The Great 99 Cent Software Experiment of 2010

Mark this date on your calendar:

Friday, January 29, 2010

For 24 hours you have the opportunity to participate in The Great 99 Cent Software Experiment of 2010. As self-described, Bill Pytlovany is either brilliant or, well, let's just say something else. :)

Does this sound like something you can afford to pass up?

"If you want to upgrade to WinPatrol PLUS on January 29th, I’ll give you a lifetime WinPatrol membership for less than a dollar. Instead of the regular price of $29.95 I’ll provide a coupon on WinPatrol.com that brings the price down to $0.99 USD. That comes out to approx. .70 € to our international friends

This will be a one-day only “experiment” starting at midnight EST on Jan 29th and will last 24 hours. Will over 30 times the normal number customers upgrade to WinPatrol PLUS? If so, will other software developers notice?

Like our current $30 plan, the 99¢ license will be good for life. Like sales in the App Store or Droid Market however, this license is only valid for a single computer. Sound fair enough? If you’ve been someday planning on upgrading to WinPatrol PLUS, January 29th is the day to remember. Just go to www.WinPatrol.com this Friday and you may be a part of history."

Head over to Bits from Bill for the rest of the details on this one-day event. Even if you already have a license for WinPatrol Plus, it is a great opportunity to purchase one for a friend or family member.

Clubhouse Tags: Clubhouse, Security, Information



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Firefox 3.6 Released

Today is the day for browser updates! First came the out-of-band Microsoft Security Bulletin MS10-002. Next is the release of Mozilla Firefox 3.6. Although not touted as a security update, there are security improvements in the new release. Notable improvements include:

• Protection from out-of-date plugins to keep users safer as they browse.
• Changes to how third-party software can integrate with Firefox in order to prevent crashes.

Complete information on the new release is available in What’s New in Firefox 3.6

Note: The upgrade to 3.6 is available via the program updater for exsisting users. Note however, that this is a major upgrade and some of your addons may not be compatible.

Download for localized versions is available at International versions: Get Firefox in your language.

Clubhouse Tags: Clubhouse, Security, Updates, Information



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Update Now! Security Bulletin MS10-002 Released

Microsoft released out-of-band Microsoft Security Bulletin MS10-002. It is strongly recommended that this update be installed as soon as possible.

MS10-002 is identified as Critical for all supported releases of Internet Explorer, including Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, Internet Explorer 7, and Internet Explorer 8. The only exception is Internet Explorer 6 for supported editions of Windows Server 2003, in which case the update is rated Moderate.

MS10-002 is accelerated from the regularly scheduled February release update.

References:

• MSRC Blog: Bulletin MS10-002 Released
• TechNet: Microsoft Security Bulletin MS10-002

Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Vulnerabilities, Information


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Advance Notification for Out-of-Band Bulletin Release

The out-of-band security update announced yesterday Microsoft Security Advisory 979352 is scheduled to be released tomorrow, 21 January 2010, as close to 10 AM (PST) as possible. The update is described by Jerry Bryant:

"This is a standard cumulative update, accelerated from our regularly scheduled February release, for Internet Explorer with an aggregate severity rating of Critical. It addresses the vulnerability related to recent attacks against Google and small subset of corporations, as well as several other vulnerabilities. Once applied, customers are protected against the known attacks that have been widely publicized. We recommend that customers install the update as soon as it is available. For customers using automatic updates, this update will automatically be applied once it is released."

Although Microsoft reports that they continue to see only limited attacks, with the only successful attacks they are aware of against Internet Explorer 6, it is, nonetheless, recommended that anyone who has yet to update to Internet Explorer 8 would benefit from the improved security protection available with IE8.

Additional information is available in the Advance Notification for Out-of-Band Bulletin Release.

Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Vulnerabilities, Information



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Out of Band Security Update for Advisory 979352

Microsoft has announced an out-of-band security update to help protect customers from the vulnerability in Microsoft Security Advisory 979352. From the MSRC Blog:

"Based on our comprehensive monitoring of the threat landscape we continue to see very limited, and in some cases, targeted attacks. To date, the only successful attacks that we are aware of have been against Internet Explorer 6. We continue to recommend customers upgrade to Internet Explorer 8 to benefit from the improved security protection it offers. We also recommend customers consider deploying the workarounds and mitigations provided in Security Advisory 979352.

Given the significant level of attention this issue has generated, confusion about what customers can do to protect themselves and the escalating threat environment Microsoft will release a security update out-of-band for this vulnerability."

Additional information regarding the timing of the release will be provided tomorrow.

References and Additional Information:

• Security Advisory 979352 – Going out of Band
• Advisory 979352 Update for Monday January 18
• Further Insight into Security Advisory 979352 and the Threat Landscape
• Advisory 979352 Updated
• Additional information about DEP and the Internet Explorer 0day vulnerability
• Security Advisory 979352

Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Vulnerabilities, Information



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Microsoft Security Advisory 979352 Released

Microsoft determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks. According to Threat Level at Wired.com, Adobe was impacted and it appears that at least 34 companies were breached.

Following are the mitigating factors in Microsoft Security Advisory 979352:

• Protected Mode in Internet Explorer on Windows Vista and later Windows operating systems limits the impact of the vulnerability.
  
  
• In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker’s Web site.
  
  
• An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
  
  
• By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone.
  
