Security How-to In this age of brazen, warrantless wiretaps and never-endingdatabreaches, you'd think email encryption would be considered de rigueur. Alas, even among the digerati it's rarely given the time of day because encryption is seen as an exotic undertaking that brings more hassle than benefit.
AVG, the popular anti-virus package, has falsely identified Adobe Flash as potentially malicious. The snafu comes just days after AVG slapped a bogus Trojan warning on a core Windows component.
19:54 Sun plugs holes in StarOfficeTwo weeks after the OpenOffice.org team shipped patches for code execution flaws in office suite, Sun Micrososystems has followed up with a high-priority update for StarOffice, which is based on the open-source code.
Sun’s patch, available for Windows, Linux and Solaris, address highly-critical vulnerabilities that could expose users to arbitrary code execution attacks via specially crafted [...] >>>
During this months webcast we were able to address 12 questions in the time allotted. The questions were spread fairly evenly across both bulletins. We also fielded questions regarding the Exploitability Index and the MS08-067 form the October Out-of-Band Release.
Here is the link to the full Q&A so you can see all of the answers that were provided for these great questions:
As always, customers experiencing issues installing any of the updates this month should contact our Customer Service and Support group:
Customers in the U.S. and Canada can receive technical support from Microsoft Customer Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.
International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.
Thanks!
Al Brown
*This posting is provided "AS IS" with no warranties, and confers no rights.*
Games developer Valve worked with the FBI to set up a sting operation to capture a suspected hacker soon after source code for Half Life 2 leaked onto P2P networks in 2003.
A law criminalising denial of service attacks and the supply of hacking tools has been brought into force in England and Wales after a number of delays. The law was already in force in Scotland.
08:12 Security World: Visa sets global PCI DSS deadlinesVisa announced global mandates for compliance with the Payment Card Industry Data Security Standard (PCI DSS), creating a consistent framework for compliance among merchants, service providers and the... >>>
06:47 Pictures and George Ous commentsI just got some pictures from Tuesday that were taken by Secretary Chertoff’s photographer. If you look at my Mac Book Pro, you’ll see several stickers rather prominently displayed, but the most obvious one is “Hack Naked” from PauldotCom Security Weekly! I really wasn’t thinking about what I was carrying around, since the bag I [...] >>>
00:22 Apple fixes 12 Safari security flawsApple has release Safari 3.2 to fix at least a dozen security flaws, some very serious.
The update, available for Windows XP, Windows Vista and Mac OS X (Tiger and Leopard), address vulnerabilities that could be exploited to take full control of a compromised machine.
Some of the more serious flaws:
CVE-2008-1767: A heap buffer overflow issue [...] >>>
