Windows users should pull up Windows Update today. Microsoft just released 6 patches for the 15 vulnerabilities found in a variety of Windows programs such as Internet Explorer, Outlook Express, Windows Mail and Windows Vista.
BBC News also gave a tip that the second Tuesday of every month is the date on which Microsoft typically issues security patches for its software programs.
Good news for Web designers and Web developers! Apple has announced the availability of its Web browser, Safari in Windows XP and Windows Vista operating systems.
Safari 3 for Windows XP and Windows Vista is in its public beta stages.
Reasons why you’ll love Safari:
Visit the Safari home page for more details.
Download the beta version from the Safari download page (around 8 MB).
SecurityFocus recently reported that the number of page views garnered by fraudulent sites climbed by a factor of five in March and April, fueled by a phishing scheme targeting MySpace users.
According to the report:
The attack used a modification to the style sheet of a user’s profile to place a transparent image over the page, causing a click on a link — or anywhere else on the page — to redirect the visitor to a fake MySpace login page…
While a MySpace account does not have any intrinsic monetary value, phishers had come up with ways to monetize this attack… We observed hijacked accounts being used to spread bulletin board spam for some advertising revenue. -Colin Whittaker of Google’s Anti-Phishing Team
I was browsing through a couple of Web sites earlier to check for software updates when suddenly, a word struck me- ASCII. ASCII is simply a character encoding based on the English alphabet. When graphical representations are made out of it, ASCII art is produced. I remembered a film I watched a year ago entitled, BBS: The Documentary by Jason Scott Sadofsky. It’s an 8-episode documentary about the subculture born from the creation of the BBS and there was a portion where the ANSI Art Scene was featured. I realized back then that computer graphics became widespread not when the first version of Photoshop or CorelDraw arrived, but during the 1970’s, when telegraphers had lesser workload (specifically on Christmas day). They would pass ASCII art to their fellow telegraphers as a form of leisure. Nowadays, we rarely see ASCII art except in text files associated with cracks and warez groups.
I read an interesting story in one article of 2600: The Hacker Quarterly a while ago. The author, who goes by the name Xyzzy narrated his experience about the security holes he came across at Time Warner Cable.
It all began when a schedule was set to fix intermittent downtime on Xyzzy’s cable Internet connection. To his amazement, the technician sat down at his laptop and started checking if his connection is already fixed. Apparently, the technician used a Web browser and opened a URL that’s exclusively used by his company. He then logged on to the page (using his username and password) to check his customer’s status. Afterwards, he closed the browser window and confirmed that the connection was already fixed.
Secunia reported 2 security advisories yesterday regarding vulnerable components (DLL) in the Yahoo! Messenger instant messaging program. Secunia rated these vulnerabilities as extremely critical. In response, Yahoo! has released an emergency patch today.
- A boundary error within the Yahoo! Webcam Upload (ywcupl.dll) ActiveX control can be exploited to cause a stack-based buffer overflow by assigning an overly long string to the “Server” property and then calling the “Send()” method.
- A boundary error within the Yahoo! Webcam Viewer (ywcvwr.dll) ActiveX control can be exploited to cause a stack-based buffer overflow by assigning an overly long string to the “Server” property and then calling the “Receive()” method.
Successful exploitation of the vulnerabilities allows execution of arbitrary code.
The vulnerabilities are confirmed in version 8.1.0.249. Other versions may also be affected.
Update to the latest version.
Current Version: 8.1.0.401
Yahoo! Messenger Download Page
by Andy Budd, Andy Clarke, Ian Lloyd, Cameron Adams, Rob Weychert, Ethan Marcotte, Dan Rubin, Jeff Croft, Mark Boulton, Simon Collison, Derek Featherstone