  
• By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML e-mail messages in the Restricted sites zone. The Restricted sites zone helps mitigate attacks that could try to exploit this vulnerability by preventing Active Scripting and ActiveX controls from being used when reading HTML e-mail messages. However, if a user clicks a link in an e-mail message, the user could still be vulnerable to exploitation of this vulnerability through the Web-based attack scenario.

References:

• MSRC Blog: The Microsoft Security Response Center (MSRC) : Security Advisory 979352 Released
• TechNet: Security Advisory 979352 Released
• Wired.com: Threat Level Privacy, Crime and Security Online

Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Adobe, Vulnerabilities, Information


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Adobe Reader/Acrobat Critical Update

Adobe Product Security Incident Response Team (PSIRT) announced an update to Adobe Reader and Acrobat affecting a critical vulnerability in Adobe Reader and Adobe Acrobat 9.2, including all earlier versions. As this vulnerability is being actively exploited in the wild, update is strongly advised.

For home use, you may wish to replace Adobe Reader with an alternate PDF reader. Other options are available at http://pdfreaders.org/.

Adobe Security Bulletin

Security updates available for Adobe Reader and Adobe Acrobat

Release date: January 12, 2010

Vulnerability identifier: APSB10-02

CVE numbers: CVE-2009-3953, CVE-2009-3954, CVE-2009-3955, CVE-2009-3956, CVE-2009-3957, CVE-2009-3958, CVE-2009-3959, CVE-2009-4324

Critical vulnerabilities have been identified in Adobe Reader 9.2 and Acrobat 9.2 for Windows, Macintosh and UNIX, and Adobe Reader 8.1.7 and Acrobat 8.1.7 for Windows and Macintosh. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.

References:

• Adobe Product Security Incident Response Team (PSIRT): A Few Words on the January 2010 Security Update for Adobe Reader and Acrobat - ASSET
• Threatpost: How to mitigate Adobe PDF malware attacks
  
• National Vulnerability Database (NVD): (CVE-2009-4324)
• ZDNet.com: Adobe confirms PDF zero-day attacks. Disable JavaScript now

Clubhouse Tags: Clubhouse, Security, Updates, Vulnerabilities, Adobe

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Microsoft January 2010 Security Bulletin

Microsoft released one security bulletin affecting all versions of Windows. MS10-001 addresses one vulnerability in the Embedded OpenType Font Engine and is Critical on Windows 2000. For all other versions of Windows, the vulnerability gets a Low rating.

Microsoft designated the bulletin an aggregate rating of “2” on the Exploitability Index as it applies to Windows 2000 systems. All other systems are rated “3”.

According to the MSRC blog:

"The vulnerable code is present on newer operating systems but through the Security Development Lifecycle (SDL), there are several mitigations in place that help prevent the likelihood of exploitation. Our Security Research & Defense (SRD) team has a great write up on this in their blog. We do recommend that customers evaluate and deploy this update as soon as possible. Especially those on Windows 2000."

Critical:

MS10-001 --Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font in client applications that can render EOT fonts, such as Microsoft Internet Explorer, Microsoft Office PowerPoint, or Microsoft Office Word. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

References:

• MSRC: January 2010 Security Bulletin Release
• TechNet: Microsoft Security bulletin summary for January 2010
  
  

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Updates, Vulnerabilities, Information

Read More

January 2010 Security Bulletin Advance Notice

On Tuesday, January 12, 2010, Microsoft is planning to release one new security bulletin addressing a single vulnerability in Windows. The vulnerability is critical on Windows 2000 and low for all other platforms.

An updated version of the Microsoft Windows Malicious Software Removal Tool will also be available.

References:

• MSRC: January 2010 Bulletin Release Advance Notification
• TechNet: Microsoft Security Bulletin Advance Notification for January 2010

Clubhouse Tags: Clubhouse, Security, Updates, Microsoft, Information

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Congratulations 2010 Microsoft MVP!‏

I am proud to announce that for the fifth year, once again I was awarded Microsoft MVP. Contributing to the specialness of the award is the knowledge that of the over 4,000 MVPs worldwide, only a bit over 100 are awarded in Consumer Security.

As described by Microsoft:

"About the MVP Award Program

Since the early 1990s, Microsoft has recognized the inspiring activities of MVPs around the world with the MVP Award. MVPs freely share their deep knowledge, real-world experience, and impartial, objective feedback to help people enhance the way they use technology. Of more than 100 million users who participate in technology communities, around 4,000 are recognized as Microsoft MVPs.

MVPs make exceptional contributions to technical communities, sharing their passion, knowledge, and know-how. Meanwhile, because MVPs hear the opinions and needs of many others in the technical community, they are well-placed to share highly focused feedback with Microsoft.

MVPs are independent experts who are offered a close connection with people at Microsoft. To acknowledge MVPs’ leadership and provide a platform to help support their efforts, Microsoft often gives MVPs early access to Microsoft products, as well as the opportunity to pass on their highly targeted feedback and recommendations about product design, development, and support.

Awarded in over ninety technology areas, MVPs reflect Microsoft's global customer base and the breadth of Microsoft's technologies. A significant proportion of new MVPs represent emerging markets in China, Russia, and Korea, as well as smaller markets including Ghana, Nepal, and Kazakhstan."

Clubhouse Tags: Clubhouse, Security, Microsoft, MVP, Information, Story




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More