"And, there will not be any graphical advertisements in Windows Live Mail at this time." {emphasis added}So, if not "at this time", when and what kind of graphical advertiesments can we expect to find in Windows Live Mail?
"Mozilla Corp. will issue the last security update for its open-source Firefox 1.5 browser today. It will include an automatic update mechanism to give users the option of upgrading to Firefox 2.0.
"The upgrade offer will be enabled within in a few weeks," said Mozilla in a blog on its developer center.
The long-anticipated end to Firefox 1.5 support was originally slated for April 24, but last month, Mozilla pushed back the drop-dead date, saying it needed more time to craft the automatic updater. When Mozilla triggers what it has called "major updates," users will be offered an in-place upgrade to Firefox 2.0, which they can decline if they wish. Users can also permanently suppress the upgrade message so it never appears again.
Today's Firefox 1.5.0.12 will be the final security patch for the 18-month-old browser. Also due for delivery is Firefox 2.0.0.4. Both, Mozilla said, are "standard stability and security updates."
Firefox 2.0.0.4 will be posted here, while Firefox 1.5.0.12 will be available from this page of the Mozilla site. A list of the vulnerabilities patched by both updates will be posted sometime after 2.0.0.4 and 1.5.0.12 go live.
In related news, the Alpha 5 preview of the next Firefox, Version 3.0, will be available for download Friday. Mozilla has pegged Firefox 3.0's final code release for sometime this year."
The image above is a resized version of an original image by Daniel Wood ©2004. See his complete photo essay entitled "Fallen Heroes".
ValueClick cuts ties with the WinFixer GroupThere has been no official notice yet but it looks like ValueClick has severed it's ties with the WinFixer Group.
I have checked quite a few of the links that I had previously mentioned [1] [2] [3] and they now no longer redirect to "adfarm.mediaplex.com".
1. More malware
2. TightVNC
3. WinRAR
As reported by Sunbelt researchers, this thing is designed to steal data and results from Virus Total yield very thin coverage. You've been warned!"Guidelines on safe browsingThere is no doubt when reviewing the analytics of my blogs that Google search is without a doubt the most widely used. As a result, the more security aware Google staff, the better for us. One helpful feature is the identification of sites that may install malicious software on your computer through the use of the annotation, "This site may harm your computer.", followed by a large warning if the link is clicked.
First and foremost, enable automatic updates for your operating system as well your browsers, browser plugins and other applications you are using. Automatic updates ensure that your computer receives the latest security patches as they are published. We also recommend that you run an anti-virus engine that checks network traffic and files on your computer for known malware and abnormal behavior. If you want to be really sure that your system does not become permanently compromised, you might even want to run your browser in a virtual machine, which you can revert to a clean snapshot after every browsing session.
Webmasters can learn more about cleaning, and most importantly, keeping their sites secure at StopBadware.org's Tips for Cleaning and Securing a Website."
| WinPatrol | ||
| Features | Free | PLUS |
|---|---|---|
| Detect and Review New Auto-Startup Programs | Yes | Yes |
| Automatically Disable Reoccuring Startup Programs | Yes | Yes |
| Monitor BHO's and IE Tool Bars | Yes | Yes |
| Monitor Creation of Scheduled Tasks | Yes | Yes |
| Display and Kill Multiple Running Tasks | Yes | Yes |
| Monitor, Stop and Control Window Services | Yes | Yes |
| Manage and Automatically Remove Unwanted Cookies | Yes | Yes |
| Monitor IE Home and Search pages | Yes | Yes |
| Monitor and Edit HOST File | Yes | Yes |
| Detect and Lock Changes to File Type Associations | Yes | Yes |
| Detect and View Newly Created Hidden Files | Yes | Yes |
| Track Date/Time when programs are first detected on your system | Yes | Yes |
| Delay Auto-Startup programs for quick bootup | Yes | Yes |
| WinPatrol PLUS | ||
| Premium Access to WinPatrol PLUS Knowledgebase (24/7) | No | Yes |
| Real-time Infiltration Detection without slowing you down | No | Yes |
| Detect newly created Undocumented or HIDDEN Registry Startup Keys | No | Yes |
| Support future WinPatrol Research and Development | No | Yes |
"But looking at media players such as Quicktime and WinAMP, then the figures are more worrying, as 26.96% of all WinAMP 5 installations miss important security updates and 33,14% of all Quicktime 7 installations are outdated."Consider the effect of 33.14% of Quicktime 7 outdated in conjunction with the report by Joris Evers, Cybercrooks add QuickTime, WinZip flaws to arsenal providing a warning by Symantec that security holes in QuickTime and WinZip are being exploited by sites appearing to be trusted financial institutions. Instead, they are using the vulnerabilities to attempt to silently install keystroke-logging software.
