Some Apple iTunes users who have AVG installed were in for a bit of surprise last weekend when the antivirus app alerted them to the presence of a Trojan in their music software and blocked it from loading. If you're one of those users, rest assured it was a false positive.
"Unfortunately, a recent virus database update resulted in iTunes being detected as a Trojan by AVG security products," the company explained in a statement. "We can confirm that it was a false alarm. AVG immediately released a new virus database update (definition file 270.13.29/2260) that corrected this issue."
The update came just five hours after the false positive was first reported and was "automatically released to all users by 5:30AM CET," AVG says. Prior to the update, AVG had placed several iTunes DLL files in quarantine, which prevented the music service from working.
If for some reason iTunes still isn't working after applying the update, AVG suggests restoring the deleted iTunes files from the AVG Virus Vault. To do this:
Open the AVG user interface
Choose "Virus Vault" option from the "History" menu
Locate the iTunes file that was incorrectly removed and select it (one click)
Forget about sophisticated attacks and increasingly complex malware schemes, the biggest threat to a company's security might be social networks and the employees who use them.
So says security firm Sophos, who reports that 63 percent of sysadmins worry about employees sharing too much information on Facebook, MySpace, and other social networking portals, ultimately putting their corporate infrastructure -- and the sensitive date on it -- at risk.
"Evidence shows that their worry is justified," Sophos wrote in the July 2009 update to its Security Threat Report. "In June 2009, the personal information belonging to the incoming head of MI6 was exposed to the entire Facebook network, when his spouse allowed members of the 'London' network to view her profile."
Sophos listed several other examples to back the claim, including a MySpace user losing over $210,000 in an email scam after his "Nigerian cyber-pal started asking for money to help her ailing mother."
But Sophos was quick to warn that completely denying access to social networking sites isn't the answer. Doing so runs the risk of driving employees to find a way around the ban, creating an even bigger risk and less oversight by the IT staff.
Think your browsing history is secure from prying eyes so long as you never leave your PC unattended? Think again. A new site, Web2.0collage.com, digs through your browser's history and then constructs a collage of the web2.0 websites that you've visited.
"Web2.0collage.com mixes art and technology to raise privacy concerns," the site states on its homepage. "Many of us consider our browser history to be private, but that is no longer the case. Any website you visit can determine your browser history by exploiting the very features designed to enhance your Internet experience, a fact many people are not aware of."
You knew it would happen sooner or later, we're just a little surprised it took this long for hackers to release a botnet running on mobile phones. According to Symantec, a piece of malicious software called Sexy Space may be the first documented case.
Like most botnets, Sexy Space relies on quite a bit of user interaction to be effective. Those who ultimately become a zombie in the botnet first receive a text message saying "A very sexy girl, Try it now!" Inside the message is a link that must be clicked, which then asks the potential victim to download software. The software then scours through the user's contact list and sends an SMS with the same message to each person.
Symantec says that this particular botnet is being controlled by a central server, but it remains unclear whether or not the phones respond to remote commands.
We're undoubtedly preaching to the choir on this one, but be wary of any rogue text messages, especially when they ask you to click a link and download software.
"This is a JS engine bug dealing with deep bailing not properly restoring the return value from the result of the (fast native) escape function. We then try to do something with the uninitialized memory and crash in the interpreter," wrote Mozilla's Blake Kaplan in a comment on the bug report.
It didn't take long for researchers to discover that the bug was exploitable and could be used to execute arbitrary code. It's also been squashed in the 3.5.1 update, however researchers have discovered a similar bug that remains. According to Mozilla, it is looking into the issue, but so far doesn't believe the newly discovered bug is exploitable.
Less than a month after release, Firefox 3.5 receives an incremental update bringing the most current stable version to 3.5.1. As might be expected, the 3.5.1 update addresses several security and stability issues, as well as an issue that was making Firefox take a long time to load on some Windows systems, Mozilla says.
"We strongly recommend that all Firefox 3.5 users upgrade to this release," Mozilla said in a statement. "If you already have Firefox 3.5, you will receive an automated update notification within 24 to 48 hours. This update can also be applied manually by selecting 'Check for Updates...' from the Help menu."
On a related note, Mozilla said it is no longer supporting supporting Firefox 2.0.0.x, which "contains known security vulnerabilities." So in other words, pretty much every Firefox user should go grab the latest update.
Last month, a hacker calling himself Hacker Croll infiltrated an administrator's email account who works for Twitter, gaining access to the employee's Google Apps account, where Twitter shares spreadsheets and documents outlining business ideas and various financial details, said Biz Stone, a Twitter co-founder.
After doing so, the hacker sent all sorts of confidential documents to a pair of news blogs: TechCrunch and Korben. While the breach and subsequent sharing of information might have been embarrassing for Twitter, analysts say the attack highlights the bigger problem of people using the same password for ever site they visit.
According to security firm Sophos, 40 percent of Internet users use the same password for every website. And with so many personal details floating around social networking sites, it makes it that much easier for hackers to breach someone's account.
"A lot of the Twitter users are much living their lives in public," said Chris King, director of product marketing at Palo Alto Networks, which creates firewalls. "If you broadcast all your details about what your dog's name is and what hour hometown is, it's not that hard to figure out a password."
This won't come as a surprise to power users, but to avoid being hacked, use strong passwords that combine letters and numbers, change your passwords often, and don't use the same password for every site you visit.
Enter about:config in the browser's location bar
Type jit in the Filter box
If you'd rather not mess around with about:config settings, you can still disable JIT by running Firefox in Safe Mode, which is accessible from the Mozilla Firefox folder.
This week, Microsoft announced that DirectShow ActiveX code in Internet Explorer 6 and 7 that was reserved for future use has finally been used - by malware providers. The DirectShow Video ActiveX control in the msvidctr.dll file can be used to take over your system if you visit an infected website. According to Symantec, thousands of websites (primarily in China and other parts of Asia) have been affected.
Who's vulnerable? According to Microsoft Knowledge Base article 972890, Windows Server 2003, Windows XP SP2, Windows XP SP3, and Windows XP 64-bit edition are at risk if they haven't upgraded to IE8. IE8 is not vulnerable because the DirectShow ActiveX control being exploited was disabled in IE8. But, if you're still running IE7 (or - horrors! - IE6), what now?
Although Microsoft doesn't have a software patch, it's offering the next best thing: visit KB article 972890 to download and run Microsoft Fix it control 50287 to work around the problem (the same site also offers Microsoft Fix it control 50288 to disable the workaround). The woraround and disable workaround controls are distributed in .msi installer files. Microsoft also recommends the workaround for Windows Vista and Windows Server 2008 users who are still running IE7.
If you want to learn more about what the workaround changes, you can visit the Microsoft Security Advisory (972890) page. This page lists the CLSID values that must be changed. This information can be incorporated into a .reg file, or can be distributed to multiple PCs in a domain using Group Policy. For additional information, see Security Focus article 35558.
Networking in Windows 7 builds upon the drastic remodeling that occurred in Windows Vista. However, although some of the basic networking features in Windows 7 are similar to those in Windows Vista, many networking features have been improved in Microsoft's latest operating system. And, if you are moving up from Windows XP, you will find that Windows 7's network interface is a completely different animal than you've encountered before. Whether you're moving up from Windows Vista or Windows XP, join us after the jump to learn what's new and better in the main building blocks of Windows 7 networking.