SECURITY WARNINGS & Notices - Please post them here

[Chris Thomas]

LastPass Security Notification
http://blog.lastpass.com/2011/05/lastpass-security-notification.html

We noticed an issue yesterday and wanted to alert you to it. As a precaution, we're also forcing you to change your master password.

yeah and now their forums are down, not their main site though.
New blog notification here:
http://blog.lastpass.com/2011/05/lastpass-security-notification.html

LOL, i kinda cannot log in, it seems they changed my password

[Pondus]

Coming soon to a Mac near you: serious malware

more on MacMalware...

FakeAV for Mac 
http://isc.sans.edu/diary/More+on+MAC+OSX+Malware+-+MACDefender+Fake+Antivirus/10813
http://www.macrumors.com/2011/05/02/new-macdefender-malware-threat-for-mac-os-x/
http://www.norman.com/security_center/security_center_archive/2011/cybercriminals_focus_on_new_targets/en-us

[Gargamel360]

Nobody Beats Aaron's, Nobody!  a fact helped by them pre-installing spyware on their customers laptops?
http://www.consumeraffairs.com/news04/2011/05/suit-aaron-s-rent-to-own-spies-on-customers.html

If you happen to own a laptop from Aaron's, maybe someone is watching you right now 

[Asyn]

Third attack against Sony planned
http://news.cnet.com/8301-31021_3-20060227-260.html

[Asyn]

Scammers Swap Google Images for Malware
http://krebsonsecurity.com/2011/05/scammers-swap-google-images-for-malware/
http://isc.sans.edu/diary/More%2Bon%2BGoogle%2Bimage%2Bpoisoning/10822

[Asyn]

Update for BIND server patches DoS hole
https://www.isc.org/software/bind
https://www.isc.org/CVE-2011-1907

[SafeSurf]

Slack Bank Practice Creates Opportunity for Phone Phishing Scams:
http://www.theregister.co.uk/2011/05/05/bank_practices_open_door_to_phone_phishing/

This doesn't have to be from a bank, it can be from any type of business.

[Dwarden]

Unpatched DLL bugs let hackers exploit Windows 7 and IE9, says researcher
http://www.computerworld.com/s/article/9216483/Unpatched_DLL_bugs_let_hackers_exploit_Windows_7_and_IE9_says_researcher

i hope MS nails this before or with the next monthly update

[Asyn]

Security update for Check Point for SSL-VPN clients
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk62410

[Asyn]

i hope MS nails this before or with the next monthly update

No, not now.
https://www.microsoft.com/technet/security/bulletin/ms11-may.mspx

[Asyn]

Critical hole in the Exim Mail server closed
http://www.h-online.com/security/news/item/Critical-hole-in-the-Exim-Mail-server-closed-1239543.html

[Asyn]

PlayStation Network & Qriocity services turned off
http://blog.eu.playstation.com/2011/04/23/update-on-playstation-network-qriocity-services/

Update: http://anonops.blogspot.com/2011/04/we-didnt-do-it-sony-incompetent.html
Update: http://blog.eu.playstation.com/2011/04/24/latest-update-for-psnqriocity-services/

Update on PSN Service Outages
http://faq.en.playstation.com/cgi-bin/scee_gb.cfg/php/enduser/std_adp.php?locale=en_GB&p_faqid=5593

Q&A #1 for PlayStation Network and Qriocity Services
http://blog.us.playstation.com/2011/04/27/qa-1-for-playstation-network-and-qriocity-services/

Attack on the PlayStation Network: what customers should now watch out for
http://www.h-online.com/security/news/item/Attack-on-the-PlayStation-Network-what-customers-should-now-watch-out-for-1233905.html

Another 25 million Sony users compromised
http://www.h-online.com/security/news/item/Another-25-million-Sony-users-compromised-1236397.html
http://www.soe.com/securityupdate/pressrelease.vm

Sony delays PSN reopening
http://blog.us.playstation.com/2011/05/06/service-restoration-update/

[Hermite15]

Fake certificate attack targets Facebook users in Syria
http://www.theregister.co.uk/2011/05/06/syria_fake_certificate_facebook_attack/

A man-in-the-middle attack is being run against users of the secure version of Facebook in Syria, the Electronic Frontier Foundation (EFF) warns.

The semi-professional attack against the HTTPS version of the Facebook site relies on a digital certificate unsigned by any Certificate Authority and probable re-routing of traffic by the Syrian Telecom Ministry. The ongoing attack has been detected against multiple Syrian ISPs.

[Lisandro]

Fake certificate attack targets Facebook users in Syria
http://www.theregister.co.uk/2011/05/06/syria_fake_certificate_facebook_attack/

A man-in-the-middle attack is being run against users of the secure version of Facebook in Syria, the Electronic Frontier Foundation (EFF) warns.

The semi-professional attack against the HTTPS version of the Facebook site relies on a digital certificate unsigned by any Certificate Authority and probable re-routing of traffic by the Syrian Telecom Ministry. The ongoing attack has been detected against multiple Syrian ISPs.

Who is the CA (Certificate Authority) behind the htpps of Facebook?

Edited: found "some" answer.
This is very much an amateur attempt at attacking Facebook's HTTPS site. The certificate was not signed by a Certificate Authority that was trusted by users' web browsers. Unfortunately, Certificate Authorities are under the direct or indirect control of numerous governments, and many governments therefore have the capability to perform versions of this attack that do not raise any errors or warnings.
https://www.eff.org/deeplinks/2011/05/syrian-man-middle-against-facebook

[romar]

Hi,

I have the paid versions of both Avast and MalwareBytes on my desktop.

Almost with out exception every time I open my browser and visit a site I get an Malwarebytes error message about being blocked and showing the following in the error message - avastsvc.exe. 

It makes no difference whether I just open a blank browser or Google or some other site.

These are both great programs - why can't they work together?

It is getting extremely tiresome!

Thanks,
Bob