On today's Buzz Out Loud, Jason confesses his noob security mistake, Consumer Reports wants the world to know they STILL don't recommend the iPhone 4. Plus, Mark Zuckerberg's Hollywood moment isn't going to be as fun as he hoped, and we predict the MPAA will go nuclear if rumors of a permanent HDCP crack are true.Subscribe: iTunes (MP3) | iTunes (320x180) | iTunes (640x360) | RSS (MP3) | RSS (320x180) | RSS (640x360)… Read more
Consumers and businesses in Great Britain have lost more than $1 million so far this summer from a Trojan that is infecting their computers, prompting them to log into their bank accounts, and then is surreptitiously transferring money to scammers in other countries, security researchers said on Tuesday.
About 3,000 bank accounts were found to be compromised at one financial institution, which was not identified, according to a white paper released by M86 Security.
The multilevel scheme uses a combination of a new version of the Zeus keylogger and password stealer Trojan, which targets Windows-based computers and runs on … Read more
The new browser security flaw in iPhones, iPods, and iPads could be more dangerous than initially suspected.
The vulnerability comes from the way the jailbreak software, released on Sunday, uses the mobile Safari browser instead of requiring that the device be connected to a computer. Jailbreaking the phone allows it to run apps not approved by Apple. But this flaw could be used to launch an exploit if the user were to surf to a Web site hosting a malicious PDF, giving unrestricted access to the device.
"The same PDF exploit used to jailbreak the device could also be … Read more
On today's show, Intel's FTC antitrust settlement, Darren Kitchen explains the iOS vulnerability that makes all your devices belong to PDF, and the feds admit they're storing some of your checkpoint body scan images ... for ... some reason. Yuck. Also, Facebook for Android finally comes into the modern age. Phew.Subscribe: iTunes (MP3) | iTunes (320x180) | iTunes (640x360) | RSS (MP3) | RSS (320x180) | RSS (640x360)… Read more
The autofill option in Apple's Safari browser can expose personal data without the user's consent, a security researcher reported on Wednesday. It remains unclear as to whether the problem affects Safari specifically or all WebKit-based browsers, which include Google Chrome. It's recommended that Safari and Chrome users disable the autofill feature immediately, until further notice.
Jeremiah Grossman, the chief technical officer of WhiteHat Security, documented the exploit in a blog post on Wednesday, saying that it affects both the current version of Safari, version 5, and the legacy version, Safari 4. He said that the exploit is … Read more
Adobe Reader will soon have an additional layer of protection against the many attacks that target the popular PDF viewer.
Adobe Systems is borrowing a page from Microsoft's and Google's playbook by turning to sandboxing technology designed to isolate code from other parts of the computer.
Adobe is adding a "Protected Mode" to the next release of Adobe Reader for Windows due out some time this year, said Brad Arkin, director of product security and privacy at Adobe. The feature will be enabled by default and included in Adobe Reader browser plug-ins for all the major … Read more
Malicious hackers were found to be exploiting a hole on Tuesday affecting Windows XP that a Google researcher disclosed last week before Microsoft had a chance to fix it, the software giant confirmed.
There was "limited exploitation" of the unpatched vulnerability, Jerry Bryant, group manager for response communications at Microsoft, said in an e-mail statement. The exploits have been taken down from the Web, but Bryant said he expects there to be further attacks "given the public disclosure of full details of the issue."
"We want to reiterate that customers using Windows 2000, Windows Vista, … Read more
The update of Flash Player 10.x will support Windows, Macintosh, and Linux, while the date for the release of a Solaris version is still to be determined, Adobe said late Monday. Meanwhile, the Adobe Reader and Acrobat update to come in three weeks will support Windows, Mac, and Unix.
An unpatched hole in Java was being exploited to target visitors to a song lyrics Web site and more attacks are likely, researchers warned on Wednesday.
The flaw in Java Web Start, disclosed last week by several security researchers, affects Windows systems running Firefox and Internet Explorer, said Roger Thompson, AVG chief research officer. He said he couldn't get it to work on Chrome though, despite reports that it does.
Thompson found exploit code for both the Java hole and one in Adobe Reader on servers in Russia that was triggered by computers visiting English-language site Songlyrics.com. The … Read more
Microsoft issued an emergency security update on Tuesday to plug 10 holes in Internet Explorer, including a critical vulnerability that has been exploited in attacks in the wild.
The cumulative update, which Microsoft announced on Monday, resolves nine privately reported flaws and one that was publicly disclosed. The most severe vulnerabilities could lead to remote code execution and a complete takeover of the computer if a user were to view a malicious Web site using IE, Microsoft said in the bulletin summary.
Users of IE8 and Windows 7 are not vulnerable to the flaw being used in specific attacks, according … Read more