{Snip}
"This constitutes a significant problem because many of those applications, like WinAMP and Quicktime, are readily used whenever users encounter media files of various kinds. Most people wouldn't hesitate to open an .mpg, .jpg, .mov, or .mp3 file from any source if it seems the least bit interesting and relevant. It's easy to embed a movie in your homepage, for example, and all it takes is one unpatched Quicktime vulnerability and a provocative video title to compromise a lot of visitors."
"Symantec discovered the attacks when one of the PCs that it uses as bait was breached earlier this week.What can you do to avoid such exploits? First, of course, make sure you use the phishing filter in your browser. Visit Microsoft Updates to ensure you have all the latest security updates. Then, head on over to Secunia to check for other out of date software on your computer. There is a link is on the left side-bar. Go ahead, check it out."This compromise was especially interesting, because the site made use of a QuickTime vulnerability discovered in January 2007 and a WinZip vulnerability discovered in November 2006," Symantec said. "Before our analysis, it was not known that these issues were being exploited in the wild."
QuickTime is Apple's widely used media player software, WinZip is a popular tool for compressing and decompressing files."
"Use this form to submit a complaint to the Federal Trade Commission (FTC) Bureau of Consumer Protection about a particular company or organization. This form also may be used to submit a complaint to the FTC concerning media violence. The information you provide is up to you. However, if you do not provide your name or other information, it may be impossible for us to refer, respond to, or investigate your complaint or request. To learn how we use the information you provide, please read our Privacy Policy.
While the FTC does not resolve individual consumer problems, your complaint helps us investigate fraud, and can lead to law enforcement action. The FTC enters Internet, telemarketing, identity theft and other fraud-related complaints into Consumer Sentinel®, a secure, online database available to hundreds of civil and criminal law enforcement agencies worldwide.
We use secure socket layer (SSL) encryption to protect the transmission of the information you submit to us when you use our secure online forms. The information you provide to us is stored securely."
". . .one of the reasons certification from West Coast Labs and the ICSA is considered significant is that their testing methodologies reflect malware threats “out in the wild.” Testing in this manner provides an accurate indication of how security products perform against real world threats."
Windows OneCare is Windows Vista compatible on 32-Bit systems.
References:
Windows Live OneCare - Home
Windows OneCare - Blog
information about security enhancements in Windows Vista and how Microsoft used the Security Development Lifecycle to increase the security of the Windows operating system.Too much to handle right now? No problem. The references have been bookmarked for you to find later in Vista Security Features under "Security-Related Topics".
User Account Control, System Integrity Team, Anti-Malware Team, BitLocker™ Drive Encryption, SmartCard Infrastructure, Windows Authentication Team, Network Access Protection
And That's All She Wrote!I can finally explain. Last fall, I competed with other Microsoft MVP's in a BlogRocker contest. The post linked above was made the day after the contest ended.
Regarding Bits from Bill: Vista Countdown:There was a purpose behind the madness. Some day I may explain but can assure you there is no Starbucks across the street from me."Like me, most of my Blogger friends took it easy this long weekend. I know I had more than my share of turkey and cranberry sauce. There was one exception. I can only guess they opened up a new Starbucks across the street from Corinne at the Security Garden. She’s been writing like crazy and has lots of news to share."
