Extremely critical vulnerability in PDF reader

Is already being actively exploited by criminals.

Adobe has been made aware of the existence of a vulnerability in its PDF products, and Acrobat Reader, which is already being exploited by malicious.

According to the security firm Secunia the vulnerability is due to an error in font-analysis in CoolType.dll library to the Windows version of the software, but Adobe says that the vulnerability is not operating system dependent. This is apparent in all versions of Adobe Reader and Acrobat to version 9.3.4 and earlier.

Using a specially crafted PDF file occurs a stack based buffer overflow bugs that get the software to crash, which could give the attacker full access to the system. This PDF file can be offered to the user as an attachment to an e-mail or via a website.

his is how DLL vulnerability is exploited

Attacks via Web is probably the most effective.

There continue to emerge new information about library File problem in Windows. Now all evidence that the
vulnerabilities that create the problem, already exploited actively. It is possible to use the Metasploit to create DLLs that are loaded by the vulnerable Windows software.

It's all done using the WebDAV protocol (Web-based Distributed Authoring and Versioning), which opens the share that contains the shared across the Internet.

If the victim opens a document that is shared via WebDAV, it is possible that the software opens the document will also download and run a DLL file is located in the same folder.

Adobe with extraordinary security fix

It is urgent to get close serious security holes.

Adobe is in the morning with a security update to its Acrobat and Reader products. This is an extraordinary release that removes a very serious vulnerability.

Usually comes with Adobe quarterly security updates to the products, but now the company believes that it can not wait until October to remove this vulnerability.

The vulnerability in question was presented by celebrity hacker Charlie Miller at the Black Hat conference held in Las Vegas in late July. The vulnerability is caused an overflow in the handling of TrueType fonts. It can be exploited by malicious people to compromise the system.

Probably the security update also include security fixes, including an updated flash component used by Adobe Reader.

- Do not change passwords

Stuxnet worm affects Siemens systems. 9000 attacks a day, "says Symantec.

A Windows worm, which specifically attacks the industrial management and control wasting business sector in several countries. It utilizes the so-called Quick-way-hole, that attacks a wide range of versions of Windows.

The worm known as Stuxnet. Today it was announced that a new variant of the worm named jmidebs.sys have attacked an industrial hardware supplied by the German manufacturing giant Siemens has 420,800 employees in 190 countries.

Siemens confirmed that they have a problem with the software WinCC. This Windows-based system is implemented in the Siemens product SCADA (Supervisory Control and Data Acquisition) used in automation processes in manufacturing worldwide.

Siemens Group key is now out and warn their customers not to change your password or make other changes to the system.

iTunes holes can provide full system access

Apple asks users to upgrade.

Secunia reports that it found a vulnerability in iTunes. The hole is described by the security company as "highly critical", which is their second highest threat level.
The level means that malware can gain full system access to the computer, but so far there is no evidence of attack in circulation.

The vulnerability is due to an error in how the program handles itpc: / / links (iTunes protocol). Especially crafted URLs using this protocol can lead to buffer overflow errors, which in turn allows execution of arbitrary code.

Apple acknowledges the error. According to Apple the error is only in iTunes 9 to Windows, while the Secunia report that all older versions of iTunes are affected, both for Mac and Windows.

The hole, however, should be sealed in the latest version.

iTunes 9.2.1 was released on Monday this week, and both Secunia and Apple urges users to upgrade.

- Google access system was "stolen"

Opens for the exploitation of unknown vulnerabilities.

Although Google has gone out with a lot of information about "Operation Aurora, the attack that hit the company and several others last fall, the many details remain secret. This applies not least, what the attackers actually had access to.

Now, writes New York Times that among the attackers should have been joined, the Gaia, the system uses Google's services to check whether a user is already logged on another Google service (Single Sign-On). This tells an unnamed source that should have been directly involved in Google's investigation of the attack.

Seven years old IE error attacked in full

Only PDF-related vulnerabilities are attacked more often via the Web.

While mass scattering internet worms were the most common form in order to spread malware around the turn of the millennium, the Web-based attacks in recent years become increasingly dominant.
Symantec came yesterday with the Internet Security Threat Report Volume XV. There are shows that four of the five most exploited vulnerabilities in 2009 were Web-related, meaning that they can be exploited via HTTP (Hypertext Transfer Protocol).

