Well the patch Tuesday event from Microsoft has come and gone again with
9 critical and 3 important patches. Anyone who hasn't done so yet should
go get patched. The Department Of Homeland Security is
pitching one of the patches. Has that ever happened before?
AOL
goofed recently giving up 658,000 er cough cough
anonymous users' search data. Apology is kind of lame but I think that is what the big boys call doing damage control.
StopBadware.org and partner Google have announced that...
We're entering a new phase here at StopBadware.org. Google -- which is one of our partners -- is now presenting people with a warning before they visit websites that have been reported to StopBadware.org as sites that distribute badware.
Well I haven't been able to trip the warning but I guess they are still working out the mechanics of the whole thing. Anyway the warning page is supposed to
look something like this. There is a free Firefox extension or Internet Explorer plugin that I use that does prettty much the same thing called
McAfee Site Advisor. It also works with Firefox on Linux as well as Windows.
Recently a couple security experts
demonstrated wireless device driver flaws on the often
touted as more secure by default Mac platform.
During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers -- mainly because Apple had not fixed the problem yet. Maynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in Macbook drivers. But he also admitted that the same flaws were resident in the default Macbook wireless device drivers, and that those drivers were identically exploitable. And that is what I reported.
I wonder how Linux wireless device drivers stack up against this exploit? My guess would be not much differently.
Last thing for this post I'll just call the
scum of the week. It is a sort of interesting malware that employs a little social engineering to get people to install it by encouraging them to do something they ought not be doing anyway.
Of course, the program is a complete scam - run it, and you get a fake message telling you that "AOL has fixed the vulnerability". What they don't tell you, is that they also dropped a boatload of goodies - well, nasties - in your System32 folder. Those files will rip the top of your PC off and scream at you in a scary, THIS IS BROKE kind of fashion.
If they do install it... Well it does them and they no doubt are turned into spam and ad spewing legions of keystroke logged zombies or something. Keep an eye out and do not download or install
The AIM Screen Name Hacker.
