Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Microsoft is planning eight security updates for Oct. 11

Add to del.icio.us     Digg this story Digg this    Get a great Linux dedicated server for less than $4 a day!

Share on Twitter

Oct. 8, 2011

Microsoft said late yesterday that it is planning no less than eight security patches for October 11, two of them critical, as part of its regular Patch Tuesday program.

The highlight of this patch is a critical update for Internet Explorer that affects all supported versions of Microsoft's web browser, including IE 9.

The second critical update covers flaws in Microsoft .NET Framework and Microsoft Silverlight that create a possible mechanism for miscreants to inject hostile code onto vulnerable systems.

The remaining six updates address lesser Windows vulnerabilities in Microsoft Forefront and Host Integration server.

All six of these updates are rated as "important" and not all of them apply to all configurations. "IT administrators will have to evaluate to what degree they affect their networks, servers and workstation," according to Wolfgang Kandek, CTO at security services firm Qualys.

As usual, more details on the security holes will emerge once Microsoft has published its patches on Tuesday.

In other internet security news

Over the past three to four years, Facebook has increasingly been the ultimate target of all kinds of nasty viruses and malware with the placement of links on its site that take you to websites infected with all kinds of malware program that will infect a visitor's computer.

Those links are placed by scammers and hackers that have nothing best to do with their time. And now the social site has recruited Websense to scan its vast social network for links to malicious sites.

Scammers are using Facebook as a means to drive traffic towards malware and exploit portals or internet scam sites. In response, Facebook has contracted with Websense for security technology that will soon analyse what's going on.

Cloud technology will assign a security classification to sites, presenting users with a warning if the location is considered dangerous.

A warning page will explain why a site might be considered malicious. Users can still proceed, but at their own risks. The approach is similar to Google Safe Browsing warning technology, which is integrated into Firefox and Chrome.

Previously, individual users had the option to add additional security filtering apps, such as Bitdefender Safego, to their profiles as a means to scan for potential spam and/or malicious links.

Facebook is now offering this type of technology by default as an extension of its previous relationship with Websense.

In other internet security news

The University of Sydney in Australia and technical publisher Elsevier said earlier this morning that they are holding their first official competitive hackathon for security students and professional software developers.

The Sydney Hackathon allows teams of up to five, a twenty-four hour time frame to develop an application to improve content delivery for scientific, technical and medical publisher Elsevier, publisher of The Lancet and SciVerse Science Direct.

"The hackathon is designed to encourage students and internet security professionals to build creative and innovative software applications for science, using data from open application program interfaces," said SUITS (Sydney Uni IT Society) president James Alexander.

The inaugural Sydney Hackathon is being held this weekend, and will offer cash prizes of up to $1500 AU to the winning team. What's more, competitors can even retain the official ownership of any intellectual property developed during the event.

Entrants have from 2.00 PM Saturday to develop an application of any kind as long as it's from Elsevier’s SciVerse and ScienceDirect platforms, which include over 10 million scientific publications from 2600 journals.

Application developers and security software designers, students from any University in Australia or full time programmers are invited to enter the hackathon.

In other internet security news

Over the past weekend, Oracle broke away from tradition with the publication of an unscheduled security patch. The security update addresses a DDoS (distributed denial of service) vulnerability in its Apache web server software.

This represents only the fifth time that Oracle has published a security update outside its quarterly patch schedule it began at the start of 2005.

The security patch provides an updated Apache web server and a new http daemon to Oracle's Fusion Middleware and Application Server products.

The former product includes Apache httpd 2.2. The latter includes Apache httpd 2.0.

The new security vulnerability is cataloged as CVE-2011-3192 and it creates a method to trick web clients into requesting multiple parts of the same file at the same time, causing systems to get hopelessly tied up in a loop and crash altogether.

The Apache Foundation addressed the same underlying byte-range flaw first with an 2.2.20 update at the end of August. Last week, it ironed out a few glitches in this bug fix with a further update, 2.2.21.

At this time, it isn't exactly clear which code base Oracle has used, although giving testing schedules and the like, the earlier patch seems more likely.

Whatever code base used, the database giant is emphatic that system admins need to apply the patch sooner rather than later.

"Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Security Alert fixes as soon as possible," it said in its advisory.

In other internet security news

According to internet security researchers in Romania, Android malware threats could increase by a factor of 60 by March 2012. It the threats happen, this could see the number of Android mobile malware samples increasing from 200 now to about 12,000 in six months from now. Many examples of Android malware involve the insertion of malicious code into legitimate apps before they are uploaded to third-party Android marketplaces.

During a demonstration on Sep. 13, BitDefender security researchers demonstrated that it was possible to easily perform such a task with just ten lines of base script code. In most cases, users can avoid becoming victims by reviewing the permissions that an item of software requests before agreeing to install an app.

For example, there is no legitimate reason why a so-called 'torch app' would need the ability to send SMS messages. "The trouble with permissions is that it ultimately falls down to user selection, discretion and interpretation," said Viorel Canja, head of anti-malware and anti-spam labs at BitDefender.

"It's a repeat of the same old issue over and over we've had on the desktop for so many years," added Canja.

"If Google locks down its applications, it risks losing developer interest, something that happened to Symbian before it. Android is not yet the new Windows for malware but it is going that way at the moment," he added. "So Google is a bit stuck between a rock and a hard place right now, but it will soon snap out of it" he said.

BitDefender is developing a mobile security application for Android. The product, currently in beta, includes remote wipe and a filter designed to allow users to easily review application permissions as well as malware detection features.

Under current plans, the software would be released free of charge to mobile uesrs but neither this or the release date for the software are confirmed. The application has been designed to minimise battery impact.

Competing security company G Data agreed with BitDefender's assessment that the rate of growth of mobile malware - which it said grew by an incredible 273 percent in the first half of 2011 alone - is only going to get a lot worse over the immediate future.

“With mobile malware, cyber criminals have discovered new ways to deliver more evil on unsuspecting users," said Eddy Willems, security specialist at G Data. "At the moment, the perpetrators mainly use backdoors, spy programs and expensive SMS services to harm their victims.

"Even though this special underground market segment is still being set up, we currently see an enormous risk potential here for mobile devices and their users. We are therefore expecting another huge spike of growth in the mobile malware sector in the second half of 2011, and with even more of that in the first half of next year."

The sophistication as well as the sheer number of malware strains targeting Android smartphones is increasing very rapidly, and this is really disturbing.

For example, Trusteer warned earlier this week over the appearance of a strain of the SpyEye banking Trojan that infected Android smartphones in order to intercept text messages that many financial institutions use to prevent fraud.

Add to del.icio.us     Digg this story Digg this    Get a great Linux dedicated server for less than $4 a day!

Share on Twitter

Source: Microsoft.

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

You can link to the Internet Security web site as much as you like.

















Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer






Click here to order your new fully dedicated Plesk server with the Linux operating system.


Get your Linux or Windows dedicated server today.


Click here to order your new fully dedicated Plesk server with the Linux operating system.