SECURITY WARNINGS & Notices - Please post them here

[llariel]

Oracle Java SE and Java for Business are prone to a remote heap-based buffer-overflow vulnerability affecting the Java Runtime Environment (JRE).

Attackers can exploit this issue to execute arbitrary code within the context of the user invoking the JRE.

Versions prior to Java 5.0 Update 24 and Java 6.0 Update 19 are vulnerable.

http://url4.eu/3Xqok

[Chris Thomas]

Microsoft Confirms x64 Windows 7 Aero Vulnerability

Vulnerability in Canonical Display Driver Could Allow Remote Code Executio

http://www.microsoft.com/technet/security/advisory/2028859.mspx

 

[polonus]

Hi malware fighters,

Latetst threats: http://security.technosoftcorp.com/ss/ss_index.htm

pol

[polonus]

Hi malware fighters,

Already 44 PHP leaks found up: http://www.php-security.org/

pol

[polonus]

Hi malware fighters,

Notorious torrent site with malware: 3471018cfbd0f17899258e2b62a1dd61   2010-05-11   Eleonore Exploits pack   IE6   24/41 (58.54%)    TR/PSW.Zbot.185344.R    Blocked   UK   hxxp://91.216.3.108/ca1/index.php
See: http://support.clean-mx.de/clean-mx/viruses.php?domain=91.216.3.108&submit=query
Still malicious avast reports: hxtp://wepawet.cs.ucsb.edu/view.php?type=js&hash=3ebe99eb909fd7458dd245ccbc8c4615&t=1273536734 (do not click link, it is flagged for sign of JS:Pdfka-BT [Expl] has been found
Norton Safe Web gives it green, but that is false: This is a dangerous site,it is blocked on Blade,

polonus

[Hermite15]

not really a warning but worth noting:
Google turns on SSL encryption for search

http://www.theregister.co.uk/2010/05/21/google_search_ssl_encryption/



http://googleblog.blogspot.com/2010/05/search-more-securely-with-encrypted.html

A few notes to remember: Google will still maintain search data to improve your search quality and to provide better service. Searching over SSL doesn’t reduce the data sent to Google — it only hides that data from third parties who seek it.

[Hermite15]

Fake joke worm wriggles through Facebook
http://www.theregister.co.uk/2010/05/21/fake_joke_worm_facebook/

The malware, for now at least, does nothing more malicious than posting a message on an infected user's Facebook wall that point to a site called fbhole.com. Nonetheless, the speed of its spread on the social networking site has net security experts worried.

The message that the worm posts takes the form
:

Code: [Select]

try not to laugh xD http://www.fbhole. com/omg/allow.php?s=a&r=[random number]
Facebook gives users' names to advertisers
Violates own privacy policy
http://www.theregister.co.uk/2010/05/21/facebook_ads/
http://online.wsj.com/article/SB10001424052748704513104575256701215465596.html

[nmb]

Hi friends,

The fbhole.com attack ended in 15 seconds. Check out fsecure's weblog : http://www.f-secure.com/weblog/archives/00001955.html

nmb

[Hermite15]

Hi friends,

The fbhole.com attack ended in 15 seconds. Check out fsecure's weblog : http://www.f-secure.com/weblog/archives/00001955.html

nmb

LOL 

Updated to add: Domain fbhole.com shared an IP address with ironbrain.net [82.208.32.99]. Ironbrain.net hosted a website with references to Facebook but no obvious illegal content. While fbhole.com was registered with privacy protection, ironbrain.net had contact information in the WHOIS database, complete with a Czech phone number.

So I called the number.

The call went roughly like this:

– Hello?
– Hi. This is Mikko Hypponen from F-Secure Labs.
– What is this about?
– I'm looking for a person related to ironbrain.net.
–
– We're investigating a Facebook worm on fbhole.com. That domain shares an IP address with ironbrain.net which is registered under your name.
– And you are?
– I'm from an antivirus company. Are you related to ironbrain.net?
– I'll have to check… maybe my company is…
– Please do.
– Bye…
[Click]

About 15 seconds later, both fbhole.com and ironbrain.net went offline. The attack is over

.

[polonus]

Hi malware fighters,

New malware trend: http://blog.unmaskparasites.com/2010/05/22/malware-on-hijacked-subdomains-new-trend/

polonus

[Pondus]

IBM hands out malware-stuffed USB at security conference
http://www.theregister.co.uk/2010/05/21/ibm_usb_malware_snafu/

[Chris Thomas]

First human 'infected with computer virus'

A British scientist says he is the first man in the world to become infected with a computer virus

Is he a humanoid?

Not as terrible as I though

http://news.bbc.co.uk/2/hi/technology/10158517.stm

[llariel]

Facebook Apps hacked or exploited and is hosting HTML:Iframe-inf

Edit: I found this today and still active. Trying to connect twitter with Facebook via Facebook Apps. Google Chrome is giving alert, but the malware can be execute automatically by the server. avast is detecting & blocking it.

[Hermite15]

Facebook Apps hacked or exploited and is hosting HTML:Iframe-inf

more details may be?

[llariel]

Facebook Apps hacked or exploited and is hosting HTML:Iframe-inf

more details may be?

No info is available in the web so far, but I be notified by Google Chrome & avast