NOD32 and Virus News - General Security

Critical vulnerability in Adobe Reader and Acrobat - UPDATE AVAILABLE

news@nod32usa.com (Greg Hewitt-Long) — Fri, 20 Aug 2010 06:36:05 -0600

A critical vulnerability exists in Adobe Reader and Acrobat version 9.3.3 and earlier versions.

Critical is Adobe's highest vulnerability rating and could when exploited allow malicious native-code to execute, potentially without a user being aware.

This vulnerability was announced during the Black Hat conference in USA late July this year.

Adobe has announced an out-of-band security update available NOW.

How to update:
Continue reading "Critical vulnerability in Adobe Reader and Acrobat - UPDATE AVAILABLE"

100 million Facebook pages leaked on torrent site - Pt 1

news@nod32usa.com (Greg Hewitt-Long) — Wed, 28 Jul 2010 12:47:20 -0600

Who forgot their security settings, then ?

28 July, 2010
http://www.thinq.co.uk/2010/7/28/100-million-facebook-pages-leaked-torrent-site/

A directory containing personal details about more than 100 million Facebook users has surfaced on an Internet file-sharing site.
The 2.8GB torrent was compiled by hacker Ron Bowes of Skull Security, who created a web crawler program that harvested data on users contained in Facebook's open access directory, which lists all users who haven't bothered to change their privacy settings to make their pages unavailable to search engines.
Bowes' directory contains 171 million entries, relating to more than 100 million individual users - more than one in five of Facebook's recently trumpeted half billion user base.
The file contains user account names and a URL for each user's profile page, from which details such as addresses, dates of birth or phone numbers can be accessed. Accessing a user's page from the list will also enable you to click through to friends' profiles - even if those friends have made themselves non-searchable.
There's absolutely nothing illegal about what Bowes has done - the information is, after all, publicly available - but perhaps the existence of a stalker's online black book might finally persuade less security-minded Facebook users to get their arses in gear.

Continue reading "100 million Facebook pages leaked on torrent site - Pt 1"

100 million Facebook pages leaked on torrent site -- Who forgot their security settings, then ? PT2 - the scary part

news@nod32usa.com (Greg Hewitt-Long) — Wed, 28 Jul 2010 12:46:32 -0600

Perhaps the most important thing to remember about a social networking site is the word social. Despite the oxymoron of privacy settings on a social networking site, some people believe there is a level of privacy. This is a good example of two principals. First, you need to check your privacy settings on social networking sites and adjust them to the settings that best suit you. Second, you still dont put any information up that you dont want to be public.

When it comes to privacy and Facebook, in particular, you need to understand the thinking of the leadership of the company.

Continue reading "100 million Facebook pages leaked on torrent site -- Who forgot their security settings, then ? PT2 - the scary part"

iPads are susceptible to iPhone malware

news@nod32usa.com (Greg Hewitt-Long) — Fri, 25 Jun 2010 07:46:15 -0600

In an altogether un-surprising revelation, Panda Labs demonstrated in Orlando on the June 23, 2010 that a jailbroken iPad can be infected with malware, in just the same way that a similarly jailbroken iPhone can.

With mass-market appeal comes cyber-criminal attention of course, which is why PCs are targeted considerably more than Macintoshes.

"This doesn't mean we're about to face an avalanche of infections. We have always stated that as Apple increases its market share, cyber-crooks will begin to show more interest in targeting the platform," said Luis Corrons, technical director of PandaLabs. "However, we are certainly beginning to see more proofs of concept, and so advise all Mac users to follow the manufacturer's recommendations to maximize security on their operating systems."

So ...

Should iPad and iPhone users be afraid?
What's a "jailbroken" phone?
What is the real threat level here?

Continue reading "iPads are susceptible to iPhone malware"

Trouble-free updating of your ESET products

news@nod32usa.com (Greg Hewitt-Long) — Wed, 23 Jun 2010 06:52:27 -0600

There is some confusion over whether it is safe to install a new version of ESET Antivirus (NOD32) or ESET Smart Security over the top of an existing license.

Here is a guide to trouble-free installation of ESET antivirus or ESET Smart Security when you already have an ESET product installed...

How to install an upgrade to your ESET antivirus - or ESET Smart Security...

this includes:

upgrading from 2.7, 3.0, 4.0 etc to 4.2

changing from ESET antivirus to ESET Smart Security

installing a full licensed copy when you have the trial

Continue reading "Trouble-free updating of your ESET products"

'Tab napping' - a new online scam

news@nod32usa.com (Greg Hewitt-Long) — Thu, 10 Jun 2010 07:35:55 -0600

Watch out for this new online phishing scam which uses 'tab napping' to attack your computer - and your finances...

As internet users were all vulnerable to online scams. Unluckily for us, as soon as we become pretty good as spotting one type of attack, another more sophisticated version comes along in its place. In fact, technology company Mozilla - which developed the Firefox web browser - has recently warned against a possible threat from a new scam known as "tap napping" which takes phishing one step further.

What is tab napping?

Tab napping is essentially a new kind of phishing scam. Until now phishing has involved sending hoax emails in an attempt to steal your usernames, passwords and bank details. Often the sender will claim to be from your bank and will ask you to verify your bank details by clicking on a link contained in the email.

Continue reading "'Tab napping' - a new online scam"

Google "almost certain" to face prosecution

news@nod32usa.com (Greg Hewitt-Long) — Wed, 09 Jun 2010 13:08:04 -0600

Google is "almost certain" to face prosecution for collecting data from unsecured wi-fi networks, according to Privacy International (PI).

