Oracle Corp. has shipped a new version of its Java software that nixes a feature in Java that hackers have been using to foist malicious software. Java 6 Update 20 was released sometime in the last 24 hours, and includes some security fixes, although Oracle’s documentation on that front is somewhat opaque. Most significantly, the update removes a feature that hackers have started using to install malware.
Last week, a Google security researcher detailed a little-known feature built into Java that can be used to launch third-party applications. Today, security experts unearthed evidence that a popular song lyrics Web site was compromised and seeded with code that leverages this Java feature to install malicious software.
Security experts have long maintained that running two different anti-virus products on the same Windows machine is asking for trouble, because the two programs will compete for resources, slow down or even crash the host PC.
But an upstart anti-virus company called Immunet Protect is hoping Windows users shrug off this conventional wisdom, and embrace the dual anti-virus approach. Indeed, the company’s free product works largely by sharing data about virus detections by other anti-virus products on the PCs of the Immunet user community.
Software giants Adobe and Microsoft today each released software updates to fix critical security flaws in their products. In addition, Adobe is rolling out a new auto-updater tool that should make it easier for hundreds of millions of Adobe Reader users to more safely run one of the most frequently attacked applications on the Internet today.
Many anti-virus products — particularly the “Internet security suite” variety — now ship with various Web browser toolbars, plug-ins and add-ons designed to help protect the customer’s personal information and to detect malicious Web sites. Unfortunately, if designed poorly, these browser extras can actually lower the security posture of the user’s system by introducing security and stability issues.
A large number of bloggers using Wordpress are reporting that their sites were recently hacked and redirecting visitors to a page that tries to install malicious software.
A proposal to let Internet service providers conceal the contact information for their business customers is drawing fire from a number of experts in the security community, who say the change will make it harder to mitigate the threat from botnets and malicious software.
A rash of home foreclosures and abandoned dwellings had already taken its toll on the tax revenue for the Village of Summit, a town of 10,000 just outside Chicago. Then, in March, computer crooks broke into the town’s online bank account, making off with nearly $100,000.
One bit of criticism I’ve heard about my stories on small businesses losing their shirts over online banking fraud is that I don’t often enough point out what banks and customers should be doing differently to lessen the chance of suffering one of these incidents. As it happens, a source of mine was recently at a conference where one of the key speakers was a senior official from the Office of the Comptroller of the Currency, one of the main banking industry regulators.
Foxit Software has issued an update to make it easier for users to spot PDF files that may contain malicious content. Also, Apple has pushed out new versions of QuickTime and iTunes that correct nearly two dozen security problems in… Read More »
