SECURITY WARNINGS & Notices - Please post them here

[Hermite15]

Apple QuickTime backdoor creates code-execution peril / Getting punked by 9-year-old parameter
http://www.theregister.co.uk/2010/08/30/apple_quicktime_critical_vuln/

Detailed Info here:
http://reversemode.com/index.php?option=com_content&task=view&id=69&Itemid=1
asyn

my quicktime install just got an automatic update, so may be it fixed that...

[polonus]

Hi malware fighters,

0-days will be found here during all of this month: http://www.exploit-db.com/

polonus

[Asyn]

Microsoft tool for DLL vulnerability interferes with some applications
http://www.h-online.com/open/news/item/Microsoft-tool-for-DLL-vulnerability-interferes-with-some-applications-1069540.html
asyn

Microsoft continues to workaround DLL vulnerability
http://blogs.technet.com/b/srd/archive/2010/08/31/an-update-on-the-dll-preloading-remote-attack-vector.aspx
asyn

[Pondus]

Hackers blind quantum cryptographers
http://www.nature.com/news/2010/100829/full/news.2010.436.html

Hacking commercial quantum cryptography systems by tailored bright illumination
http://www.nature.com/nphoton/journal/vaop/ncurrent/full/nphoton.2010.214.html



Number of vulnerabilities on the rise
http://www.norman.com/security_center/security_center_archive/2010/91886/en

[polonus]

Thanks Pondus,

Google Code removed 50 malware after being alerted they were on their servers: http://threatpost.com/en_us/blogs/google-code-discovered-serving-malware-090110

polonus

[DavidR]

It would be nice if they took a pro-active response to this type of thing, rather than a reactive response waiting for someone to tell them.

[polonus]

Hi DavidR,

A bit like a sort of Pontius Pilate comment by Google's, also seen from their official policy

"Google actively works to protect our users from malware. Using Google Code, or any of our products, for distribution or coordination of malware is a violation of our product policies, and we will remove any projects discovered to be used for these purposes," a Google spokesman responded in an e-mail message to Threatpost.com."

pol

[Hermite15]

MS probes mystery IE bug
http://www.theregister.co.uk/2010/09/06/mystery_ie_bug/

Microsoft is investigating reports of a new bug in Internet Explorer.

Redmond's Security Response Team (MSRT) said on Friday that it was aware of a "publicly disclosed issue involving Internet Explorer", and promised an investigation, without going into details.

Circumstantial evidence suggests Microsoft is referring to a post by security researcher Chris Evans, of Google, to a Full Disclosure mailing list on Friday, hours before MSRT's tweet.

"A nasty vulnerability exists in the latest Internet Explorer 8," Evans wrote. "I have been unsuccessful in persuading the vendor to issue a fix."

"The bug permits — for example — an arbitrary web site to force the victim to make tweets," he added.

http://twitter.com/msftsecresponse/status/22934606564

(see the article from the register to get the link to the full description, as I'd rather not post this link here)

[iRonzel]

1) Mozilla Patches Firefox DLL Load Hijacking Bug
2) Apple Plugs Safari Drive-by Download Security Holes
3) Facebook Apps Pump Out Mobile "Entertainment" Spam

[iRonzel]

Updated Android Trojan Pushed in SEO Attacks


http://threatpost.com/en_us/blogs/updated-android-trojan-gets-mob-backing-090810?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today's+Most+Popular

[Marc57]

Beware of Link: E-Mail Virus Plays Havoc With Internet

An e-mail virus swept through the Internet Thursday, snarling traffic and taking down servers at ABC, NASA, Comcast, and Google -- and possibly even affecting the Department of Homeland Security.


http://www.foxnews.com/scitech/2010/09/09/beware-link-e-mail-virus-plays-havoc-internet/?test=latestnews

[polonus]

Hi folks,

Hackers target and exploit Pirate bay's Adserver. Also big sites using OpenX were apparently being hacked: http://torrentfreak.com/hackers-target-and-exploit-pirate-bay-ad-server-100913/

pol

[Pondus]

Old vulnerability in Apple's QuickTime Player allows remote code execution for Windows systems (UPDATED)
http://www.norman.com/security_center/security_center_archive/2010/91862/en

About the security content of QuickTime 7.6.8
http://support.apple.com/kb/HT4339

[YoKenny]

Old vulnerability in Apple's QuickTime Player allows remote code execution for Windows systems (UPDATED)
http://www.norman.com/security_center/security_center_archive/2010/91862/en

About the security content of QuickTime 7.6.8
http://support.apple.com/kb/HT4339

Key statement

Update 16 September 2010
Apple has published QuickTime version 7.6.8. This update fixes the vulnerability mentioned above as well as another vulnerability in previous QuickTime versions.

I have version 7.68.75.0

[Pondus]

Update to Mozilla Firefox solves several critical vulnerabilities (UPDATED)
http://www.norman.com/security_center/security_center_archive/2010/91922/en