The Twitter Blog reported last week that people are receiving emails which contain links to a phishing site asking you to enter your login details. I decided to check it out today and was surpised to see that the entire twitter interface has been converted to that of Facebook, which means that they are now getting ready for a Facebook phishing scam! Good news is that Internet Explorer (with Website Checking Enabled), Firefox 3 (Firefox 2 did not block the site) and Google Chrome all display big warnings.
When Google Chrome launched, everyone jumped to embrace the new browser. Unfortunately, each Google Chrome installation contains a unique ID that allowing identifying its user. I don’t know about you, but I don’t like anyone or anything tracking my usage, especially not a company as powerful as Google.
Protector Plus – Windows Vulnerability Scanner checks your system for Windows Vulnerabilities. It guides you to update with the right patch to make your system secure. This program is updated once a month to detect all the vulnerabilities discovered.
Last week, MakeUseOf reported more domains being stolen, all owned by Gmail users. Brandon from GeekCondition reported a proof of concept. However, Google has replied stating that Gmail has no vulnerabilities.
Long back, I covered a quick method of disabling User Access Control in Windows Vista via editing the registry. Registry editing is something for advanced users only. TweakUAC is a simple tool dedicated for this purpose.
If you’re looking to secure your WordPress wp-admin folder, then adding an additional layer of password protection goes a long way in helping this. You can either manually code the .htaccess file or get hold of the AskApache Password Protect Plugin to automate the process.
Less than a month after Trend Micro discovered Vista flaws being sold off for $50,000 in the underground market by hackers, VeriSign’s iDefense Labs has placed an $8,000 bounty on remote code execution holes in Windows Vista and Internet Explorer 7. This is part of its three-year old Vulnerability Contributor Program which compensates individuals who provide iDefense with advance notification of unpublished vulnerabilities and/or exploit code. 3Com’s Zero Day Initiative is a similar program.
Secunia reports that Piotr Bania has found a vulnerability in Adobe Reader, which can potentially be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to an unspecified error when processing PDF files. This can be exploited to cause a heap corruption and may allow execution of arbitrary code when a specially-crafted PDF file is opened.
I reported that Microsoft had planned to release Office Fixes today. It did release office fixes, but the zero-day bug in Word still remains unpatched. eWeek reports that four were pulled citing problems with the quality of the updates.