2008
Security Problem
To think of the new digital world with its great world girdling band of networks and data points as a jungle, a jungle filled with tigers, lions and bears, except instead of hungering to take a chunk out of you, these beasties want a chunk of your identity instead. Every other day it seems a major e-commerce store or company has its private user information compromised and in more pedestrian everyday ways, wallets gets stolen, credit cards get lifted and your personal information can be being traded and passed around the world a dozen times before you even know what’s going on.
Protecting you from the lions, tigers and bears of the great world girdling digital jungle is what Life Lock does best. When you sign on Life Lock, you get more than just peace of mind; you get real security that keeps tabs on your credit to make sure that no bank accounts is being opened or credit cards being taken out in your name. With LifeLock your good name is secure and your credit is protected.
Face it, the Windows XP code is reliable, practical, useful, secure and cost-effective. Most people, especially those in the business sector, simply don’t see the need to upgrade to Windows Vista. It’s no news that Windows XP Service Pack 3 is coming out soon. However, Microsoft may not have considered the effect XP SP3 may have on Vista sales. If a lot of users adopt XP SP3, they may be even less tempted to move on to Windows Vista, which is ultimately what Microsoft would like their customers to do. However, Microsoft may find that XP SP3 doesn’t have any effect on Vista sales at all. After all, those who want Windows Vista will upgrade to Windows Vista, no matter what XP offers. Those who want to stick with XP will stick with XP, and may not even upgrade to the latest service pack.
Yes, for quite some time, once you had a Facebook account, it wasn’t going anywhere. Now, fortunately for college students and people with no attention span everywhere, Facebook now allows said people to delete their Facebook accounts. This was in direct response to user complaints about not being able to delete their accounts, if desired. Even if users were able to delete their own accounts, there were no obvious directions on how to do that. Another reason that Facebook decided to allow users to delete their accounts was a reason that could have gotten Facebook sued if they did not address it: privacy. The “I didn’t actually make a Facebook” E-mails were really racking up in Facebook’s inbox, and Facebook sometimes made it all too easy for people to research intimate/private/personal details of users’ lives. At this point, deleting your account is just a help-page away. Facebook admins are considering adding a “delete account” button.
It would appear that running any of 600 add-ons in Mozilla Firefox opens up a terrible hole. When exploited, this hole allows a hacker to steal “session information, including session cookies and session history”. Mozilla promises a fix by February 5th, with the release of Firefox version 2.0.0.12. While Mozilla classifies this threat as a “high risk”, there is some controversy in the hacker world as to how bad this threat really is. According to a hacker, via “hiredhacker.com”, this isn’t as big a problem as people have made it out to be. However, it is certainly more serious than “leaking a few variables”, and should definitely be patched as soon as possible.
Microsoft Corp. will change how users activate Windows XP when Service Pack 3 launches in the first half of 2008, a company white paper said. New installations of Windows XP SP3 will give users the same 30-day grace period currently offered to Windows Vista customers before they’re required to enter a product activation key, the 25-character code that proves the copy is legitimate. “As in Windows Server 2003 SP2 and Windows Vista, users can now complete operating system installation without providing a product key during a full, integrated installation of Windows XP SP3,” the Microsoft paper stated. “The operating system will prompt the user for a product key later as part of Genuine Advantage.” With earlier editions of Windows XP, users must enter the activation key during the installation process itself; failing to do so, or using an invalid key, would result in the installation being blocked. The white paper, however, noted that the change does not apply to existing Windows XP installations upgraded to SP3. Those copies, which have presumably passed the activation stage previously, will not request the key again, Microsoft said.
HP has fixed flaws in a patch-management program bundled with its computers, printers and other hardware that could be used by hackers to ‘brick’ HP or Compaq PCs. In an alert sent to customers who subscribe to its security warning service, HP said users should run Software Update to patch the flaws disclosed last week by a Polish researcher known only by his alias, ‘porkythepig’. A pair of bugs in the update service’s ActiveX control can be used to execute remote code or gain additional access rights, porkythepig said then. He also posted proof-of-concept exploit code that showed how to use one of the vulnerabilities to overwrite and corrupt crucial Windows’ system files, an attack that would leave any affected PC unbootable. That would essentially ‘brick’ the system, since many HP and Compaq PCs do not include a restore CD or DVD, but instead place operating system and application restore files on the hard drive. HP’s advisory on Friday instructed users to run Software Update on any machine that has the application, even if the update service is never used. Running Update presumably disables the flawed ActiveX control by fixing the Windows registry.
Researchers from Google have documented serious vulnerabilities in Adobe Flash content which leave tens of thousands of websites susceptible to attacks that steal the personal details of visitors. The security bugs reside in Flash applets, the ubiquitous building blocks for movies and graphics that animate sites across the web. Also known as SWF files, they are vulnerable to attacks in which malicious strings are injected into the legitimate code through a technique known as cross-site scripting, or XSS. Currently there are no patches for the vulnerabilities, which are found in sites operated by financial institutions, government agencies and other organizations. “Lots of people are vulnerable, and right now there are no protections available other than to remove those SWFs and wait for the authoring tools and/or Flash player to be updated,” says Alex Stamos, an author of the Hacking Exposed Web 2.0 book. “In the mean time, people will have to think: ‘What kind of flash am I using on my site,’ and manually test for vulnerabilities.”
Apple has shipped a major Security Update 2007-009 (10.4.11 Universal), recommended for all Mac OS X v10.4.11 and Mac OS X v10.5.1 users. This update corrects multiple critical flaws and improves the security of many Mac OS apps. Those wanting to know more about the updates may click 