>> UPDATES <<

[TedNelly]

Spybot Search and Destroy Update March 5, 2008

Ad-aware 2007 Definitions File 0057.0000
Ad-aware SE referencefile SE1R225 05.03.2008

Sandboxie 3.24
Sandboxie Homepage
Sandboxie Installer 3.24 (Windows 2000, XP, 2003, Vista; 32-bit)

Kiwi CatTools 3.3.5 
Kiwi Enterprises

Baku 3.4.2986.22435
Pmcc

TeraCopy 2.0 Beta 3
Code Sector Inc.

Cobian Backup 9.0.0.123 Beta
Luis Cobian

Flock 1.1
Download Flock 1.1
Flock Team

Malwarebytes Anti-Malware 1.07
Malwarebytes

ShellMenuView 1.03
Download ShellMenuView 1.03
NirSoft

CurrPorts 1.33
Download CurrPorts 1.33
NirSoft

[Lisandro]

Sorry, wrong post. Update already posted before.

[Lisandro]

Link200 3.2.0.5 has been released.
For more details, visit: http://fileforum.betanews.com/detail/Link200/1134685242/1

[essexboy]

Great IE8, perhaps I can completely side step IE7

Still a few kinks in it but it can easily be set to appear as IE7 but with all the added IE8 bits - just press 1 button restart IE and to any website it is IE7

[FreewheelinFrank]

Does it run on Linux?

(I'll get me coat.)

[DavidR]

Great IE8, perhaps I can completely side step IE7

Still a few kinks in it but it can easily be set to appear as IE7 but with all the added IE8 bits - just press 1 button restart IE and to any website it is IE7

I'm still running IE6 as I can't really see the point in upgrading toIE7 when I don't use IE (extreme circumstances only). Since IE6 still has security updates, I couldn't see the point. The notification about yet another version of IE makes me further wonder about the point of upgrading to IE7. So depending on time frames I may completely skip IE7.

[Lisandro]

Spybot Search and Destroy Detection Updates 2008-03-05 has been released.
For more details, visit: http://fileforum.betanews.com/detail/Spybot_Search_and_Destroy_Detection_Updates/1058994310/1

[drhayden1]

Belarc Advisor - Free Personal PC Audit (Version 7.2x)
The Belarc Advisor builds a detailed profile of your installed software and hardware, missing Microsoft hotfixes, anti-virus status, CIS (Center for Internet Security) benchmarks, and displays the results in your Web browser. All of your PC profile information is kept private on your PC and is not sent to any web server.
http://www.belarc.com/free_download.html

v.1.4.9.5 noscript update for firefox
http://noscript.net/changelog
http://noscript.net/getit

[Lisandro]

AI RoboForm 6.9.88 has been released.
For more details, visit: http://fileforum.betanews.com/detail/AI_RoboForm/1014298205/1

For Linux testers:
Ubuntu 8.04 LTS (Hardy Heron) Alpha 6 has been released.
For more details, visit: http://fileforum.betanews.com/detail/Ubuntu/1097960777/1

[FreewheelinFrank]

Sun released an update today to cover numerous vulnerabilities within the JDK/JRE.

The following vulnerabilities were reported as patched:

    * Two security vulnerabilities in the Java Runtime Environment Virtual Machine may independently allow an untrusted application or applet that is downloaded from a website to elevate its privileges.  For example, the application or applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application or applet. (CVE-2008-1185, CVE-2008-1186)
    * A security vulnerability in the Java Runtime Environment (JRE) with the processing of XSLT transformations may allow an untrusted applet or application that is downloaded from a website to elevate its privileges.  For example, an applet may read certain unauthorized URL resources (such as some files and web pages) or potentially execute arbitrary code.  This vulnerability may also be exploited to create a Denial-of-Service (DoS) condition by causing the JRE to crash. (CVE-2008-1187)
    * Three buffer overflow vulnerabilities in Java Web Start may independently allow an untrusted Java Web Start application that is downloaded from a website to elevate its privileges.  For example, an untrusted Java Web Start application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1188, CVE-2008-1189)
    * A vulnerability in Java Web Start may allow an untrusted Java Web Start application to elevate its privileges.  For example, an application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1190)
    * A vulnerability in Java Web Start may allow an untrusted Java Web Start application to create files on the system that the untrusted application runs on and leverage these files to run local applications with the privileges of the user running the untrusted Java Web Start application. (CVE-2008-1191)
    * A security vulnerability in the Java Plug-in may allow an applet that is downloaded from a website to bypass the same origin policy and leverage this flaw to execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-1192)
    * A vulnerability in the Java Runtime Environment image parsing library may allow an untrusted application or applet that is downloaded from a website to elevate its privileges.  For example, the application or applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application or applet. (CVE-2008-1193)
    * Two vulnerabilities in the color management library may allow an untrusted applet or application to cause the Java RuntimeEnvironment to crash, which is a type of Denial of Service (DoS). (CVE-2008-1194)
    * A vulnerability in the Java Runtime Environment may allow JavaScript code that is downloaded by a browser to make connections to network services on the system that the browser runs on, through Java APIs.  This may allow files (that are accessible through these network services) or vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2008-1195)
    * A buffer overflow vulnerability in Java Web Start may allow an untrusted Java Web Start application that is downloaded from a website to elevate its privileges. For example, an untrusted Java Web Start application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1196)

Affected Versions:

    * JDK and JRE 6 Update 5
    * JDK and JRE 5.0 Update 15
    * SDK and JRE 1.4.2_17
    * SDK and JRE 1.3.1_22

EDIT: The affected versions are one-previous to these, and as oldman pointed out, the fix has been out for a week.

Obviously some of these are very serious issues and I expect that we will see some great proof of concept code shortly that I will also talk about here.

http://blogs.zdnet.com/security/?p=933

[FreewheelinFrank]

For Linux testers:
Ubuntu 8.04 LTS (Hardy Heron) Alpha 6 has been released.
For more details, visit: http://fileforum.betanews.com/detail/Ubuntu/1097960777/1

If the Kernel loads but the LiveCD then stalls, it could be that the kernel is unable to access the CD-ROM.

https://wiki.ubuntu.com/HardyHeron/Alpha6#head-6425b5f828abebab8e9e935e576149bb09f4a3d5

This is happening on my computer. 

[bob3160]

Sun released an update today to cover numerous vulnerabilities within the JDK/JRE.

http://www.java.com/en/download/windows_xpi.jsp?locale=en&host=www.java.com:80

[oldman]

* JDK and JRE 6 Update 5 has been out for the better part of a week. The article was dated Mar 07. Is update 5 the vulnerable one or update 4?

Affected Versions:

    * JDK and JRE 6 Update 5
    * JDK and JRE 5.0 Update 15
    * SDK and JRE 1.4.2_17
    * SDK and JRE 1.3.1_22

[bob3160]

Update 5 is the latest one out. 

[oldman]

Update 5 is the latest one out. 

Yes, but the "affected versions" in FWF make it seem like it has problems. I just checked the Sun site and update 5 is the last.