Maximum PC threat RSS Feed

Google Patches Chrome Security Vulnerabilities

Pulkit Chandna — Wed, 10 Sep 2008 19:11:23 -0500

Several security vulnerabilities were reported in Google’s Chrome web browser after its beta version was launched earlier this month with much ado. Google has quickly responded with a security update that fixes four vulnerabilities. The update addresses two buffer overflow vulnerabilities, both rated critical by Google, and two other minor bugs. However, the carpet-bombing threat, first brought to light by security researcher Aviv Raff, still looms.

Four Security Bulletins Coming This Patch Tuesday

Pulkit Chandna — Sat, 06 Sep 2008 01:47:19 -0500

Be informed, dear readers, Microsoft’s next installment of security bulletins is going to be on September 9 – Patch Tuesday. Microsoft revealed in the security bulletin advance notification for September that it will release four security bulletins on the following Patch Tuesday. All four of them merit immediate attention as they have been rated critical. The security bulletins will all fix vulnerabilities pertaining to remote code execution. The Patch Tuesday in August also carried quite a few security bulletins related to remote code execution including a patch for the “MS Access Snapshot Viewer ActiveX control," which hackers had begun to exploit using a malicious toolkit.

The Chrome Chronicles: EULA Amended, Carpet-Bombing Alarm Raised

Pulkit Chandna — Fri, 05 Sep 2008 20:21:49 -0500

After a few eyebrows were raised over Chrome’s highly libertarian end-user license agreement (EULA) – almost a proclamation of a man’s fundamental right to piracy, an amendment or an explanation was inevitable. Chrome’s EULA stated that users were at liberty to use anything posted online through the browser. But Google has amended the EULA. The web juggernaut also downplayed the entire episode as a mistake. Setting the EULA aside, a few chinks in Chrome’s armor have already been sighted. Avi Raff, a researcher, has discovered that Chrome is vulnerable to carpet-bombing a la Safari.

Border Gateway Protocol: A Gaping Security Hole in the Internet

Pulkit Chandna — Tue, 02 Sep 2008 15:45:22 -0500

Two researchers, Alex Pilosov and Anton Kapela, have concocted a technique to exploit the Border Gateway Protocol (BGP) – internet’s core routing protocol. They demonstrated their technique at the DefCon hacker conference in Las Vegas. The threat emanates from the innate credulity of the routing protocol: the BGP apparently is designed to trust all nodes and can be exploited to redirect insane volumes of internet traffic to malevolent networks.

It can be used for spying at a truly unprecedented scale. No, we are not talking about stalking someone on Facebook but nation-state espionage. Millions of users can be exposed within moments of such an attack. A few solutions have already been propounded, but ISPs seem to be watching quietly from the sidelines.

ESET Threat Report: Dramatic Upsurge in Gaming Malware, Gangs Target Second Life

Paul Lilly — Fri, 08 Aug 2008 13:58:58 -0500

Gamers have enough trouble trying to come up with a game plan to beat pesky end bosses and single-handedly defeat armies of mutant soldiers. Saving often gives gamers an endless advantage and cheat codes can help in a pinch, but neither of these tactics will do any good against an increasing amount of real-life threats the online gaming scene.

More than just an annoyance, time spend in virtual worlds like Second Life can translate into real currency and it's attracted the attention of organized criminal gangs. According to security software vendor ESET (best known for its NOD32 Antivirus products), "high volumes of malware intended to steal passwords for online gaming and virtual worlds" have been detected since 2007, resulting in a "dramatic upsurge."

The alarming news comes courtesy of ESET's mid-yearly Global Threat Report, which focuses on broad trends in malware over the past six months. In addition to an upsurge in attacks against gamers, ESET notes that malicious software that tries to use the Windows Autorun facility to self-install from removable media continues to flourish.

On the opposite end of the spectrum, the company reports email bound malware is in "dramatic decline," at least when it comes to dirty attachments. Malicious URLs passed through email messages have taken the place of attachments.

Further reading to keep yourself (and your virtual self) protected:

"Mailto:" and Other URI Threats May Target Everyone

Mark Soper — Mon, 15 Oct 2007 16:54:55 -0500

Been patting yourself on the back for not using Adobe Acrobat or Reader with IE7 and Windows XP? Don't be too happy: URI-based threats may be lurking everywhere.

Didn't Ask for That PDF File? Watch Out!

Mark 'Marcus Soperus' Soper — Fri, 12 Oct 2007 07:57:20 -0500

Put Adobe Acrobat or Adobe Reader together with Windows XP and Internet Explorer 7, and what do you have? A significant threat to your PC. Learn how to protect yourself.

Google's in the XSS Crosshairs - and So Are You

Mark Soper — Mon, 24 Sep 2007 23:32:52 -0500

Googling your way around the Internet? Watch out - cross site scripting (XSS) makes Google and other sites less safe than you think.