Support Wars

From Ars Technica: Now that we’re past the halfway point of 2010, it’s starting to become apparent that the browser trends we’ve noted over the past several months are no longer holding. Sure, Safari and Opera are still slowly gaining share, but the three big guys are restless. Firefox has started declining, Chrome’s growth spurt [...]

From Dark Reading: Adobe’s Reader and Acrobat PDF applications have been hit by a new attack exploiting an unpatched vulnerability in the pervasive tools. So far the exploit has been used mostly in targeted attacks, but researchers say it could soon spread now that the cat is out of the bag. Adobe late yesterday issued [...]

From ISC SANS: The almost universally installed flash player of adobe has been update to version 10.0.42.34. Adobe air was upgraded as well to version 1.5.3. Read more about it in the apsb09-19 bulletin from adobe. The reason behind it are 7 vulnerabilities: CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800 and, CVE-2009-3951 of which 6 lead [...]

From Taranfx: Who was that someone shouting loud that only Jailbreaking makes iPhone insecure?  We now have a new App that makes even an UnModified/Virgin iPhone leak personal data like you have never seen before. A Swiss iPhone developer has unveiled a new application that is capable of harvesting huge amounts of personal data from [...]

From Dark Reading’s SophosLabs Insights: The latest iPhone worm is much more malicious than the last one. Rather than the Ikee worm’s trick of changing your wallpaper to a (for some disturbing) image of 1980s pop star Rick Astley, the Duh worm hijacks your jailbroken iPhone, turning it into part of a botnet. As if [...]

From ZDnet: Security researchers have stumbled upon a new piece of ransomware that blocks an infected computer from accessing the Internet until a fee is paid via SMS (text message). According CA researcher Zarestel Ferrer, the ransomware file is bundled with a program called uFast Download Manager.  Once a machine is infected, a message is [...]

From Dark Reading:

From  Tech Republic: Roberto Suggi Liverani and Nick Freeman, security consultants with security-assessment.com have discovered that poorly-written Firefox extensions can be exploited to install malware on a victim’s computer. It seems Mozilla does not have any security requirements for extensions. That’s a problem, as their flagship Web browser Firefox implicitly trusts extension software. I first [...]

A new zero day exploit has been reported for IE 6 and 7.  From Symantec: A new exploit targeting Internet Explorer was published to the BugTraq mailing list yesterday. Symantec has conducted further tests and confirmed that it affects Internet Explorer versions 6 and 7 as well. The exploit currently exhibits signs of poor reliability, [...]

I found this little gem while catching up on my ISC SANS reading this morning. Have you ever thought about your routers.  I mean – *really* thought about them?  They think all day long, processing all of the packets in and out of your company’s WAN or internet connection, and hardly ever complain.  But can [...]