[SecurityRatty] tag: users

40 Security Flaws Fixed In Mac OS X Security Update 2008-007

Thu, 09 Oct 2008 20:56:07 +0000

Apple has released another pack of patches that cover a total of 40 documented vulnerabilities affecting the Mac OS X. The Security Update 2008-007, available for Tiger and Leopard, covers a range of third-party components and Mac OS X flaws that could users at risk of remote code executions attacks. The more serious vulnerabilities include: Apache: CVE-2007-6420, [...]

Fake YouTube pages used to spread viruses

Thu, 09 Oct 2008 14:01:59 +0000

Savvy Internet users know that downloading unsolicited computer programs is one of the most dangerous things you can do online. It puts you at great risk for a virus or another time bomb from a hacker.

Fake YouTube Pages Getting Popular, New Tool Released Allows Fake Pages Creation In Seconds

Thu, 09 Oct 2008 09:47:56 +0000

TrendLabs report a new hacking tool that is circulating on the Internet and allows malicious users to create fake YouTube pages designed to deliver malware. The tool is detected by Trend Micro as HKTL_FAKEYOUT, features a Spanish-language user-friendly console that a “hacker” could use to create a pair of Web pages that look eerily identical [...]

SmartPhones Just One More Spam Vector

Thu, 09 Oct 2008 07:03:56 +0000

The Apple iPhone has another vulnerability, one that shouldn’t surprise you if you’ve been paying attention.

The news of the latest problems surfaced after Apple allegedly ignored researchers’ reports to them and the researchers decided to go public with the news :

In Mail, users can hover over an embedded hyperlink to see the URL, but these URLS get cut off due to the small screen. Users might see a trusted domain, but when they click it, find that the link actually resolves to an untrusted site.

The second vulnerability is that Mail automatically downloads images, leaving users open to malware.

It’s “a pretty dumb design flaw” says the researcher who discovered the problem.

Microsoft to improve Vista's problematic UAC in Windows 7

Wed, 08 Oct 2008 20:00:00 +0000

Microsoft plans to improve the much-maligned user account control (UAC) feature in the next version of its Windows client OS, acknowledging that the new security feature it built into Windows Vista has caused unnecessary problems for users.

More on "Helping With Compliance" vs "Selling Using Compliance"

Wed, 08 Oct 2008 09:37:00 +0000

So, here is a perfect example showing the idea I shared in my post "Just A Thought on Compliance": the exact quote is "it’s a vendor’s responsibility to make bearing the costs of PCI manageable."

Did he say "it is vendor's role to 'sell stuff' using PCI." God no! He said that vendors will make PCI "bearable" for end-users. A big difference ...

Yes, PCI DSS is "a driver" for vendors to sell security tools AND "a sledgehammer" for end-users to "motivate" their bosses into releasing budget, but the reality is that PCI DSS compliance is a non-trivial challenge for many organizations, and that they need HELP more than they need "being sold to."

And help is on its way...

Possibly related posts:

"Just A Thought on Compliance"

Two Years of Broken Crypto: Debian's Dress Rehearsal for a Global PKI Compromise

Wed, 08 Oct 2008 00:42:07 +0000

A patch to the OpenSSL package maintained by Debian GNU/Linux (an operating system composed of free and open source software that can be used as a desktop or server OS) submitted in 2006 weakened its pseudo-random number generator (PRNG), a critical component for secure key generation. Unnoticed for two years, the weak PRNG created a crypto-implementation nightmare with wide-ranging consequences that are difficult to repair. Putting both servers and users at risk, this vulnerability affected OpenSSH, Apache (mod_ssl), the onion router (TOR), OpenVPN, and other applications. In this article, I'll examine the issue and its consequences.

Data Retention and Privacy in Electronic Communications

Wed, 08 Oct 2008 00:42:06 +0000

The retention of communication data by network providers, often mandated by legislation, raises social and technical security concerns. A generic model combining technical, procedural, and legal controls can help secure retained data and minimize privacy threats against users.

'Clickjackers' could hijack Webcams, microphones, Adobe warns

Wed, 08 Oct 2008 00:00:00 +0000

Adobe Systems is warning users that hackers could use clickjacking attack tactics to secretly turn on a computer's microphone and Web camera.

Clickjackers could hijack Webcams, microphones, Adobe warns

Tue, 07 Oct 2008 20:00:00 +0000

Adobe Systems warned users Tuesday that hackers could use recently-reported "clickjacking" attack tactics to secretly turn on a computer's microphone and Web...