Weekend Reading
Here’s some good news. Apparently, cyber criminals are using phishing attacks less to scam victims. The bad news is, they’re changing the methods they use, now favoring using compromised web sites to distribute their malicious wares.
Beware any CD’s or DVD’s you receive in the mail. The senders may not have your best intentions at heart.
Cybercriminals (especially Eastern European gangs) are apparently targeting small businesses more. This is bad news since small businesses don’t enjoy the same banking protections that individuals do. And the full breadth of the problem is not know since businesses tend to be less likely to report problems than individuals.
Apple has added malware detection to their latest version of Mac OS X, which is good news. Unfortunately, when it ships it only supports the ability to detect two trojans. One can only hope they update this ability quickly.
Interesting Links for the Weekend
The Firefox browser passes billion milestone
KeePass and Dropbox: Two Tools for Managing Your Electronic Life
Clampi virus targets companies’ financial accounts
Microsoft’s Emergency Patch Mess
Critical Update for Adobe Flash Player
America’s 10 most wanted botnets
Adobe Flash/Reader Flaws
It’s a good thing Adobe has announced plans to release a patch for critical holes in its Flash player next week, because attackers are actively exploiting it. You can protect yourself by using the Firefox browser with the NoScript addon, or by disabling Flash on your system.
Firefox 3.5.1
If you’ve been using Firefox 3.5 and are concerned about the reported vulnerabilities in it, you should download version 3.5.1 now.
Critical Firefox Vulnerability
The developers of the Firefox browser are warning of a critical vulnerability in the latest version of the browser, version 3.5. The vulnerability is in a component of the browser’s Javascript engine that could allow an attacker to remotely execute code on a user’s computer.
Mozilla further warned that a working exploit has been publically released, increasing the risk of attacks occurring in the wild.
The developers have provided instructions for disabling the vulnerable component of the browser in the security bulletin they released.