May 28
Wednesday, May 28th, 2008
If you have not yet applied the patch that Adobe released last month to plug security holes in its Flash Player, do not procrastinate further: Security experts warn that a growing number of Web sites are using Flash vulnerabilities to install password-stealing software when users visit them with unpatched Web browsers. It’s not entirely clear whether the attackers are taking advantage of a brand new flaw, or one that Adobe already fixed. Symantec, McAfee, the SANS Internet Storm Center and some independent researchers raised the alarm on Tuesday, indicating that hackers were exploiting a previously undocumented and unpatched flaw in Flash. Further analysis of the sites distributing the malicious code suggests that the attack does not work against the latest version of Flash for either Internet Explorer or Firefox. So, users with the latest version of Flash should be protected from this attack. Symantec’s initial writeup clashed with the […]
Read more…
Posted in News, Security | No Comments »
May 28
Wednesday, May 28th, 2008
People who use the free Foxit Reader software as an alternative to Adobe for viewing portable document format (PDF) files should take note: Foxit has shipped a new version that plugs a serious security hole in the program. The newest version, available here, brings Foxit to v. 2.3, Build 2923. Not sure which version you’re running? Click “Help,” and “About Foxit.” Researchers at security firm Secunia labeled the vulnerability as “highly critical.” The flaw stems from a problem with the way Foxit handles Javascript. I prefer Foxit over Adobe, and here’s one good example why: The lack of program bloat. Turns out, most Foxit reader users don’t have to worry about this flaw to begin with, because the free Foxit Reader ships without Javascript support by default. Rather, it is available as an add-on that you must manually download and install after installing the base program. By comparison, have […]
Read more…
Posted in News, Security | No Comments »
May 28
Wednesday, May 28th, 2008
At least 20,000 pawns recruited
Security researchers have discovered attack code in the wild that targets a previously unknown vulnerability in the latest version of Adobe Flash.…
Read more…
Posted in News, Security | No Comments »
May 23
Friday, May 23rd, 2008
ING Direct, the nation’s largest online-only bank, said this week that it was giving away a software tool that would allow customers to bank online safely at ING, even if the user’s PC was already infected with data-stealing malicious software. ING made the somewhat bold claim in partnering with an Israeli company named Trusteer, which offers an installable program called Rapport. Trusteer’s main invester is a man named Shlomo Kramer, co-founder of Check Point Software, the company that makes and markets the ZoneAlarm firewall products. Kramer is now CEO of Imperva, an application data protection company, which he co-founded with Mickey Boodaei, who is CEO of Trusteer. Boodaei said Rapport creates a “secure pipe” within the user’s computer that encapsulates data as it flows to the ING Direct Web site. Boodei said the software works by assuming control over the application programming interfaces or APIs in Windows, the set of
Read more…
Posted in News | No Comments »
May 23
Friday, May 23rd, 2008
The Bush administration is proposing a new tax collection program that would force credit card companies to report merchants’ income to the Internal Revenue Service. The plan has come under fire from privacy groups, who say it will create another private sector database tied to the Social Security numbers at a time when ID theft experts are urging companies to wean themselves from the use and collection of such information. The proposal is spelled out in the White House’s FY09 federal budget request for the U.S. Treasury, which the administration says includes some 16 changes to existing tax law designed to collect more than $36 billion in new revenues over 10 years. According to an analysis by the Center for Democracy & Technology, the proposal would require credit card companies to report the aggregate transactions of all businesses that have merchant accounts with the card issuers. The reports to […]
Read more…
Posted in News | No Comments »