The search giant has been under increasing scrutiny for collecting wi-fi data as part of its StreetView project. In a recent article we published here, it was revealed that the Australian Government is to investigate possible criminal activity by the search giant for this same activity.

Google has already released an independent audit of the rogue code, which it has claimed was included in the StreetView software by mistake.
Continue reading "Google "almost certain" to face prosecution"

Google in hot water with Australian Governerment?

news@nod32usa.com (Greg Hewitt-Long) — Sun, 06 Jun 2010 11:09:33 -0600

According to a recently published BBC news article, the Australian Government has ordered a Google 'privacy breach' investigation!

This all relates to the recently publicized breach of privacy, where Google Streetview cars, working on the mapping of streets in cities around the globe, were gathering information from unsecured WiFi routers in their travels down our streets.

Continue reading "Google in hot water with Australian Governerment?"

Zero day exploit in Adobe Adobe Flash Player 10.0.45.2, Acrobate Reader and Acrobate 9

news@nod32usa.com (Greg Hewitt-Long) — Sun, 06 Jun 2010 07:30:24 -0600

Adobe has acknowledged a zero day exploit that is actively being used to exploit machines in the wild... a fix is being "scheduled" - we hope that it is forthcoming VERY SOON - ie, we hope that they're working on it round the clock!!

Links to exploit acknowledgment: Adobe.com Security / Advisories

So what can you do?

Continue reading "Zero day exploit in Adobe Adobe Flash Player 10.0.45.2, Acrobate Reader and Acrobate 9"

Another week, another facebook attack...

news@nod32usa.com (Greg Hewitt-Long) — Sun, 30 May 2010 13:09:50 -0600

The number of attacks on facebook users is definitely on the up.... and with the long weekend here in the US, we have another new one according to Websense.

This particular threat spreads through a supposed video - and it appears on your wall, after someone you know has been compromised - ie, your wall was accessible is someone you know was tricked into following the various infections steps... first of which was clicking the 'video link' - secondly, entering your facebook credentials when prompted by a popup - and then possibly to another page to download an 'FLV Video player' - which then downloads a trojan to your desktop computer - so the goal is first, get your facebook account, 2ndly, infect your home computer... double-whammy - and plenty of people have apparently fallen for this.

Continue reading "Another week, another facebook attack..."

Facebook to announce new Privacy settings today!

news@nod32usa.com (Greg Hewitt-Long) — Wed, 26 May 2010 11:41:33 -0600

Following the furor that began when recent changes to Facebook privacy lead to major privacy concerns from its users, journalists and even members of congress called more a more open approach to privacy from the Social media giant.

CEO Mark Zuckerberg will headline the event, which began at 10:30 a.m. PT. Stop back here for regular updates.
Continue reading "Facebook to announce new Privacy settings today!"

Facebook Privacy: 8 ways to tighten up your FB Privacy

news@nod32usa.com (Greg Hewitt-Long) — Tue, 25 May 2010 19:14:00 -0600

Original Article: Facebook Privacy - 8 ways to tighten up your privacy

You need to be aware, that the default facebook settings - are pretty much "share with everyone" - and I am reasonably sure you don't want to do that!
Continue reading "Facebook Privacy: 8 ways to tighten up your FB Privacy"

Take back control of your privacy - facebook included!

news@nod32usa.com (Greg Hewitt-Long) — Tue, 25 May 2010 11:56:00 -0600

By Greg Hewitt-Long

The Facebook privacy debacle isn't really so - it's merely a case of a misunderstanding! The problem is that you THOUGHT you had a right to privacy - and Facebook thought they had a right to sell information on everything they know about you...

It will get worked out - but in the upshot is - THEY DO OWN information about you - it's in their terms and conditions - and by signing up, you really did agree to them...

ARS Technica Article

Understanding the latest Facebook privacy train wreck

...

Continue reading "Take back control of your privacy - facebook included!"

CEO Mark Zuckerberg says Facebook fixing privacy tools

news@nod32usa.com (Greg Hewitt-Long) — Tue, 25 May 2010 06:11:45 -0600

By Jon Swartz, USA TODAY
SAN FRANCISCO Facebook, facing a backlash among a growing faction of its users, plans to soon simplify its privacy tools.

The disclosure, which came in an opinion piece by Facebook CEO Mark Zuckerberg, is the company's first direct response to increased concerns about its privacy policy and the personal information of its nearly 500 million users.

Facebook has been on a relentless quest this year to convert the vast mountains of data of its users into advertising revenue. And each time it does, it faces criticism.

The latest flap came in April, when Facebook announced new features that send user profile information in bulk to companies such as Microsoft, Yelp and Pandora. That prompted four U.S. senators led by Sen. Charles Schumer, D-N.Y. to demand Facebook pass along data only if users agree to it.
Continue reading "CEO Mark Zuckerberg says Facebook fixing privacy tools "

Google StreetView cars grabbed traffic from open WiFi networks

news@nod32usa.com (Greg Hewitt-Long) — Fri, 14 May 2010 22:42:17 -0600

By Jacqui Cheng

Google has admitted that it has been "mistakenly" collecting payload data from open WiFi networks as its Street View cars drove around taking pictures. The company said that it never used any information about who was using those networks and what sites they were visiting, but the company has nonetheless decided to completely stop collecting WiFi data from its Street View cars.
Continue reading "Google StreetView cars grabbed traffic from open WiFi networks"