Link: http://www.net-security.org/secworld.php?id=9778&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

Don't like this - in fact tell all the noobs you know as these are getting out of hand.

"Just because it appears that a friend 'likes' a Facebook page or application, shouldn't mean it's safe for you to click and find out more," said Graham Cluley, senior technology consultant at Sophos. "As soon as a page urges you to share or 'like' a link to your friends, and asks for personal information, alarm bells should start to ring. Users need to think twice and avoid being sucked into these increasingly widespread scams."

Facebook users that have been affected should delete references to this scam from their wall, to avoid sharing it further with their online friends.

Link: http://www.theinquirer.net/inquirer/news/1729566/adobe-patches-shockwave-bigtime

It's that time of the week again where one of your adobe products requires updating, this time it's Shockwave....

Adobe's Shockwave media player that is getting a whopping big patch to cover 20 security holes.

The patches cover Adobe's Shockwave Player 11.5.7.609 for both the Windows and Mac platforms and the company is rating the update as critical.

"The vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system," Adobe said in a security advisory.

Of the 20 holes, 18 fixes cover problems that would allow remote code execution on affected systems. One could allow a denial of service attack and the final flaw would allow a denial attack and could theoretically be exploited to allow remote code execution.

You can download the latest Shockwave here

Link: http://www.bbc.co.uk/news/technology-11065301

Oh boy, when it rains......

ITunes accounts linked to Paypal have been targeted in a scam with a number of users complaining that they have been cleaned out.

Apple and Paypal refused to discuss the details of the incident.

First - I'd change my Itunes password - Second I'd unlink my PayPal account until there's some disclosure about what is going on.

Link: http://tech.slashdot.org/story/10/08/24/0520245/Windows-DLL-Vulnerability-Exploit-In-the-Wild

This is troubling, I can expect a wave of dead systems coming. There's a vulnerability in the way Windows handles looking for a DLL file - and many apps are affected.

Many Windows programs can be exploited simply by tricking users into visiting malicious Web sites or opening malformed documents because of the way the software loads code libraries -- dubbed "dynamic-link library," or ".dll" in Windows -- as well as executable ".exe" and ".com" files. If hackers can plant disguised malware in one of the directories an application searches when it looks for those files, they can hijack the PC.

This one won't go away quickly - so prepare for trouble. Microsoft has released a tool to mitigate the issue but it's mostly for corporate and not very end user friendly.

There are other workarounds customers could take, including blocking outbound SMB (Server Message Block) traffic at the firewall and disabling Windows' built-in Web client.

But you know that 99% of people won't have a clue how to do this.

So if you're a system repairer or tech get ready for some extra work.

Link: http://www.msnbc.msn.com/id/38731070/ns/technology_and_science-tech_and_gadgets/

There's something rotten in HDMI again - don't fall for it.

Have you seen HDMI cables online or in stores labeled "120 Hz," "240Hz" and "480 Hz"? It's easy enough to slap such labels on HDMI cables but it's a sham. HDMI cables can no more be manufactured for specific refresh-rate HDTVs than a garden hose can be manufactured specifically to water seeded lawns and sod lawns. The same water flows through either one. The same HDTV signal flows through all HDMI cables, whether labeled "120Hz" or "480Hz" — or not labeled at all.

Link: http://gizmodo.com/5614047/the-top-ten-most-dangerous-things-you-can-do-online

Nice article for the noobs - and I can't preach enough about item #2 -

* Java / Adobe Reader / Adobe Flash are responsible for an astounding number of PC infections due to security exploits. The best way to avoid becoming a target is to update all three pieces of software as often as you can. Flash will prompt you automatically, but you can tell Java to search for updates daily, instead of bi-monthly. Sign in for automatic updates with Adobe Reader as well
* Make sure to update your windows operating system. One way to do this is to set your windows updates to install automatically. This will reduce your exposure to hackers exploiting vulnerabilities in the windows operating system

Link: http://www.adobe.com/support/security/bulletins/apsb10-17.html

Ok, so I hope all of you updated your flash players this week - and if you use Acrobat or Reader then tomorrow will be another patch day for you.

Updates for Adobe Reader 9.3.3 for Windows, Macintosh and Unix will accompany Adobe Acrobat 9.3.3 for Windows and Macintosh as well as cross-platform patches for Adobe Reader 8.2.3 and Acrobat 8.2.3

Don't put it off - Flash and the other Adobe products are on the top of the "how your pc gets infected" pile of apps.