When my son was young, he would frequently tell me that he was going to stay with me "forever and ever and ever." I would suggest that when he grew up, he would want to have his own home. He would always reply in the negative, repeating that he was going to stay with me "forever and ever and ever.""They also asked us to no longer detect their software even if installed without user consent by this trojan horse, to post a public apology in this place after removing any other reference to their name, delete any correspondence from and to Spybot-S&D users who had been this trojan, stop helping further Spybot-S&D users that get infected with this trojan."read more | digg story
"The release is for users worldwide and works with the latest version of Apple iTunes to correct an issue that caused some iPods to become corrupted when ejecting them using Windows Explorer or the "Safely Remove Hardware" function in the System Tray.References:The long and short of it is this: Apple and Windows have partnered together to ensure a great experience in using Windows Vista with iTunes and the iPod, and both companies recommend you download this update."
"Welcome to customers of Windows Live Mail (desktop), and welcome to customers who are considering a migration from Outlook Express 6 and/or Windows Mail (Vista). Your client support team has built this site so we can keep you aware of late-breaking announcements, ask for your assistance when we're troubleshooting emerging issues, and finally request feedback on various issues involving the client."Help and support for Windows Live Mail is available by submitting a Support Incident.
"It is easy to be complacent when traveling. And, unfortunately, there are plenty of people out there willing to take advantage of this fact. By taking a few extra moments to think about what needs to be protected, take inventory of your technology rich possessions, and take the extra time to protect your data, you will ensure a more worry-free travel experience."See the complete article, chock full of suggestions to protect both personal and business data, at Gonzo's Garage - Computers and One-Liners: Security Tips To Keep You Safe While Traveling.
On Tuesday, 8 May 2007, Microsoft is planning to release updates affecting Microsoft Windows, Office, Exchange, CAPICOM and BizTalk.
Of important note, there has been no change since the update provided recently with regard to Security Advisory 935964. (See Update on Microsoft Security Advisory 925964, including consolidated list of update links.)
Microsoft Windows Malicious Software Removal Tool
Non-security High Priority updates on MU, WU, WSUS and SUS
The Rochester Regional Cyber, Security and Ethics Initiative is a unique non-profit partnership between the Rochester Institute of Technology (RIT), numerous area school districts, the Diocese of Rochester Department of Catholic Schools, other higher education institutions and private schools, and regional offices of three national organizations, including:
- The National Center for Missing and Exploited Children (NCMEC)
- Information Systems Security Association (ISSA) Rochester Chapter
- InfraGard Member Alliance (IMA of Rochester), a program of the Federal Bureau of Investigation (FBI).
The mission of the Initiative is to improve cyber safety, security and ethics at the K-12 level, as well as for teachers, parents, employers and other members of the community."
"Cerulean Studios Trillian Multiple IRC VulnerabilitiesI. BACKGROUND
Cerulean Studios Trillian is a multi-protocol chat application that supports IRC, ICQ, AIM and MSN protocols. More information can be found on the vendor's site at the following URL. http://www.ceruleanstudios.com/learn/
II. DESCRIPTION
Remote exploitation of multiple vulnerabilities in the Internet Relay Chat (IRC) module of Cerulean Studios' Trillian could allow for the interception of private conversations or execution of code as the currently logged on user.
When handling long CTCP PING messages containing UTF-8 characters, it is possible to cause the Trillian IRC client to return a malformed response to the server. This malformed response is truncated and is missing the terminating newline character. This could allow the next line sent to the server to be improperly sent to an attacker.
When a user highlights a URL in an IRC message window Trillian copies the data to an internal buffer. If the URL contains a long string of UTF-8 characters, it is possible to overflow a heap based buffer corrupting memory in a way that could allow for code execution.
A heap overflow can be triggered remotely when the Trillian IRC module receives a message that contains a font face HTML tag with the face attribute set to a long UTF-8 string.
III. ANALYSIS
Exploitation of this vulnerability allows remote attackers to intercept private communications for Trillian IRC users or execute code with the credentials of the currently logged on user.
In order to exploit the highlighted URL vulnerability, users would have to highlight the malicious URL.
IV. DETECTION
iDefense has confirmed the existence of this vulnerability in Cerulean Studios Trillian 3.1.
V. WORKAROUND
iDefense is currently unaware of any effective workaround for this issue.
VI. VENDOR RESPONSE
Cerulean Studios has addressed these vulnerabilities within version 3.1.5.0 of Trillian. For more information, visit their blog at the following URL.
http://blog.ceruleanstudios.com/"
