The developers of the Firefox browser are rushing to develop a fix for a critical vulnerability just discovered that could let an attacker execute code on your system if you visit sites with the exploit on them. The vulnerability affects Firefox versions on Windows, Mac, and Linux.  NoScript, a plugin every Firefox user should have, can protect against this vulnerability. A patch for the vulnerability should be ready in the new release scheduled for April 1.

Scary! Your personal information is even easier to get now, Brian Krebs reports.

Data such as your Social Security number, mother’s maiden name and credit card balance are not as difficult for ID thieves to find as most people think. Security Fix spent the past week testing services offered by two Web sites that sell access to a wealth of information on consumers. For a payment of $3 each, I was able to find full Social Security numbers on four of the volunteers, as well as their most recent street addresses and birthdays. Another set of three $3 payments allowed me to gather the mother’s maiden name (MMN) on half of the volunteers.

With April 1st quickly approaching, there has been quite a bit of media coverage of the Conficker worm that is scheduled to do something on that date. According to F-Secure you shouldn’t worry, too much, though.

Q: I heard something really bad is going to happen on the Internet on April 1st! Will it?
A: No, not really.

Q: Seriously, the Conficker worm is going to do something bad on April 1st, right?
A: The Conficker aka Downadup worm is going to change it’s operation a bit, but that’s unlikely to cause anything visible on April 1st.

Q: I just checked, and my Windows machine is clean. Is something going to happen to me on April 1st?
A: No.

Q: Now I’m worried. How do I know if I’m infected?
A: Try to surf to www.f-secure.com. If you can’t reach our website you might be infected, as Downadup/Conficker blocks access to security vendor’s websites. Don’t tell anybody, but users who can’t access f-secure.com because of this can surf to www.fsecure.com instead.

CNet News has  is another good writeup on the Conficker worm.

There’s been lots of hype about the fact that the latest variant of the Conficker worm is set to start communicating with other computers on the Internet on April 1–like an April Fool’s Day time bomb with some mysterious payload. But security researchers say the reality is probably going to be more like what happened when the clocks on the world’s computers turned to January 1, 2000, after lots of dire predictions about the so-called millennium bug. That is, not much at all.

If you accept or process credit cards, the Society of Payment Security Professionals has released a Wireless FAQ addressing some of PCI compliance and wireless networks. This FAQ is applicable even if you don’t use wireless networks, since you still have to scan for roque wireless access points on your network.

Scareware, malicious software that would pop up alarming messages scaring users into buying useless software, is now changing into ransomware. This new malware will encrypt files on your computer and will decrypt them for a “fee.”

FireEye describes Vundo as a “generic Trojan” that sends a popup to Web users. In this case, however, Vundo is “pushing a piece of malware that encrypts various personal file types (.pdf, .doc, .jpg, etc.) on your system, and ‘coincidentally’ pushes a program called FileFix Pro 2009, which would decrypt them — for a fee.”

Defense against this type of malware is much the same as for any other. Keep your anti-virus software and operating system patches up-to-date, don’t surf suspicious web sites, and use security plugins in your browser to make your browsing experience safer.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.