Programs

Security Advisory

Two Critical Five Moderate.

MFSA 2008-46 Heap overflow when canceling newsgroup message
MFSA 2008-44 resource: traversal vulnerabilities
MFSA 2008-43 BOM characters stripped from JavaScript before execution
MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
MFSA 2008-37 UTF-8 URL stack buffer overflow

Thunderbird 2.0.0.17 Download

{ 2 comments }

An update over the weekend for AVG Technologies virus scanner contained a flawed virus signature, which flagged ‘user32.dll’ as a Trojan Horse.

Choosing ‘heal’ or ‘quarantine’ caused systems to either stop booting or go into a continuous reboot cycle.

AMSTERDAM, Netherlands, Nov. 11 /PRNewswire/ — AVG is actively working to remedy the problem some users are experiencing related to the most recent update to commercial and free versions of AVG 7.5 and AVG 8.0 in some languages. A number of users who installed the update mistakenly
received a warning that the Windows system file user32.dll product version 5.1.2600.3099 was infected with a Trojan virus and were prompted to delete a file essential to the operation of Windows XP.

The problem only affects users of the Dutch, French, Italian, Portuguese, and Spanish language versions of Windows XP.

AVG is taking these steps to assist users in remedying the problem:
— Immediate release of a new update to correct the problem.
– Creation of a specific informational section on the AVG website that enables users to resolve the problem.

Affected users should follow the weblinks below for further information and to download the fix tool:

(1) http://www.avg.com/support/HotTopics1574 FalsePositiveuser32.dll
(2) http://www.avg.com/support/HotTopics1574 FalsePositiveuser32.dll - fix tool

Affected users unable to use their PCs should contact their AVG reseller or ask a friend to download the information and fix tool for them.
After running the fix tool, users should run the AVG update program to download and install the correct AVG update.

AVG sincerely regrets the inconvenience users have experienced. We are working to remedy the problem and ensure that any other potential vulnerabilities are identified and eliminated before they can impact users.

AVG Press Statement Regarding Problems from Product Update

{ 0 comments }

A new twist in the works.

ArtistDirect’s Picast offers peer-assisted video delivery, and subsidiary MediaDefender, acquired by ArtistDirect in 2005, is designed to prevent alleged copyright infringement using peer-to-peer distribution.
Apprantly having used tactics such as flooding peer-to-peer networks with decoy files.

Arstechnica, Revision3 CEO: Blackout caused by MediaDefender attack
Wired: MediaDefender Defends Revision3 SYN Attack

Then there was Miivi.com, a video sharing site MediaDefender launched in February 2007.
File-sharing news site TorrentFreak alleged that Miivi.com was created to trap users uploading copyrighted content.
http://torrentfreak.com/anti-piracy-gang-launches-their-own-video-download-site-to-trap-people/

What is PiCast: http://picast.artistdirect.com/home.html

PiCast starts off with your existing Central Server or Content Delivery Network (CDN), so as to retain the stability, security, and control of a centralized infrastructure. However, once there are more than 2 simultaneous users, PiCast begins to coordinate a distributed ‘peer-cast’ environment, where each individual user is enabled as a peer, and begins to act as an additional source of the stream.

Ryan Lawler: MediaDefender Backs P2P Player PiCast

Certifiedbug, August 17, 2008. Spammers pose as MediaDefender

{ 0 comments }

News - The Home of Spybot-S&D!

With the release of Spybot-S&D 1.6, our detectives have spent some hard time implementing some of the new technologies to improve Virtumonde detections, increasing our detection range by more than 40% to now more than quarter of a million detection patterns to identify more than one million fingerprints.Virtumonde (also known as the Vundo Trojan) is a Trojan horse that is known to cause popups and advertising for rogue antispyware programs. It also causes other misbehavior, including performance degredation and denial of service with some websites including Google. It attaches to the system using bogus BHO’s (Browser Helper Objects) and DLL files attached to Winlogon and Windows Explorer.To profit from these improvements, we recommend that you update to Spybot - Search & Destroy 1.6, which will be available through the update function integrated into the application as well starting today, as soon as possible.

And, if you still have any problems regarding Virtumonde please feel free to visit our forum or e-mail our detections department.

{ 0 comments }

From Patrick Kolla, developer of Spybot Search and Destroy.
http://www.safer-networking.org/en/home/index.html

Time for an update! To keep up with the latest threats, and solve some issues and feature requests users had, we’re proud to announce Spybot-S&D version 1.6. Some of the features include:

Improved Scan Speed

Reported a few weeks ago as one of the big issues users face, Spybot-S&D 1.6 integrates parts of the future 2.0 file scanning engine to speed up the on-demand scan.
Up-to-date browser support

Both immunization and the on-demand scan are able to access a dozen different browsers, which now include the latest revisions of the most popular ones, Firefox and Opera.

