SECURITY WARNINGS & Notices - Please post them here

[CharleyO]

***

Internet Founder Berners-Lee: CISPA a Threat to Privacy Rights

A must read ...

Tim Berners-Lee, the man credited with inventing the Internet and a staunch advocate for a free and open Web, is the latest to wade into the fray, telling the British publication The Guardian that CISPA not only puts U.S. citizens at risk, but also people around the world.

The legislation “is threatening the rights of people in America, and effectively rights everywhere, because what happens in America tends to affect people all over the world,” Berners-Lee said in the interview. “Even though the SOPA and PIPA acts were stopped by huge public outcry, it’s staggering how quickly the U.S. government has come back with a new, different threat to the rights of its citizens.”

Berners-Lee’s comments came as part of a larger discussion about similar legislation being proposed by the British government. Both proposals represented a dangerous expansion of government surveillance capabilities that threaten the basic human rights of citizens, he said.

http://www.eweek.com/c/a/Security/Internet-Founder-BernersLee-CISPA-a-Threat-to-Privacy-Rights-436464/?kc=EWKNLEDP04202012D


***

[Asyn]

Internet Founder Berners-Lee: CISPA a Threat to Privacy Rights

More here: http://forum.avast.com/index.php?topic=66267.msg776837#msg776837

CISPA Petition: https://secure.avaaz.org/en/stop_cispa/

[Pondus]

Malware Learns to Avoid Web-Based Anti-Virus
http://blogs.norman.com/2012/for-consumption/malware-learns-to-avoid-web-based-anti-virus



Using a VPN Doesn’t Mean Your Information Is Safe When You Travel
http://blogs.norman.com/2012/security-exposed/using-a-vpn-doesnt-mean-your-information-is-safe-when-you-travel

[Asyn.B]

FBI seizes US anonymisation server
http://www.h-online.com/security/news/item/FBI-seizes-US-anonymisation-server-1544886.html

[bob10000]

FBI seizes US anonymisation server
http://www.h-online.com/security/news/item/FBI-seizes-US-anonymisation-server-1544886.html

Asyn is being anonymous and so am I. 

[Asyn.B]

FBI seizes US anonymisation server
http://www.h-online.com/security/news/item/FBI-seizes-US-anonymisation-server-1544886.html

Asyn is being anonymous and so am I. 

Well, I'm not really anonymous with just adding a ".B" to my name.
Anyway, a nice avatar Bob.

[Asyn]

WordPress fixes file upload security problems
http://www.h-online.com/security/news/item/WordPress-fixes-file-upload-security-problems-1545416.html
http://wordpress.org/news/2012/04/wordpress-3-3-2/

[CharleyO]

***

Russian Security Firm Says Flashback Botnet Is Not Shrinking

Contrary to recent reports, the worldwide botnet of Macs infected with the Flashback malware has remained relatively steady in size, the Russian security vendor Dr. Web said over the weekend.
 
Dr. Web discovered the botnet -- which it calls BackDoor.Flashback.39 -- on April 4. It claims that more than 817,000 bots have connected to the botnet thus far, and that an average of 550,000 infected machines are interacting with a command-and-control server each day.
 
New infected machines that have not yet been registered in the botnet -- and which cannot yet be tracked -- are joining every day, according to Dr. Web.
 
Dr. Web's latest findings contradict those of Symantec and Kaspersky Lab, which earlier this month reported that the Flashback botnet had shrunk to less than half its peak size of 650,000 infected machines due to Apple's work with Internet service providers to take down command-and-control servers and the release of malware removal tools from third parties.

http://www.crn.com/news/security/232900794/russian-security-firm-says-flashback-botnet-is-not-shrinking.htm;jsessionid=MFnY1U++W2e06EL0spmQkw**.ecappj03?cid=nl_sec


***

[REDACTED]

Beware of dangerous Trojan in spam


http://news.drweb.com/show/?i=2406&lng=en&c=5

[REDACTED]

Doctor Web analyzes objects downloaded by BackDoor.Flashback onto infected Macs


http://news.drweb.com/show/?i=2410&lng=en&c=5

[Asyn]

Online forums hacked and misused on a large scale
http://www.h-online.com/security/news/item/Online-forums-hacked-and-misused-on-a-large-scale-1558917.html

[Asyn]

E-Mail, Source Code From VMWare Bubbles Up From Compromised Chinese Firm
http://threatpost.com/en_us/blogs/e-mail-source-code-vmware-bubble-compromised-chinese-firm-042412
http://blogs.vmware.com/security/2012/04/vmware-security-note.html

[Pondus]

Four Doomsday Scenarios for Internet-Enabled Toasters
http://blogs.norman.com/2012/for-consumption/four-doomsday-scenarios-for-internet-enabled-toasters


TV-based botnets? DoS attacks on your fridge? More plausible than you think
http://arstechnica.com/business/news/2012/04/tv-based-botnets-ddos-attacks-on-your-fridge-more-plausible-than-you-think.ars

[Pondus]

Kaspersky: Apple security is like Microsoft's in 2002
http://www.theregister.co.uk/2012/05/02/kaspersky_apple_flashback_microsoft/

Dr. Web disputes Flashback Mac Trojan bot army estimates
http://www.theregister.co.uk/2012/04/25/flashback_mac_trojan_update/

[CharleyO]

***

VMware Releases Expedited Patches For ESX Source Code Leak

VMware on Thursday released security patches for products it says could face heightened risk due to last month's ESX server hypervisor source code leak.

The patches address five "critical security issues" in VMware's Workstation, Player, ESXi and ESX products, the Palo Alto, Calif.-based vendor said in a security bulletin. All five vulnerabilities could enable an attacker to execute code on the host; two require root or administrator level permissions and two do not.

http://www.crn.com/news/data-center/232901420/vmware-releases-expedited-patches-for-esx-source-code-leak.htm;jsessionid=vLil9xCQLdS2fQYplc8r6A**.ecappj01?cid=nl_crn


***