This is bad – whose defending the defender? eEye security has a bulletin announced that regards a remotely exploitable vulnerability in Symantec Antivirus 10.x and Symantec Client Security 3.x They say other versions MAY be vulnerable they’re waiting for information from Symantec. Now, Symantec is probably the biggest selling antivirus package out there. It looks […]
The Mozilla Firefox 1.0.x series will no longer be supported with security updates. IF you use Firefox as your web browser, make sure you’re using the current version in the 1.5 series (currently 1.5.0.3). You can find what your current version is by going to Help, “About Mozilla Firefox”. The 1.5 series automatically downloads and […]
A few days ago – while musing about the botnet take-down of Blue Security – I said something along the lines of “Make sure your pc’s are clean from “bugs” and help your friends do likewise. Spread the word, we need a “worldwide clean your computer with antivirus and antispyware day” or something like it. […]
There was some news on this last night at Incidents.org, today F-secure has some details as well on the trojan that’s dropped in this circulating, exploit. It seems as though the initial attack was very targetted against a specific organization. Antivirus packages did not recognize the trojan that the exploit file dropped as of yesterday, […]
I remember the first Windows XP vulnerability was a Upnp vulnerability. I have made one of my first visits on any new XP system a visit to grc.com to disable it on an XP workstation. But, it’s the great thing – makes life so much easier for setting up network devices. “You just don’t like […]
As reported over the last several days, there is a critical problem with RealVNC 4.1.1, there is NOW an exploit in the wild for RealVNC 4.1.1, that SANS is looking for more information on. There are updates from RealVNC for all affected product lines. Other VNC implementations have not been reported to be affected. Only […]
To show you where the threat with bot networks is going there’s a story today on Nugache (Symantec summary) which is a bot that takes advantage of a number of clever tricks to avoid having the whole bot net shut down, allow command and control on an encrypted channel and essentially have no “human readable […]
There’s quite a bit more discussion on a DOS bug in Firefox 1.5.0.3, the link goes to a site where they’ve confirmed the issue and there is a link there to a POC, so be cautious. It turns out that using javascript, image tags can be made to have a mailto: link which can automatically […]
There is a company (well, unfortunately, WAS a company) called Blue Security. They had an innovative approach to stopping spam. A small download essentially sent opt-out return emails that were junk back to the REAL spam sender (clever concept huh? bouncing to the person that REALLY sent the message… Of course what was clever here […]
A few hours back, I updated My first post on the RealVNC 4.1.1 vulnerability and just saw another story that did not specify WHICH variation of VNC was at risk. TightVNC and UltraVNC seem to be immune according to the discoverer of the flaw. And as far as I’ve seen, there hasn’t been any contradiction […]
Bookmark this site now by pressing Ctrl+D
You are currently browsing the archives for the Security category.