Attacks Java-users via popular web site

A particularly nasty security hole, says security expert.

Despite the warnings, should not Oracle have said they are willing to bring forward a security patch that eliminates the vulnerability.

Yesterday reporting including research director Roger Thompson of AVG security company that actively exploited the vulnerability on a popular site for download of the lyrics. According to CNet News, it concerns this Songlyrics.com.

Remove up to 40 vulnerabilities from your PC

Install the new security updates from Microsoft and Adobe.

Both Microsoft and Adobe came yesterday with new security updates. Microsoft updates affect the company's Windows, Office and Exchange products, as Adobe only applies to Adobe Reader and Acrobat.

The most critical security updates that are now offered to Windows users, remove the vulnerabilities found in, respectively, Windows Authenticode Verification, SMB client and the Windows kernel. These vulnerabilities could potentially be exploited by attackers to gain complete control over the system. The security updates apply to all Windows versions from Windows 2000.

Microsoft will remove 25 vulnerabilities

Both Windows, Office and Exchange are affected.

Microsoft will this coming Tuesday with eleven security bulletins and associated security. These will remove a total of 25 vulnerabilities in Microsoft software.
Microsoft provides that five of the security updates are critical. All affects Windows products, but it's only Windows 2000 is affected by all five.

Will remove common browser error from Firefox

Can reveal the user's surfing habits.

Most browsers logs the URLs a user has visited. This history is taken care of in a period which in many cases, the user can decide the length of. This can in many ways be practical for the user, especially when entering URLs in the address field. If you have visited the site before, your readers may fill out the rest of the URL once the user has entered the first part. 
But the content of Web pages can be influenced by history. Links to web pages you have visited before, is often shown with a different color or style than non-visited links. How do the links look like, can be determined using a stylesheet (CSS).
The problem in most browsers is that the information about whether the links have been visited or not, is available via the Web site that links are displayed. Such information can be gathered using the JavaScript functions that getComputedStyle ().
Challenges is that you can not simply turn off this option without the users lose function.
Mozilla has been clear over the issue since 2002, when a notice was posted to Bugzilla.

Watch out for spam

E-mail with malicious code abound.

90.7% of global email is spam (junk mail). Most spam is type annoying, but some are downright dangerous and can cause your computer becomes part of a botnet.

90.7% of all emails worldwide are spam. Hungary (95.7%), Denmark (94.9%) and Italy (94.7%) are the three countries that tops the list, the March report from Symantec.
Spam mail can often be divided into three categories:

Monitoring employees use of social services

A U.S. service Alerts automatically when employees violate the rules.

Teneros is an American company that offers net cloud related to disaster preparedness and communication, including by "disaster recovery as a service" for Microsoft Exchange.

Last week, Teneros announced a new service, named "Social Sentry, which monitors employee use of social services, and alerts automatically when it detects violations of company rules for the use of these services.
Among the motives for companies to monitor employees' use of social services is to prevent the spread of sensitive information, ensure proper hiring processes, prevent legal risks and prevent damage to your brand.

10 steps to a secure PC

Batten down the hatches and protect you from both new and old threats. I show you how.
Each new wave of computer viruses, spyware and spam can get you to consider brushing the dust off the old typewriter. You need not go so far - it is possible to achieve good PC security, without having to feel like a chore. If you follow our 10 steps for better PC security, you will be protected against both current and future security threats.
 
1. Automatic patching. Make sure that Windows is configured to update itself. In Windows XP with Service Pack 2, click Start, Control Panel, Security Center. Then click the Automatic Updates, and turn on the updates to happen automatically. Do not have Service Pack 2 installed, you should go to Windows Update and install this as soon as possible.

2. Do not wait for Windows. If your PC has been switched off for more than a day, not wait for the automatic update in Windows to get going. Leave a visit to Windows Update site will be the first thing you do after you've turned on your PC. It may also be a delay between when a security update is available and when Windows Update delivers it to you. Microsoft releases security patches on the second Tuesday of each month, so to be sure you should check manually for updates with a couple of weeks. And do not forget to set the antivirus and antispyware programs to update themselves automatically!