Link: http://www.ghacks.net/2010/08/16/facebook-dislike-scam/

Don't fall for this one, there is no dislike button - if you've already fallen for it slap yourself and follow the instructions to remove the app.

The scam, reported by the BBC, tricks users into installing a rogue application that then posts spam messages to all their contacts. The spam messages then containing links through to malicious websites.

The messages will try to get your attention by using messages such as “OMG, shocking video” and they appear to come legitimately from a friend.

The rogue application takes advantage of the fact that many users don’t properly understand their privacy settings on Facebook and will not know how to deactivate the app later on which, by the way you can do by clicking on “Account” in the top right corner of the window then “Application Settings” and pressing the “x” next to the offending app.

Once a user has installed the app it then posts a message to their profile along the lines of “I just got the dislike button, so now I can dislike all of your dumb posts lol!!!” in order to try and tempt their friends to install the app too.

Link: http://www.zdnet.com/blog/security/adobe-warns-of-critical-flash-player-flaws/7111

This week brings news of at least six critical security vulnerabilities that could allow hackers to launch remote code execution attacks, the company warned in an advisory.

The flaws affect Adobe Flash Player 10.1.53.64 and earlier versions for Windows, Macintosh, Linux and Solaris.

Adobe AIR 2.0.2.12610 and earlier versions for Windows, Macintosh and Linux are also affected by these vulnerabilities.

You can check your Flash version HERE if you need to , however it's almost a sure bet that you'll need the patch.

Link: http://www.v3.co.uk/v3/news/2267858/security-concerns-latest-rogue

Just like the last one really -

the application is being spread thanks to a 'shocking video' message which reads: 'OMG the worlds worst mcdonalds customer (shocking video must see).'

Clicking on the bit.ly link takes the user to a Facebook application called 'Worst McD's Customer' which asks permission to post to the user's wall, access their data at any time, access their contact information and their list of friends, Cluley explained.

"If you're sensible you'll pull out at this point and not grant the application permission to access your data," he wrote.

"But sadly plenty of people are keen to see the 'shocking video' and will hand over control to the rogue Facebook app which promptly posts the link as a status update to your Facebook wall thus perpetuating the cycle."

Don't get caught by this one - but if you did.....

Cluley recommended that victims remove the references to the link from the newsfeed, delete their status message and make sure that the application can no longer access their account.

Mark my words here - it won't be long until one of these does something far worse -

Link: http://www.theregister.co.uk/2010/08/05/microsoft_august_2010_patch_tuesday/

The next Patch Tuesday, scheduled for August 10, will include 14 bulletins, eight of which are rated critical, Microsoft's highest severity classification, generally reserved for bugs that can be exploited to remotely execute malware on vulnerable systems with little or no interaction on the part of the end user. Six of those bulletins apply to Windows, another one applies jointly to Windows and Silverlight and the last to the Office suite.

So don't put off the patches - you know these flaws will be exploited shortly.

Link: http://www.adobe.com/support/security/bulletins/apsb10-17.html

Yikes,

Adobe is planning to release updates for Adobe Reader 9.3.3 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.3 for Windows and Macintosh, and Adobe Reader 8.2.3 and Acrobat 8.2.3 for Windows and Macintosh to resolve critical security issues, including CVE-2010-2862 which was discussed at the Black Hat USA 2010 security conference on Wednesday, July 28, 2010. Adobe expects to make these updates available during the week of August 16, 2010.

Watch what pdf files you download for the next couple weeks eh?

Link: http://www.pbs.org/mediashift/2010/07/writers-explain-what-its-like-toiling-on-the-content-farm202.html

If you're the type of person that wants to find out how to shear a llama - you'd probably be best off getting a book......

"Never trust anything you read on eHow.com," she said, referring to one of Demand Media's high-traffic websites, on which most of her clips appeared.

Go figure , people just wrote tons of articles for the quick cash.

Link: http://www.ghacks.net/2010/07/31/except-out-of-band-windows-security-release-on-august-2/

Microsoft plans to release on Monday an emergency fix for a Windows vulnerability that is being exploited by attackers using a "highly virulent strain" of malware. Affected versions of Windows include Windows 7, XP, Server 2003, Vista and Server 2008.

You know it's gotta be bad when this happens. I don't have any details on the exact form of malware that is being used, but here is the MS Tech article.

Link: http://www.zdnet.com/blog/btl/big-media-sites-sued-over-use-of-zombie-cookies/37301

Some of the nation’s largest media Web sites - including ABC, ESPN, Hulu, MySpace and MTV - were named in a lawsuit filed last Friday for violating federal computer intrusion laws.

