I have heard it said over and over again, buy a MAC and you won't have security issues. Well, time catches up and we are seeing hackers taking advantage of vulnerabilities in Apple software. Recently we were made aware that versions 4 and 5 of Apple's Safari browser have a critical vulnerability. It has to do with a form fill feature that can reveal personal information about the user. Last week Jeremiah Grossman wrote about this on his blog. There is a way to prevent your identity from being revealed. You can Go to Preferences > AutoFill > AutoFill web forms and uncheck “Using info from my Address Book card”.

Jeremiah Grossman addresses this in detail on his blog and offers a video on how to correct this issue.

Apple has not addressed this vulnerability to date.  Welcome to the real world Apple users.

Adobe recently announced what should be a vast improvement in its popular Adobe Reader. With its next release they will be employing "sandboxing" which effectively puts a shell around the software protecting it from being injected with code from malicious hackers. This move by Adobe has been long overdue seeing as the reader program has been one of the leading vehicles for hackers to inject code that can infect end-users when they happen upon a malicious PDF file.

I have been speaking out about this vulnerability for over a year now and imploring people to use alternatives such as the free Foxit Reader, which also take up miniscule amounts of overhead in comparison to Adobe, but have also had attempts to inject code in it as well.

Now we will have to wait and see how effective this measure is, but it is definitely is a positive step in ...

read more

If you use iTunes on a Windows based PC, Apple has released a new version to fix a critical security flaw in their popular software. My suggestion is that based on the recent breach in security where an application developer was possibly stealing user ID and password credentials, you go to their website and download it today. Version 9.2.1 is the most current version. you can visit their download page here:

Apple iTunes Download

Just got done reading this article this morning and it got my attention. PC vulnerabilities are increasing exponentially compared to last year. It is only July and we have gotten to 90% of where we were at this time last year. Which means there will most likely be twice as many as last year. 

Many of these vulnerabilities are coming from third party software vendors. The best way to remediate these vulnerabilities for end users is to head over to Secunia and let them scan your PC. It will look at all available software on your system and provide you with links to make sure you have the latest versions, which can go along way in preventing your PC from being hacked. You can also read their report for yourself. Take the time to patch your system!! If you are not comfortable doing this, by all means, we can help ...

read more

Seems that Apple has some vulnerabilities that it has quietly gone ahead and taken care of. Mac OS X 10.6.4 includes limited protection against a trojan labeled OSXPinhead -B. this one has capabilities to allow a hacker to gain remote control for the purpose of identity theft.

I guess the days of MAC users professing how they never have to worry about viruses and trojans are officially over.

Apple secretly updates Mac malware protection, Sophos reveals

There is a known vulnerability in Windows Help and Support Center that could lead to your PC becoming infected from a visit to a malicious website. Experts are now seeing hackers taking advantage of it. There will be an official patch coming from Microsoft, however you can remediate this rather easily with a fix that Microsoft has issued. Simply visit this site and click the Enable This Fix button. You will be prompted to download a small file which you can save to your desktop or other convenient spot that you can easily find it. Once downloaded double click it to execute and follow the simple instructions. My suggestion is to take the time to do this to prevent any possibilities of getting hit with this vulnerability. The Micosoft Fixit Site:

 

Vulnerability in Help Center could allow remote code execution

Adobe has released an official upgrade to its Flash Player. It includes 31 patches. Be sure if prompted to do the upgrade if it is installed on your PC. Also you will have to do this twice if you are using more than one browser. Once for IE and then again for alternative browsers like Firefox, Chrome and Opera.

Here is a link to Adobe's Installation Page

Okay Apple users, wanna comment on this one? It appears that the IPad has been hacked and 114,000 users e-mail and possibly other personal information has been exposed. Nice! Although it does appear that AT&T was also at fault. Apparently the hackers obtained the information from AT&T's website to harvest the data on the IPad users. Huge screw-up and doesn't do much for confidence in either the IPAD, or the AT&T network.

Full Story: 

Apple's Worst Security Breach: 114,000 iPad Owners Exposed

 

From Adobe:

A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat. This advisory will be updated once a schedule has been determined for releasing a fix.

AFFECTED SOFTWARE VERSIONS

Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and Solaris
Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX

Note ...

read more

This past weekend saw a wide area infection from a spam posting that encouraged users to view a video. I've warned users in the past to be VERY wary of any video's that look suspicious such as these. One of the best applications you can install to help prevent these posts from hitting your wall is defensio.com. It will block these posts as well as malicious content included in facebook e-mails. I highly recommend every facebook user take the precaution of installing this application. Details on the adware infection can be found:

 

Thousands of Facebook users hit by video attack, Sophos reports