The Bits 2.0

There are tonnes of software firewalls available on the internet, and 99% of them claims to be the “best” firewall that offer “comprehensive protections” like rootkit detection and this and that. Unfortunately, this neat article slaughters all the claims: http://www.rootkit.com/newsread.php?newsid=849.

There’s nothing worse than a false sense of security. Attackers always target the temporary lapse in security enforcement caused by overconfidence over a particular security product. Though my network at home is protected by a Symantec Network Security SGS 320 (now discontinued) hardware SPI Firewall + IDS/IPS, I never think that I’m immune to attacks. So I’m always keeping a watchful eye on every system, be it Windows or Unix.

ESET, spol. s r.o., a Slovakian IT security company that produce one of the best antivirus solutions (NOD32) is now offering a free online web-browser based virus scanner + cleaner solution.

While the online scanner could identify and resolve threats, is not a resident antivirus unlike its desktop counterpart and therefore will NOT be able to protect you from threats 24×7.

The online scanner runs as an ActiveX control and therefore, will require Internet Explorer 5.0 and above running Microsoft Windows NT/98/ME/2000/XP and Vista. 

In a rather embarassing incident, the main ERP (Enterprise Resource Planning) server in Antioch University was broken in and about 60,000 students, former and current employers were compromised. The intrusion was due to the administrator’s failure to patch a critical flaw in the FTP daemon of the Sun Solaris server.

Continue Reading »

Unlike most other boring Patch Tuesdays, Microsoft released a rather interesting eye-catching “patch” yesterday called “Security Update of ActiveX Kill Bits (KB948881)“. The security update is actually a registry hack that disables the critically flawed Yahoo! Music Jukebox ActiveX control that if exploited, the remote attacker could gain control over your computer.

Despite Yahoo! prompt action in fixing the flaw and releasing an updated version of the ActiveX control, probably Yahoo! knew it very well that 90% of users out there are just ignorant and never bothered to patch.

In December 2005, Microsoft slaughtered Sony BMG’s controversial root kit using a kill bit.

Source: http://www.computerworld.com/……&articleId=9075918

Adobe has issued a security advisory dated 8th of April 2008 for Adobe Flash Player 9.0.115.0 and all versions below. The security flaw could allow remote code execution on compromised systems.

This vulnerability affects Adobe Flash Players on ALL platforms. Users are reminded to update the affected software immediately by visiting Adobe’s website.