Office 2007 SP2 is released as well
Several people have written in to tell us that upon reading my article about the IE8 update, that they also found Office 2007's SP2 waiting for them as a "critical" update as well.
Be sure and update Office at the same time! It's just general good practice to keep your software up to date. But our readers probably know that one already ;).
-- Joel Esler | http://www.joelesler.net | http://twitter.com/joelesler
Microsoft is turning off Auto-Run!
Well, kinda.
Yesterday morning Microsoft through their MSRC announced that they were going to further protection of Windows customers by disabling the Auto-Run "feature" in Windows for everything *except* optical media. (Because CD-ROM's can't be written to, according to them. I see nothing about CD-R and CD-RW specifically.)
I feel this is a good idea. There have always been virus/malware that liked to attach itself to things like thumbdrives and removable media like diskettes. (Does anyone use those anymore? ;) All the Windows environments that I've ever functioned in my whole career have always had Auto-Run disabled, so this is just good security practice by now.
For more details check out Microsoft's articles on the subject here and here.
Thanks to the reader who wrote in about this.
Update: Had a reader write in asking how to disable Auto-Run on <Win 7 machines. I "Googled" it (I haven't done this in years) and found this:
http://features.engadget.com/2004/06/29/how-to-tuesday-disable-autorun-on-windows/
http://support.microsoft.com/kb/967715/
-- Joel Esler | http://www.joelesler.net | http://twitter.com/joelesler
Facebook Phishing attack -- Don't go to fbaction.net
Matthew writes in to tell us about an article posted over on TechCrunch about a Phishing Attack that is "underway at Facebook."
This Phishing attack is an email that has the subject "Hello" (First off, if you receive an email that has a subject of "Hello", and that's all... immediately suspect for nonsense. I used to get a ton of these at one point, because I belonged to a website where people would post via a webpage, and this webpage had no spam protections, so the most common Subject was "Hello". It got so bad, I used to send all Emails with simply the subject "Hello" to /dev/null. (Yes, it was *that bad*.) Anyway, I digress.)
The phishing attack with read something like ""YOURFRIEND" sent you a message" with a link to go click on and read what your "friend" wrote.
The link instead sends you off to fbaction.net (Don't go there.) Where the page looks like the Facebook login page and they are hoping you will type in your credentials. Farily simple phish, so keep your eyes open.
Original article here. Thanks Matthew!
-- Joel Esler | http://www.joelesler.net | http://twitter.com/joelesler
Two Adobe 0-day vulnerabilities
There are two 0-day vulnerabilities on Adobe Acrobat announced today, all current versions are vulnerable. One exploits the annotation function and the other exploits the custom Dictionary function. Both of these buffer overflow vulnerabilities exist in the Javascript system of the Adobe Acrobat and can be mitigated by disabling Javascript on Adobe Acrobat.
Since the exploits for these vulnerabilities on Linux platform are posted to the Internet, we can just guess that someone will somehow make it work on Windows and use it to spread botnet agents shortly.
http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
https://defineprogramming.com/
Dec 26th 2022
8 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
8 months ago
rthrth
Jan 2nd 2023
8 months ago