Category Archives: Latest Warnings

Security Alert for Windows XP Users

June 14, 2010

Microsoft is warning Windows XP and Server 2003 users that exploit code has been posted online showing attackers how to break into these operating systems remotely via a newly-discovered security flaw.

The security flaw has to do with a weakness in the way the Windows Help and Support Center processes links. Both Windows XP and Server 2003 retrieve help and support information from a fixed set of Web pages that are included on a whitelist maintained by Windows. But Google security research Tavis Ormandy discovered that it was possible to add URLs to that whitelist.

Don’t Need Java? Junk It.

June 11, 2010

67 Comments

I am often asked to recommend security software, but I think it’s important to bear in mind that staying secure is just as often about removing little-used software that increases your exposure to online threats. At the very top of my nix-it-now list is Java, a powerful application that most users have on their systems but that probably few actually need.

ZeuS Trojan Attack Spoofs IRS, Twitter, Youtube

June 9, 2010

41 Comments

Criminals have launched an major e-mail campaign to deploy the infamous ZeuS Trojan, blasting out spam messages variously disguised as fraud alerts from the Internal Revenue Service, Twitter account hijack warnings, and salacious Youtube.com videos.

Microsoft, Apple Ship Big Security Updates

June 8, 2010

28 Comments

In its largest patch push so far this year, Microsoft today released 10 security updates to fix at least 34 security vulnerabilities in its Windows operating system and software designed to run on top of it. Separately, Apple has shipped another version of Safari for both Mac and Windows PCs that patches some four dozen security holes in the Web browser.

Adobe Warns of Critical Flaw in Flash, Acrobat & Reader

June 5, 2010

35 Comments

Adobe Systems Inc. warned late Friday that malicious hackers are exploiting a previously unknown security hole present in current versions of its Adobe Reader, Acrobat and Flash Player software.

“There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player and Adobe Reader and Acrobat,” the company said in a brief blog post published Friday evening. “This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system.”

Wi-Fi Street Smarts, iPhone Edition

June 1, 2010

17 Comments

If you use your iPhone to connect to open or public Wi-Fi networks, it’s a good idea to tell the device to forget the wireless network’s name after you’re done using it, as failing to do so could make it easier for snoops to eavesdrop on your iPhone data usage.

For example, if you use your iPhone to connect to an open wireless network called “linksys,” — which happens to be the default, out-of-the-box name assigned to all Linksys home Wi-Fi routers — your iPhone will in the future automatically connect to any Wi-Fi network by that same name.

The potential security and privacy threat here is that an attacker could abuse this behavior to sniff the network for passwords and other sensitive information transmitted from nearby iPhones even when the owners of those phones have no intention of connecting to a wireless network, simply by giving his rogue access point a common name.

Revisiting the Eleonore Exploit Kit

May 24, 2010

29 Comments

Not long after I launched this blog, I wrote about the damage wrought by the Eleonore Exploit Kit, an increasingly prevalent commercial hacking tool that makes it easy for criminals to booby-trap Web sites with malicious software. That post generated tremendous public interest because it offered a peek at the statistics page that normally only the criminals operating these kits get to see.

I’m revisiting this topic again because I managed to have a look at another live Eleonore exploit pack panel, and the data seems to reinforce a previous hunch: Today’s attackers care less about the browser you use and more about whether your third-party browser add-ons and plugins are up-to-date.

ReclaimPrivacy.org: Facebook Privacy 101

May 20, 2010

35 Comments

If you’ve been watching the slow motion train wreck that is Facebook.com’s recent effort to revamp its privacy promises, you may be wondering where to start unraveling all of the privacy “choices” offered by the world’s largest online social network. Fortunately, developers are starting to release free new tools so that you don’t need a masters in Facebook privacy or read a statement longer than the U.S. Constitution to get started.

Stolen Laptop Exposes Personal Data on 207,000 Army Reservists

May 13, 2010

34 Comments

A laptop stolen from a government contractor last month contained names, addresses and Social Security numbers of more than 207,000 U.S. Army reservists, Krebsonsecurity.com has learned. The U.S. Army Reserve Command began alerting affected reservists on May 7 via e-mail.… Read More »

Microsoft, Adobe Push Critical Security Updates

May 12, 2010

22 Comments

Microsoft Corp. and Adobe Systems each released security updates on Tuesday. Microsoft issued two “critical” patches that address one security flaw apiece, while Adobe’s patches fix a whole mess of serious vulnerabilities in its software. One of the critical updates… Read More »