run Windows, go to windowsupdate.microsoft.com or ensure you have automatic updates if at all possible. This months most critical update relates to a vulnerability in the way windows renders (draws) images. It appears that an attacker could design a web page with images in such a way as to run arbitrary (anything they want) code (programs) on the victims computer, alter or view data, or simply control the machine (creating/removing user accounts, etc.)
I’m going to have get used to that new name. Frankly I liked winex – simple and to the point, it was like DirectX, only WineX…. then they went and changed the name to cedega and I can never remember how to spell it cedaga / cedega / cedege… anyway, Whatever it is, I’ve installed version 5.0 now. And here are my first impressions. For starters let me say that I usually don’t test based on the latest greatest games, but the older games I’ve installed and left in my point2play setup to see what improements are made.
It looks as though we can expect one critical update to Windows this week on the monthly patch cycle from Microsoft.
Well it shouldn’t come as a big surprise, but Microsoft is expected to bundle their anti-spyware product (which will be renamed windows defender) with Vista when the next version of the OS ships. It’s probably not a big surprise given the headaches that people have with spyware and the potential for a subscription update service. For most people this will probably be the only anti-spyware application they have.
For those of us that have adsense on our sites and use firefox… the adsense notifier extension has been updated to handle the new login system for google adsense, and it should notify the user of terms of service updates.
The last month has been quite busy as is evidenced by so few postings here…. Of course, the majority of what I do is on-site computer service and sometimes that explodes to fill most every moment of most every day leaving little time for “un-necessary” things like this… nothing big seems to be popping today, so I may get to write a few things.
(more…)
Well, it’s been a bit since a post here, but if you haven’t already patch your systems with Microsoft update, as new updates were released yesterday. Incidents.org is reporting rumors of bugs in the wild. Everyone KNOWS the window between vulnerability and exploit is getting shorter and shorter, so if you have a windows system go forth and patch….
It looks as though there are quite a few things that I have skimmed over the last two days and haven’t posted on. I’ve been preoccupied with a couple of projects and frankly following news regarding the hurricane along the Gulf Coast. I thought I’d pass along two links that I’ve been following today specifically with regards to the situation in New Orleans. This is as much for my reference as anyone elses, but… The Times-Picayune’s Breaking News page, some detailed reports from a paper in the New Orleans area, they had to evacuate earlier today due to rising flood waters and are now keeping things updated from a temporary office. Also, WWltv.com has a blog page up with brief updates as they get them. These two sites have been sources that seem to lead the networks in updates. (The news networks seem to get bogged down recycling earlier stories.)
Well, frankly, there has been talk of the end of definition based antivirus scanning for years. You see the achilles heel of any AV scanner is that it has to have signatures of what known viruses look like, so there will always be a reflex window, where there’s a new unknown virus that people are getting infected with before there’s a reaction from the antivirus vendors. The supposed cure for this dillema was hueristic scanning which was supposed to detect things that “looked” like they might be viruses. A noble goal, but along the path it’s proven innefective mostly, either too aggressive and tagging EVERYTHING as potentially viral, or really unnoticable.