F-Secure on Quicktime vulns

F-Secure’s Weblog has a couple entry on the recent Quicktime troubles, highlighted by the myspace worm. They report two similar vulnerabilities, and their tests has found one of the javascript tricks works with Quicktime users on a Mac with Safari. Is this vulnerability listed on the eEye Zero Day Tracker? Not so far. Hmmm.

Myspace-qucktime-zango phishing worm

Several sites are reporting a worm infecting Myspace profiles and attempting to phish passwords through the use of javascript in Quicktime files. The vulnerability sounds similar to the Word URL autolaunch vulnerability or the same problem in Adobe. An exploited user profile in Youtube will contain a Quicktime file. The Quicktime will likely play without …

Continue reading ‘Myspace-qucktime-zango phishing worm’ »

Windows Shell Vulnerability aka setslice exploit

So there is a new vulnerability (announced last week) accessed through Internet Explorer. Microsoft describes it as a Windows Shell vulnerability. You may see it listed through other sources as a setslice exploit. The SANS ISC set their Infocon alert status to Yellow. Of course, they do this to increase “awareness” not because of any …

Continue reading ‘Windows Shell Vulnerability aka setslice exploit’ »

Phishing from Free Sites

F-Secure on their blog today asks, should free webhosts such as Geocities, Tripod etc proactively monitor for abuse such as phishing websites hosted on their servers. Its an interesting question. I’m not a lawyer or a privacy rights person. Currently providers are not expected to monitor content. They are expected to take action when notified. …

Continue reading ‘Phishing from Free Sites’ »

Did you know…

Did you know that Microsoft update and Windows update are not the same thing? I knew that Microsoft was providing office updates outside of going to officeupdate.microsoft.com but I didn’t know why I wasn’t seeing those updates at windowsupdate.microsoft.com. I typically select Tools > Windows Update from within Internet Explorer. Turns out there is a …

Continue reading ‘Did you know…’ »