Borrowing a page from engineers at Microsoft and Google, Adobe is adding the a so-called sandbox feature to Adobe Reader for Windows operating systems. The protected mode will run by default to force the document reader to run in a highly restricted environment that prevents the underlying PC from carrying out sensitive functions. Installing and deleting files, modifying the system registry and launching other programs will no longer be possible under most circumstances.
Click here to find out more!

“The idea is to run the application with lower rights so that even if a bad guy figures out how to take over a process, they can’t do much with it,” Brad Arkin, Adobe’s senior director of product security and privacy, told El Reg. “The benefit to our customers is it adds another layer of defense so that even if there is a vulnerability that someone is able to exploit, the impact of that attack is diminished.”

Read more »

The Munich-based engineering company on Thursday began distributing Sysclean, a malware scanner made by Trend Micro. It has been updated to remove Stuxnet, a worm that spreads by exploiting two separate vulnerabilities in Siemens’s SCADA, or supervisory control and data acquisition, software and every supported version of Microsoft Windows.

“As each plant is individually configured, we cannot rule out the possibility that removing the virus may affect your plant in some way,” Siemens warned. The company also advised customers to keep the scanner updated because “there are currently some new derivative versions of the original virus around.”

Read more »

A noted vulnerability researcher confirmed that such attacks are possible.

In the revised security advisory, Microsoft acknowledged the new attack vector.

“An attacker could also set up a malicious Web site or a remote network share and place the malicious components on this remote location,” the company said in the advisory. “When the user browses the website using a Web browser such as Internet Explorer or a file manager such as Windows Explorer, Windows will attempt to load the icon of the shortcut file, and the malicious binary will be invoked.”

Read more »

Dell on Wednesday said that some replacement motherboards for PowerEdge servers may have contained the W32.Spybot worm in flash storage. The malware issue affected a limited number of replacement motherboards in four servers, the PowerEdge R310, PowerEdge R410, PowerEdge R510 and PowerEdge T410 models, the company said.

“There was a sequence of human errors that led to the issue, That being said, we have identified and implemented 16 additional process steps to make sure this doesn’t happen again,” said Dell spokesman Jim Hahn.

Hahn did not provide additional details on the steps being added to track and resolve such issues. But he said that all affected motherboards had been removed from the service supply chain. Current antivirus software with updated signatures would flag the malware’s presence and users would have to be running an unpatched version of Windows 2008 or an earlier version of the OS.

View the full report »

The Best Practices Act, introduced by Representative Bobby Rush, an Illinois Democrat, would require websites to get opt-in permission before sharing commonly collected consumer data with partners such as advertising networks, payment processors and Web analytics firms, said Mike Zaneis, vice president for public policy at the Interactive Advertising Bureau.

“The Internet is nothing but a series of third-party relationships,” Zaneis told the House Energy and Commerce Committee’s subcommittee on commerce, trade and consumer protection. “Virtually every website requires third-party data sharing.”

The bill would also allow consumers to opt out of any data collection, and Zaneis suggested that would be unworkable for many online businesses. “I think it’s impossible to take information out of the information age,” he said. “If you do that, you’re going to get less relevant advertising, and less relevant advertising, by definition, is spam.”

View the full report »

Google’s application to run Google.cn for another year looked like it was going to be denied by the Chinese government, who decided that simply redirecting all Google.cn users to an unfiltered search site in Hong Kong wasn’t acceptable. Perhaps they found it a bit too clever and easy for Google.

Now Google has replaced the search box on Google.cn with a picture of a search box, which when clicked on takes the user to Google.hk.com adding another click between a Chinese citizen and unfiltered search results.

That seems to have satisfied the Chinese authorities — and saved them some face — at least for the time being.

It’s a testament to the power of Google that it can get away with what is really a shameless charade.

The problem is neither side is totally committed to their stated positions. The whole thing started when Google got hacked, letting an intruder get to source code and information on Chinese human rights activists.

View the full article »

The Russian security firm’s widely used Internet Security 2011 package labelled the revamped news site as a phishing risk, warning users against visiting it. The Auntie-blocking behaviour extended across a wide range of BBC sites, not just the flagship news site, until Kaspersky pulled the dodgy update late on Wednesday. In the interim surfers were confronted with the following unhelpful message:

http://www.bbc.co.uk is used to steal passwords, credit card numbers and other confidential data. Access denied

In an statement, Kaspersky apologised for the false positive, which it blamed on dodgy data from a third-party phishing blocklist supplier. It promised to improve its testing procedures to prevent a repetition of the incident.

Read more »

The add-on — known as, um, Mozilla Sniffer — was uploaded to the Firefox add-on site on June 6, and the malicious code was discovered on Monday, after which the add-on was block-listed. This means netizens who installed the add-on will be prompted to remove it. Mozilla also says that, yes, anyone who has installed the add-on should change their web passwords tout de suite.

“If a user installs this add-on and submits a login form with a password field, all form data will be submitted to a remote location,” Mozilla said in a blog post, before adding that the remote server charged with collecting passwords appeared to be down.

According to Mozilla, the Sniffer was downloaded about 1,800 times, and as of Tuesday, there were 334 active users.

Read more »

The patches include fixes for three critical flaws affecting virtually every supported version of the company’s Database Server technology.

They were released as part of Oracle’s scheduled quarterly Critical Patch Updates, and included a total of 28 fixes for remotely exploitable vulnerabilities, which it considers to be a critically important flaw because it allows for systems to be exploited over the network without the need for a username or password.

Of the 59 patches announced today, 13 are for security problems in Oracle’s suite of database technologies. Three are critical because they address particularly dangerous flaws in all Oracle database server versions, said Josh Shaul, director of product management at Application Security, a New York-based security vendor.

One of the flaws, CVE-2010-0902, allows any user who is authenticated to an Oracle database to gain complete administrative control of it. “They can view the database, modify it, or shut down the database server. They can essentially become a database administrator,” Shaul said.

View the full report »

I’m not sure where Turner got his data — the COO sourced his comments as “one of the last surveys that I saw in the marketplace” — but I’d guess it was Danish security research firm Secunia’s Half Year Report for 2010, which ranked Apple No. 1, Oracle No. 2, and Microsoft No. 3 in its list of the top 10 sources of software vulnerabilities. Not surprisingly, a close read of that report yields some data points that didn’t make it into Turner’s speech.

First, Apple’s ascendancy to the top of the reported vulnerabilities list isn’t really news. Measured by MITRE’s list of Common Vulnerabilities and Exposures, Apple has surpassed Microsoft in vulnerabilities for at least the last four years, but has only recently overtaken software giant Oracle, which takes the rap for vulnerabilities across a broad portfolio, including BEA and Sun products. In fact, Microsoft’s ranking has held steady at No. 3 since mid-2006 — which may be due to the company’s embrace of SDL (secure development lifecycle) in the last five years.

So how might Apple’s top rank be bad news for Microsoft? As the Secunia report points out, the discovery of software vulnerabilities correlates closely with the popularity of the platform itself. In other words, researchers and hackers are finding more holes in Apple’s operating system and applications because they’re paying more attention to an increasingly successful platform.

Read more »