Easier On-Access Use

Until now, our on-access part was able to block bad entries, but at the same time, confused many novice users by asking for confirmation on changes of other monitored system entries as well. While this is a great feature for all experienced users who want full control over their systems, we decided that we need to make this easier for the average user, and integrated automated decisions based on the system entry database built through our RunAlyzer, containing more than quarter of a million decisions.

OpenSBI

Safer Networking also announces OpenSBI, our attempt at opening up the fight against malware to anyone who wants to participate. OpenSBI means we’ve published documentation and tools that anyone can use to create their own malware detection patterns for use with Spybot-S&D, and share those with other Spybot-S&D users.

• Diversity - everyone can create detection templates for any software, without depending on a central authority to acknowledge its threat.

• Neutrality - we cannot be bought to remove detections from our database, but if you do not believe us, you can simply publish your own rules against some malware.

• Continuity - OpenSBI ensures that you’ll get updates as long as someone is interested in updating the database (which does not mean we intend to do less work in adding new detections).

• Flexibility - as a system administrator using the network edition, you can make sure that working time is not wasted by employees playing the latest Moorhuhn clone if you add your own detection for it. Keep in mind that some relaxation is said to even improve work results.

And quite a lot more bug fixes and new features, which can be found on bug tracker.

{ 2 comments }

Previous Certifiedbug: Zango now

John Cook, Seattle PI

Sources say that two executives have also departed, including Executive Vice President of Corporate Development York Baur and Chief Technology Officer Ken Smith. Smith, who co-founded the company in 1999, is the brother of Chief Executive Keith Smith. A Zango spokesman declined to comment on the departures.

Ken Smith about his departure, Moving On

But nine years is a long time, and I’ve made the difficult decision that it’s time to move on. Yesterday, as part of its transition over to its Platrium platform, Zango had to lay off 68 employees, roughly one third of its work force, and I took the opportunity to tender my resignation as well.

Introduction to the Platrium Playbar:

Platrium is your access key to premium content. It is FREE, paid for by advertising. While online & using keywords sent to Platrium from your Internet browsing, Platrium software (with Weather forecast) will show targeted ads in a temporary Slider; relevant search suggestions in the Playbar; & comparison shopping offers in a Sidebar browser pane. The Playbar provides easy access to 1000s of emoticons, avatars, games & more, when online. Platrium runs continuously & updates automatically, ensuring access to the freshest content. Uninstallation is easy via Add/Remove Programs.

“Make Platrium your default home page” is pre-checked by default.

The Platrium search function directs searches to sponsored results on “Shopbrite”.

{ 4 comments }

From Patrick Kolla, developer of Spybot Search and Destroy.

Scanning a bit faster… first beta of 1.6 available!
Eight years ago, Spybot-S&D originally started off as a very fast anti-spyware scanner, detecting some 30 small things, and you could watch it finish in under a minute.

Today, a full scan applies more than 600,000 tests, and you can watch that number grow weekly on our update list. Handling such numbers obviously is quite a bit different, and while we’ve tried to adjust to that with each version, a full scan might still take half an hour currently. Since this was one big major complaint issue, we decided to integrate parts of the new file scanner designed for a future 2.0 release and optimized for modern malware fighting, and got you a major push in speed now - that same scan will now take five to six minutes only, being about five times as fast as 1.5 was!

If you want to enjoy that speed and know a bit about beta testing, head over to our beta forums and get the first beta! If you prefer to wait for a thorougly tested public release, we hope to get around to that quite soon.

Oh, and one more thing… there’s more up for 1.6: a second big issue we hear often will be addressed, so stay tuned!

More…

{ 0 comments }

Ed Bott broke the news that Sysinternals Live is now open to the public.

The new service enables you to execute the most recent version of any Sysinternals tool directly from an Internet-connected PC, without having to hunt for the executable file and manually download it first.

What a treat for Sysinternals utilities fans.

Microsoft bought the company and its library in 2006. Sysinternals co-founder Mark Russinovich is now a Technical Fellow in the Platform and Services Division at Microsoft.

Sysinternals Forum
Sysinternals home page

{ 0 comments }

Anti-spyware program by Patrick Kolla and Team Spybot.

Spybot-S&D 1.5 has quite a lot of advantages over version 1.4: improved compatibility, more effective detections and new functions. Between all the positive feedback we received, there were also some things that needed to be improved: the immunization sometimes needed to be applied twice before sticking, many users wanted the file shredder back, and it was impossible to remove entries from the user blacklist in the Internet Explorer plugin. But first of all, we apologize for the long starting time of Spybot-S&D 1.5.1 to all users. This item has been fixed now in this new version 1.5.2.

We are convinced that you will work with the best Spybot ever: Spybot-S&D 1.5.2 has all advantages, but no handicaps over all previous versions!

Throughout the next days our partners and ourselves will provide you with version 1.5.2. This version will also be available through the integrated update within the next days.

Spybot-S&D Home Page

{ 2 comments }