Archive for the ‘ Computer Security ’ Category

Jul 22

WordPress has released a new version 2.8.2 to download

Many webmasters are engaged with WordPress to establish their business by taking advantage of using the blogging software. Although there are number of benefits to be realized by using WordPress, some entrepreneurs are facing serious issues like security vulnerability. In order to make sure its users have the most secure platform available WordPress has released a new version 2.8.2 security patch.

This new version will help webmasters to get rid of an XSS vulnerability that was identified by a site admin. The XSS vulnerability will allow hackers to access the admin page by inserting certain code in a form. The previous version of WordPress 2.8.1 was released just two weeks ago.

Anyone running WordPress 2.8 or 2.8.1 can upgrade to this latest version right away. The latest major version is faster than ever. Don’t delay! WordPress 2.8.2 is available for download here. Development on 2.9 is already underway, with a bunch of feature list. Hope the WordPress team will release it soon.

Jul 21

Upgrade to Firefox 3.5.1 to trounce critical JavaScript glitch in Firefox 3.5

firefoxMozilla released Firefox 3.5 on 30th June 2009, and claimed that it contains more improved features than the previous version, supporting new web technologies, improving performance and ease of use. On July 9, Firefox user “zbyte” submitted an error report to Mozilla’s bug tracking system. According to the report, the browser crashes when text is typed into an input box in the site apport.ru instead of fetching the search result.

It is found that the security flaw lies in the Firefox’s Just-In-Time (JIT) Javascript compiler. Due to the vulnerability, the JIT compiler could become corrupt when a user lands on a tainted web page and paves way for an attacker to insert a malicious code on the user’s computer.

Initially, Firefox advised its users to turn off Javascript or use Noscript add-on. Another simple solution was to set “javascript.options.jit.content” to false in the configuration page which can be opened by typing about:config in the address bar.

Finally, Mozilla has come up with a permanent solution by releasing a new version of Firefox 3.5.1 which fixes the critical security vulnerability. Just upgrade your browser to the newer version to safeguard it from Javascript vulnerability. Don’t forget to enable your Javascript after updating your browser to the 3.5.1 version. Another issue that was making Firefox take a long time to load some Windows systems was fixed in the new version.

Jun 27

Between Facebook and its members, who to protect?

facebookFacebook, the most successful social network today, allows its adherents to create very different groups. However Facebook has to protect its system and that’s why some rules have to be respected.

It seems to be evident that a group like “Rogue Facebook Apps Early Warning Group” appears as a dangerous threat, even more when one knows that they spread unsafe information. But nevertheless, appearances could be misleading. Actually this group was created to warn its members about attacks happening on the social network and the risky information was divulged by mistake. But the Facebook team disabled the account of the group’s administrator. This decision appears like an unfair punishment.

The red line between knowing to attack and to protect isn’t often easy to determine.
In fact the real stake of “protecting Facebook” is not really to care for the application, but to protect the personal information and data of its numerous members who trust it and its security. We know that Facebook is not just a network of private life but also a job network. Therefore the dangers and stakes are greater.

So is it really a shame to form a group which can help adherents to be sure of their privacy and confidentiality? Having to opt between the network system’s survival and our own information, the choice should be quick!

May 21

Gumblar, a malware targeting IE users

Scansafe, the largest global provider of Web Security-as-a-Service, reported that a stealthy malware called Gumblar targets users of Internet Explorer and forcibly redirects Google search page results to compromised pages. It also steals FTP details of victims and creates a backdoor on the system. It is named for the domain gumblar.cn involved in the attacks.

“The stolen FTP credentials are then used to further compromise any Websites owned or operated by the victim,” Mary Landesman, senior security researcher at ScanSafe, told eWEEK. “As a result, there is exponential growth of these compromises—as more victims are infected by encountering a compromised site, the number of compromised sites also increases and thus more visitors are exposed.”

Landesman told SCMagazineUS.com, “Gumblar attacks have jumped nearly 188 percent over the first week of May.” The report also says that more than 1,500 Websites including Tennis.com, Variety.com and Coldwellbanker.com have been attacked in the first week of May.

The goal of the malware is to siphon dollars from Google’s highly profitable advertising franchises, by replacing links in the Google’s search results page with those of the attacker’s choice.

The attacker has made exploit code unique for every website, so it has become hard to identify a compromised site until it is surfed. Actually, the malware embeds malicious Javascript deep into a website’s source code that exploits the bug in a visitor’s Adobe Flash and Reader programs and makes the victim join a botnet that manipulates their Google search results. So users are advised to make sure their patches from Adobe Systems are up-to-date.

A Google spokesman told SCMagazineUS.com that some compromised sites associated with this exploit may include a warning, saying “this site may harm your computer” associated with their search results listing.

May 4

Beware of common online threats and be safe online

UK’s Get Safe Online campaign conducted a study on cybercrime and revealed the following result: to an internet fraudster, an identity is worth £80 and in 2008 the victim rate is raised to 23% compared to 15% in 2007.

It has become a must for every online user to be aware of cyber crimes and the safety measures to be adopted get rid of them. Here we have listed some of the common threats that are faced by most online users with solutions to avoid them.

The main focus of an internet fraudster is to find out personal details of online users, and use those details to gain access to bank accounts, run up bills, create false documents such as passports or birth certificates and carry out benefit fraud.

Generally, hackers send email messages in the name of a legitimate organization such as a bank, demanding the user to update their personal details for security. Remember, that a bank will not ask you to reveal your personal details on email. So don’t pay heed to such emails.

Many hi-tech criminals attract people by sending emails on current affairs or other attractive subjects with an attachment. The attachment could be a booby trap with a malicious program through which they can collect users’ personal details. Install an anti-virus program in your system and update it daily before opening your mail box to get rid of such viruses.

Sometimes, when you open a website, a popup window will appear and say that ‘you have just won a million dollars’ or ‘your computer is affected by a virus’. The message will ask you to click on the window which you should never do. If you click on the message, you will be taken to a website and asked to download a software likely spyware. Simply don’t respond to such popup windows. It is better to enable a plug-in to block unwanted popup windows.

Install a trusted anti-spyware program to safeguard your computer from spyware. As Microsoft’s Windows lacks security, security firms advice online users using Microsoft software to update it as soon as security fixes are available. Online users are advised to use non-Microsoft programs for web browsing.