This month's Patch, Patch, and Patch Tuesday saw a whopping 14 fixes being issued by Microsoft for Internet Explorer, Excel and in Windows components such as XML Core Services, Vector Markup Language and Object Linking and Embedding automation, according to The Register.
Six of the nine bulletins were marked as "critical" and covered a total of eight flaws. The remaining six security holes were "important". Definitely a near record-breaking flaw month for Windows.
Faux Fox
The Register also tells us that Mozilla was certainly not free of its own problems this month. A security researcher discovered a flaw within Firefox that allows sinister beings to remotely suck up private and personal information stored in plug-ins.
It seems Firefox unwittingly specifies all variables and registered objects present inside javascript files and on runtime, and even allows the calling of certain functions.
This means hackers can scan all variables set in Firefox plug-ins from a distance and use an Ajax script to log that information on a server. From there it's easy-pickings and bye-bye identity.
FDF spells 'fun'
The spammers are at it again! I must give it to these guys - they just don't give up.
Their latest quest for successful inbox penetration includes the evolution of the now somewhat difficult to bypass PDF to Forms Data Format (FDF), which can successfully be opened by Acrobat or other PDF readers, according to Linux Security.
The good news is the amount of image spam is begging to wane, as filters seem to have the hang of blocking them pretty successfully by now. Bad news, however, according to Symantec, is that PDF spam is still on the increase, with a rise of 8% in July.
Playing the hacker
The spammers are at it again! I must give it to these guys - they just don't give up.
Ilva Pieterse, ITWeb contributor
After visiting the Defcon hacking conference last year, a professor of computer science at the City College of San Francisco thought it would be a good idea to spread the passion of hacking to his students, explains Security Focus.
The first course, called "Ethical Hacking and Network Defence", was a resounding success, professor Sam Bowne told attendees at Defcon this year.
"This is a good thing, because the students love it," Bowne said. "They learn the material and have fun at the same time."
Whistle while you hack?
Paying the price
Just when you thought it was safe to go back into the water...
Retail giant TJX recently announced it is taking a $118 million charge to pay for the costs and potential liability stemming from a prior incident, where 45.6 million credit and debit card details were lost to cybercrime, says Security Focus.
These charges turned what would have been a 31% gain in profit into a 14% decline. Now's a good time for you take your head out of the sand (if you haven't already), and up, up, up your security!
Share