Posted 07/20/09 at 06:39:03 AM by Paul Lilly

If you're a Firefox user, be sure to grab the latest update bringing Firefox 3.5 to 3.5.1. A number of security and stability issues have been addressed in the newest release, but its main purpose was to patch a critical security vulnerability in the browser's TraceMonkey JavaScript engine. Prior to the patch, the bug could cause Firefox to crash when typing text into an input box on certain websites.

"This is a JS engine bug dealing with deep bailing not properly restoring the return value from the result of the (fast native) escape function. We then try to do something with the uninitialized memory and crash in the interpreter," wrote Mozilla's Blake Kaplan in a comment on the bug report.

It didn't take long for researchers to discover that the bug was exploitable and could be used to execute arbitrary code. It's also been squashed in the 3.5.1 update, however researchers have discovered a similar bug that remains. According to Mozilla, it is looking into the issue, but so far doesn't believe the newly discovered bug is exploitable.

Read More

Posted 06/10/09 at 09:00:44 AM by Paul Lilly

Oopsy-daisy! According to complaints on McAfee's message board, a mandatory service pack for the company's antivirus VSE 8.7 software has left some machines unbootable. The update, which was issued on May 27 and later pulled on June 2, was intended to squash minor security bugs, but also inadvertently flagged some Windows system files as malware.

"McAfee removed Patch 1 for McAfee VirusScan Enterprise 8.7i from its download servers out of precaution after a potential issue with the update was discovered," McAfee said in a statement. "A very small number of customers reported trouble with the patch on a limited number of computers."

McAfee went on to say that it's working on identifying the cause of the false positives and, once resolved, will repost the mandatory update.

Read More

Posted 03/19/09 at 03:54:10 AM by Nathan Grayson

Other Valve games, we’re sure you’re great and all, but we think Valve is playing favorites. Really, just look at the numbers: Left 4 Dead, Valve’s tossing you just enough of the ol’ meat and mead to ensure your survival. And Half-Life 2: Episode 3, we thought we saw you once in a tabloid with Bigfoot, but that might’ve just been this guy. Meanwhile, it seems like Team Fortress 2 gains some new appendage at least once per week, and, well, you can probably guess where this is going.

This week’s TF2 to-do adds multicore CPU rendering to the team-based shooter’s ever-growing repertoire, though it’s apparently not quite ready for primetime just yet. From the patch notes:

Added Multicore Rendering

• This initial release is aimed at testing compatibility, so the option is OFF by default
• To turn it on, go to the Options->Video->Advanced dialog, and check the "Multicore Rendering" option

Read More

Posted 03/15/09 at 12:59:32 PM by Justin Kerr

If you haven’t done so already, make sure your Adobe reader has checked for, and downloaded the latest updates. Adobe has finally released a patch for the zero day scripting vulnerability in its PDF software. The patch for version 9 hit the net a bit earlier than expected, but not a moment too soon to combat this now critically exploited weakness which has been in the wild now since December 2008. The patches for Version 7 & 8 are still planned for March 18th and users of this version would be advised to either upgrade to 9.1 or consider Foxit Reader.

The news was posted by Adobe blogger David Lenoe. "Today, we posted the Adobe Reader 9.1 and Acrobat 9.1 update, which resolves the recent JBIG2 security issue (CVE-2009-0658), including the 'no-click' variant of the vulnerability." "We encourage all Adobe Reader users to download and install the free Adobe Reader 9.1."

For those that haven’t been following the details of the exploit, the vulnerability is a result of an array indexing error in the processing of JBIG2 streams. Hackers have found a way to corrupt arbitrary memory using the PDF format and take control of compromised systems. The lesson learned here if we didn’t know it already, don’t take candy, or PDF’s from strangers.

Read More

Posted 02/10/09 at 09:01:31 PM by Nathan Grayson

In the original Far Cry, rigging a tree branch to clothesline a hapless foe was a deadlier alternative to, you know, shooting them. With guns. Unfortunately, Far Cry 2 de-fanged guns in a similar manner (minus the pro-deforestation propaganda) – something for which we nearly awarded it a seven out of ten. Good thing, then, that Ubisoft Montreal has announced a new “Hardcore” Far Cry 2 multiplayer patch that promises to make sure in-game guns’ bite outdoes trees’ bark (grooooan).

"The hardcore mode has been designed as an answer to a community request," Ubisoft community developer Atmon wrote on the game's official forums. "Some players were seeking and expecting a more realistic experience.” 

• A new damage model will be applied with increased damage for all weapons.
• All weapons have been rebalanced on normal mode, and on hardcore mode.
• Enemy names will disappear after the spawning invincibility period is over (A shield is displayed above a player’s head for a few second to show that he is invincible).
• A new option will allow you to tweak spawning time (but not spawning rate).
• A new search option will be available in multiplayer to allow you to find games that are playing on hardcore mode.

Read More

Posted 01/21/09 at 05:22:17 PM by Mark Edward Soper

Remember Microsoft's rare out-of-band security update from last October, MS08-067? Microsoft warned us then that Windows XP, Windows Server 2003, and Windows 2000 SP4 were especially vulnerable to being attacked. Windows Update probably took care of patching your home computer. However, companies and individuals that were slow to patch their fleets of PCs with KB958644 could find their computers now infected by a nasty worm called Conficker, Downadup or Kido.

How big a deal is Conficker/Downadup? According to F-Secure, the number of infected machines went from 2.4 million to 8.9 million in just four days as of last Friday.  Panda Security now estimates that as many as one in every 16 PCs may be infected. F-Secure wraps up its analysis by saying "The situation with Downadup is not getting better. It's getting worse." Panda compares the outbreak with the legendary Kournikova (2001) and Blaster (2003) outbreaks.

How does Conficker/Downandup spread, and what can you do about it? Join us after the jump to learn more.

Read More

Posted 12/18/08 at 03:05:09 PM by Paul Lilly

Looking for something to do over the holiday break or need an excuse to duck away from the in laws to regain your sanity? Crytek's got your back. The developer announced it is serving up the multiplayer shooter Crysis Wars free-to-play for 10 days, starting tomorrow at 11:00 AM PT and good through December 28th until 11:59 PM PT. You can snag your holiday trial at MyCrysis.com, which the developer says includes the latest version of the game with brand new maps Savanna and Frost. You'll need to register to receive a unique key.

Also just released is a new patch for Crysis Wars, which comes less than a month after patch 1.2 was released.. Patch 1.3 includes the Holiday Map Pack (two above mentioned maps), and fixes the loading of custom assets in downloaded maps.

Read More

Posted 09/10/08 at 07:11:23 PM by Pulkit Chandna

Several security vulnerabilities were reported in Google’s Chrome web browser after its beta version was launched earlier this month with much ado. Google has quickly responded with a security update that fixes four vulnerabilities. The update addresses two buffer overflow vulnerabilities, both rated critical by Google, and two other minor bugs. However, the carpet-bombing threat, first brought to light by security researcher Aviv Raff, still looms.

Read More