At issue is the use of “zombie cookies,” a technology created by Quantcast - which is also named in the lawsuit - that allows site owners to use a storage compartment in Adobe’s Flash player to recreate Web tracking files after they’ve been manually deleted by the user.

Flash cookies - I've talked about them before - you can manually view and delete your flash cookies from this panel HERE

and if you use Firefox you can get better privacy and have Flash cookies deleted on browser close.

Link: http://www.theinquirer.net/inquirer/news/1721315/facebook-security-flaw-remotely-controls-accounts

I've seen this in action and reported on it before, but apparently it's getting worse with researchers unclear what the attack will eventually lead to.

Roger Thompson chief research officer at AVG revealed a Javascript injection attack that lures users by providing a link to a video, which it claims "99% of people can't watch". The link forwards users to another page that asks them to paste Javascript code into their browser's address bar.

Upon entering the code users are taken to another page that states that the user "likes" the video and adds a link to it in the user's Facebook status. Thompson says that it is the first such case his team are aware of in which Facebook accounts are remotely controlled.

Link: http://it.slashdot.org/story/10/07/06/1554229/The-Unstoppable-Tech-Support-Scam?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29&utm_content=Google+Feedfetcher

The con is both fiendishly clever and ridiculously simple. The fraudster cold-calls the customer and tells them that Microsoft has detected a virus on their PC, then invites them to download a piece of remote-assistance software. No doubt reassured by the lines of indecipherable code flitting across their screen, the caller assures the customer they can make the virus vanish – but first, of course, they want payment. £185 to be precise. The spoof site behind the scam is approved by McAfee's Site Advisor and bears Microsoft logos, something which both companies have failed to act upon. Meanwhile, an assortment of British regulators have said there is nothing they can do to stop it."

Link: http://www.huffingtonpost.com/2010/07/03/rocky-mountain-natural-me_n_634897.html

If you have any Bison Burgers hanging around - you'd better check the lot numbers ...

Rocky Mountain Natural Meats in Henderson recalled the ground and tenderized bison after it was linked to sickening five people in Colorado and one in New York, the U.S. Department of Agriculture said Friday.

The USDA said the recalled bison meat was sold to stores nationwide between May 21 and May 27. The sicknesses were reported between June 1 and June 4.

All the products included in the recall have the establishment number "EST. 20247" inside the USDA mark of inspection.

Link: http://blog.bkis.com/en/adobe-fix-still-allows-escape-from-pdf/

Crap - it took them 3 months and now we need a new fix .....

The patch seems to be working. Now, what would happen if I modify the exploit code a bit?

Specifically, I add the quotes to the parameters passed to /F.

Eg: /F(cmd.exe) becomes /F(“cmd.exe”)

With the quotes added, Adobe Reader will not block the execution and the warning becomes as follow:

Link: http://www.theregister.co.uk/2010/06/30/windows_exploit_spike/

If you've got either of these operating systems you'd be well advised to follow the mitigation HERE as the patch is not coming for a while....

Microsoft said on Wednesday that its security team has detected more than 10,000 distinct computers that have experienced the attack against the bug in the Windows Help and Support Center. The vulnerability, which was disclosed on June 10 by researcher Tavis Ormandy, makes it possible for attackers to remotely install malware on computers running Windows XP and Server 2003 by luring end users to booby-trapped websites.

Link: http://www.ghacks.net/2010/06/29/adobe-reader-9-3-3-released-fixes-critical-security-issues/

Almost everyone has Acrobat - and almost everyone (those who didn't update) is vulnerable to system crushing malware.

there are total of 17 documented vulnerabilities that expose Windows, Mac, and Unix users to malicious hacker attacks. The update affects Adobe Reader/Acrobat 9.3.2 and earlier versions.

Do yourself a favor - go to start / programs / adobe reader and chose help / updates. You'll thank me later. Yeah, you can do it now, we'll wait.

Link: http://blogs.adobe.com/psirt/2010/06/pre-notification_-_quarterly_s_3.html

It took Adobe quite a while to lay this one down, Make yourself a note and update next Tuesday - the vulnerability is actively being exploited and this applies to all operating systems.

Link: http://www.businessinsider.com/how-to-trick-people-into-becoming-your-fans-on-facebook-2010-6

Sadly this was brought to my attention when someone I know sent a link to something like "100% of people smile after seeing this video" - after clicking on that link you were brought to a screen where you were then asked to "like" the post. - The like button was a lie though and auto subscribed you to the page. To make it worse you were then brought to a page where you had to spam 10 people with the link before you could see the video.

