As expected, Microsoft has released a critical out-of-band patch for the LNK shortcut file vulnerability which received attention last month. As a critical patch, this update will be delivered through Windows’ Automatic Update service, as well as being directly available for download from Microsoft’s site without a Windows Genuine Advantage check. A reboot is required for the

We realize there have been a lot of articles in the blog now about the Win32/Stuxnet malware and its new vector for spreading, but when vulnerabilities emerge that can be widely exploited, it is important to share information so that people can protect themselves from the threat. Detection for Win32/Stuxnet and the shortcut (LNK) files

On July 17th, ESET identified a new malicious file related to the Win32/Stuxnet worm. This new driver is a significant discovery because the file was signed with a certificate from a company called "JMicron Technology Corp".  This is different from the previous drivers which were signed with the certificate from Realtek Semiconductor Corp.  It is

The Survey is closed and I had a whopping 28 total responses :) The questions were 1. How often do you connect your iPhone to a computer with iTunes running? 2. Have you owned your iPhone for at least 6 months? 3. How did you learn of this survey? Five people did not respond to

There’s been a lot in the news about “Operation Aurora”. In a nutshell, hackers used a zero day IE exploit to gain access to computers and accounts they should not have access to. There are lots of fingers being pointed at the Chinese and implications the government may have been involved. The targets included Google

Apple has released its first patches of 2010 and if you are running Snow Leopard I recommend you apply the patches. Apple users have the distinct advantage of Windows users of predominantly being ignored. Despite the fact that playing a malformed audio file can cause arbitrary code execution (which means your Mac is vulnerable to

There is a vulnerability in Internet Explorer that Microsoft will patch tomorrow. Normally Microsoft releases patches on the second Tuesday of each month, but in the case Microsoft is making the patch available much sooner. The most probable reason for the “out of band” patch is that this vulnerability received a ton of attention as

OK, it isn’t quite that dire, but if you are using Windows XP Service Pack 2, support for that version of the operating system will end in July 2010. If you plan to stay with Windows XP a while longer then it’s a good time to upgrade to service pack 3 if you have not

Yes, the time is now here for Thanksgiving e-Cards. Before you click on a link to go get your eCard, make sure that your operating system is fully patched. Even if you use automatic updates, it’s a good idea to go to update.microsoft.com and make sure you’re fully patched. Next try out the Secunia vulnerability

[Update: Michael St Nietzel also pointed out that there's an issue with installers that verify a checksum before installation. In fact, this is a special case of an issue I may not have made completely clear before: unless this approach is combined with some form of whitelisting, there has to be some way of reversing the modification