SECURITY WARNINGS & Notices - Please post them here

[Asyn]

ZoneAlarm scares users with "virus alert"
http://www.h-online.com/security/news/item/ZoneAlarm-scares-users-with-virus-alert-1082474.html
asyn

[bob3160]

I know you've been on vacation Asyn and we discussed that subject while you where enjoying yourself. 
http://forum.avast.com/index.php?topic=64019.0

[Asyn]

I know you've been on vacation Asyn and we discussed that subject while you where enjoying yourself. 

Thanks for the hint, Bob - sorry for being late..!
asyn

[Pondus]

ZoneAlarm slammed for scarewarey marketing ( Warning! Er, buy this anti-virus )
http://www.theregister.co.uk/2010/09/20/zonealarm_scareware_flap/

Check Point defends ZoneAlarm scareware-style warning ( 'We didn't want to scare anybody' )
http://www.theregister.co.uk/2010/09/21/zonealarm_defends_controversial_malware_warning/

Check Point kills scareware-style pop-up campaign ( Waves white flag )
http://www.theregister.co.uk/2010/09/21/check_point_pop_up_row_climb_down/

[DavidR]

Nothing like shooting yourself in the (public relations) foot.

[Lisandro]

It's deeply lamentable the attitude of ZA.

[Hermite15]

agreed, these are almost rogue-like methods

[Marc57]

Twitter Hack Activates Pop-Ups, Sends Some to Porn Sites

DEVELOPING: Hackers exploited a security flaw on the popular micro-blogging site Twitter, retweeting malicious code, activating pop-ups, and even exposing users to an unwanted sight: hard-core pornography.

As of 9:50 a.m. EST, a post to Twitter's status blog said that the security flaw had been fixed, simply stating "The exploit is fully patched." This confirms what a spokesperson for the company told popular tech news site Mashable ten minutes later: “It should now be fully patched and is no longer exploitable.”


http://www.foxnews.com/scitech/2010/09/21/twitter-mouseover-security-flaw-porn/

[Hermite15]

yeah about this new twitter hack, use a twitter client until you are a hundred percent sure that the issue has been fixed, clients like tweetdeck etc...are not affected, ie hovering over a hacked tweet in a client won't have any effect, like in does from the web (original twitter in browser) interface.

[Asyn]

Twitter Hack Activates Pop-Ups, Sends Some to Porn Sites

Users wishing to protect themselves should either disable JavaScript or install an extension such as NoScript to selectively block JavaScript on a per site basis.

More info for the interested...:
http://www.securelist.com/en/blog/2297/Live_Twitter_XSS
http://www.sophos.com/blogs/gc/g/2010/09/21/twitter-onmouseover-security-flaw-widely-exploited/
http://status.twitter.com/post/1161435117/xss-attack-identified-and-patched
asyn

[polonus]

Hi Asyn,

Users of GoogleChrome can use NotScript extension for GoogleChrome to do something similar,

polonus

[mkis]

How to protect yourself from Facebook Places

http://www.sophos.com/blogs/gc/g/2010/09/17/protect-facebook-places/

[spg SCOTT]

EMI Music servers hacked:
http://blog.unmaskparasites.com/2010/09/25/emi-server-hacked/

It would appear that avast! catches the redirect:
http://www.virustotal.com/file-scan/report.html?id=b361fdbff12cf314aea988161a5fa132516c06d5bf89a843e5aa74f43a427df1-1285526196
(txt.file with the iframe in it)

Would be nice to know if the network shield detects...

[Hermite15]

they say the issue is "solved now", but still:

Malicious Links on Twitter

A malicious link is making the rounds that will post a tweet to your account when clicked on. Twitter has disabled the link, and is currently resolving the issue.

UPDATE Sun Sep 26 18:41:49 UTC 2010: We’ve fixed the exploit and are in the process of removing the offending Tweets.

http://status.twitter.com/post/1192873885/malicious-links-on-twitter

they need to take care of the exploit, not just disable links ...but I guess they're on it.
http://twitter.com/twitter/statuses/25615345589

[Marc57]

Computer Worm Affects Computers at Iran's First Nuclear Power Station

TEHRAN, Iran -- A complex computer worm capable of seizing control of industrial plants has affected the personal computers of staff working at Iran's first nuclear power station weeks before the facility is to go online, the official news agency reported Sunday.


http://www.foxnews.com/world/2010/09/26/worm-affects-computers-irans-nuclear-power-station/