Whats all this for? - So the creator of the page has access to spam and annoy you.

Recently, among the many controversial changes Facebook made, the company replaced the option to "Become a Fan" of brand or product pages with the option to Like them. This was purely a change in language -- the people who Like a brand are added to a list which that brand can spam on Facebook or through email as it sees fit.

Link: http://www.itworld.com/internet/110593/mass-web-attack-hits-wall-street-journal-jerusalem-post?source=itw_rss

Looks like system repairers will be busy again this week....

Cisco Systems' Web-tracking subsidiary, ScanSafe, started following the incident two days ago, said Mary Landesman, a senior security researcher with Cisco. Somehow, the hackers have posted malicious HTML code on the affected Web sites that redirects victims to a malicious Web server. This server tries to install software on Web visitors' computers. If it's successful, the software gives the criminals a way to remotely control their victims' PCs.

Big sites like the Wall St. Journal and Jerusalem Post have been associated. Read the article and scan your rig.

Link: http://mashable.com/2010/06/14/rogue-facebook-app/

Seems like this is all the rage now - have you take the bait for this one? Many people have.

According to the security firm Sophos, more than 190,000 people have already clicked on a link sent by this rogue app that promises to show “shocking video”" of a teacher physically assaulting a young man.

Ah, social engineering - works every time.

If you have fallen for this attack, remove the app from your profile and then check your privacy settings to make sure nothing has changed on that front. Also delete any posts the app has made on your wall.

I'm telling ya, these are just tests - won't be long before one of these installs a trojan or rootkit. Countdown begins in 3....2....

Link: http://research.globalthoughtz.com/index.php/tests-on-3d-glasses-in-theaters-raise-health-concerns/

This is pretty nasty, when you put your 3D glasses into that recycle box it looks like all the theaters do is repackage them. That's right, no wash no sanitize.

According to a small research carried out by Good Housekeeping tested glasses from seven theaters in New York, New Jersey, and Connecticut, where every pair turned out to be infested with germs that might result into some serious infections.

Or - keep your pair of glasses and bring it back with you to the movies. That way they're clean and you can wear them in everyday life to have some fun.

Link: http://www.zdnet.com/blog/security/googler-releases-windows-zero-day-exploit-microsoft-unimpressed/6659

This one's about hcp:// links... Don't know what they are? They're windows help protocol links. There is a registry edit you can do to disable hcp.

Why anyone would want hcp anyway is beyond me.

The vulnerability, which is due to improper sanitization of hcp:// URIs may allow a remote, unauthenticated attacker to execute arbitrary commands.

Link: http://get.adobe.com/flashplayer/

The exploit is in the wild and being used to take over computers and install malware - if you do nothing else today - go and get the new flash player and install it. Trust me, you'll be glad you did. (though don't forget to uncheck whatever crapware Adobe is trying to bundle with it eh?)

An added bonus is that this player supposedly comes with Hardware Acceleration - so it's got that going for it too.

Adobe has shipped a “critical” Flash Player update to fix a total of 32 documented vulnerabilities in the ubiquitous software product.
The Adobe Flash Player 10.1.53.64 update comes on the heels of last week’s in-the-wild attacks against a zero-day hole in Adobe’s Reader and Flash Player product. This patch fixes that vulnerability along with 31 other serious security problems.

The vulnerabilities in this patch batch affects all major operating systems: Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris; Adobe AIR 1.5.3.9130 and earlier versions for Windows, Macintosh and Linux.

Link: http://www.dailytech.com/ATTs+Gaping+Hole+Exposes+114000+iPad+3G+Buyers+Email+Addresses/article18670.htm

A big OOPS on the part of AT&T -

a group called Goatse Security has published the personal email addresses of 114,067 iPad 3G purchasers according to Gawker. The email addresses were obtained in what appears to be a legal fashion by querying a public interface that AT&T accidentally left exposed.

Heh, nice name. -

Every one of these individuals and thousands of other everyday people had their email addresses and corresponding ICC-IDs (integrated circuit card identifiers) leaked. The ICC-ID is a number used to uniquely identify SIM cards for a particular subscriber's device.

And here's the kicker -- before reporting this gaping hole to AT&T, they shared the exploit with various interested parties. So there's no telling who else used it, how many more IDs were leaked, or what other damage could have resulted.

With the ICC-ID and unique email in hand, malicious parties could easily launch mass attacks to try to gain further access. For example, it's likely that at least one of those email addresses with the password "darthvader" would return account access.

So - if you have a weak email password and you bought an Ipad - go and strengthen that password right now.

Link: http://news.cnet.com/8301-27080_3-20007119-245.html

Ranked so highly because it's an open zero day hole and it's currently being exploited.

Adobe Systems said it will issue a patch for a critical hole being exploited in the wild by delivering an update for Flash Player by Thursday, and for Adobe Reader and Acrobat by June 29.

The update of Flash Player 10.x will support Windows, Macintosh, and Linux, while the date for the release of a Solaris version is still to be determined, Adobe said late Monday. Meanwhile, the Adobe Reader and Acrobat update to come in three weeks will support Windows, Mac, and Unix.

Adobe released the advisory late last week and said there had been reports of the hole being exploited to take remote control of computers.

Link: http://news.cnet.com/8301-27080_3-20007103-245.html

If you haven't gotten yesterdays patches yet - either go to the control panel and hit windows updates (Vista / Win 7) or visit windowsupdate.microsoft.com (all others) and update.

Overall, this Patch Tuesday release involves 10 bulletins fixing 34 vulnerabilities affecting all supported versions of Windows, Office XP, Office 2003 and 2007 Microsoft Office System, Office 2004 and 2008 for Mac, Excel Viewer, and Sharepoint Services 3.0.

"This is the largest Microsoft patch release of 2010 and ties the record for the most vulnerabilities ever addressed in a single month; a record set in October of last year," said Joshua Talbot, security intelligence manager at Symantec Security Response. "This month's release also features the largest ever single bulletin, with 14 vulnerabilities in Excel being addressed together."

Link: http://www.v3.co.uk/v3/news/2264227/experts-warn-malicious-twitter

Be wary when clicking on tweets -

Websense Security Labs said in a blog post that the emails are designed to imitate a Twitter Password Reset Notification message.

The spam contains a link to a compromised web site that, when clicked on or pasted into the browser, prompts the user to download a malicious executable named 'password.exe'.

The executable turns out to be fake anti-virus software called Protection Center Safebrowser. It has been created to appear genuine by alerting the user that it has discovered malicious files on the desktop.

Of course you'll never get a malicious tweet when following GeeG - we serve up only the good stuff.

Just when you thought it was safe to go on the net again ....

A vulnerability has been reported in Adobe Flash Player, which can be exploited by malicious people to compromise a user’s system.

The vulnerability is caused due to an unspecified error. No more information is currently available.

Successful exploitation allows execution of arbitrary code.

The vulnerability is reported in version 10.0.45.2 and prior 10.0.x and 9.0.x versions for Windows, Macintosh, Linux, and Solaris.

So it's not just Windows being exploited - there is a mitigation method... you can download the Release Candidate of flash HERE

and for Acrobat reader you can delete a dll - (which will prevent embedded flash in pdf's - why anyone would need that anyway is beyond me)

Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content.
The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.

Link: http://www.cpsc.gov/cpscpub/prerel/prhtml10/10255.html

Get your reading glasses out and open the dishwasher -

The recall includes Maytag®, Amana®, Jenn-Air®, Admiral®, Magic Chef®, Performa by Maytag® and Crosley® brand dishwashers with plastic tubs and certain serial numbers. The affected dishwashers were manufactured with black, bisque, white, silver and stainless steel front panels.

Consumers should immediately stop using the recalled dishwashers, disconnect the electric supply by shutting off the fuse or circuit breaker controlling it, inform all users of the dishwasher about the risk of fire and contact Maytag to verify if their dishwasher is included in the recall. If the dishwasher is included in the recall, consumers can either schedule a free in-home repair or receive a rebate following the purchase of certain new Maytag brand stainless-steel tub dishwashers. The rebate is $150 if the consumer purchases new dishwasher models

Full details and serial numbers in the link - the worrying thing about this is that it appears it might happen even if you are not using the dishwasher, hence the unplug / circuit breaker warning.

Link: http://consumerist.com/2010/06/freecreditreport-looking-for-new-house-band.html

You know those scumbags at Free Credit Report - the ones that offer a free service once you pay for their scam service? Well, they've been busted by the FCC and changed their name to FreCreditScore.com - and they are looking for a new band.

Our friends at FreeCreditReport.com, now required by to change their services by the FTC, plan to rebrand as FreeCreditScore.com. They're also looking for a new house band, to play a whole new set of insipid and misleading but catchy credit-related ditties. Your band, if you have one, can enter. If you don't, you can vote.

Remember - you are entitled to one free credit report per year from the US government at AnnualCreditReport.com - don't get hosed.