-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Energizer battery charger contains backdoor
,----[ Quote ]
| The United States Computer Emergency
| Response Team (US-CERT) has warned that the
| software included in the Energizer DUO USB
| battery charger contains a backdoor that
| allows unauthorized remote system access.
|
| In an advisory, the US-CERT warned that he
| installer for the Energizer DUO software
| places the file UsbCharger.dll in the
| applicationâs directory and Arucer.dll in
| the Windows system32 directory.
|
| When the Energizer UsbCharger software
| executes, it utilizes the UsbCharger.dll
| component for providing USB communication
| capabilities. UsbCharger.dll executes
| Arucer.dll via the Windows rundll32.exe
| mechanism, and it also configures Arucer.dll
| to execute automatically when Windows starts
| by creating an entry in the
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run registry key.
`----
http://blogs.zdnet.com/security/?p=5602
Apache [WINDOWS] bug prompts update advice
,----[ Quote ]
| "The vulnerability means that you can take
| complete control of the web server remotely
| with system privileges â which is the
| highest privilege on Windows," Edelstein
| told ZDNet.com.au. "An attacker could gain
| access to, modify and take away data."
|
| Edelstein advised users running Apache on
| Windows platforms to upgrade immediately as
| users have no way of knowing if their web
| servers have been compromised. The company's
| security advisory can be accessed here.
`----
http://www.zdnet.com.au/news/security/soa/Apache-bug-prompts-update-advice/0,130061744,339301617,00.htm
Patchy Windows patching leaves users insecure
,----[ Quote ]
| Windows users need to patch their systems an
| average of every five days to stay ahead of
| security vulnerabilities, according to a
| study this week.
|
| The numbers come from a company called
| Secunia which just happens to be developing
| an all-in-one patching tool to reduce update
| headaches for consumers.
|
| Stats from the two million existing users of
| Secunia's free Personal Software Inspector
| tool show the average home user needs an
| average of 75 patches from 22 different
| vendors to be fully secure. The complexity
| of patching means that most users are not
| even in the race, meaning that hackers
| hoping to exploit software vulnerabilities
| to infect vulnerable systems stay well ahead
| of the game.
|
| Matters are further complicated by the
| variety of different update mechanisms
| applied by differing suppliers.
`----
http://www.theregister.co.uk/2010/03/07/windows_patching_pain/
Open Source and Security: Are there Limits?
,----[ Quote ]
| It's an interesting question, which applies
| to many other areas that have hitherto
| depended on security by obscurity. Once you
| bring in free software, that won't work, at
| least not in the way it has. So the issue
| then becomes: how can these two aspects be
| squared?
`----
http://www.computerworlduk.com/community/blogs/index.cfm?entryid=2838
Recent:
One-third of Security Essentials users infected: Microsoft
,----[ Quote ]
| Almost a third of the customers who have
| installed Microsoft's free Security
| Essentials software have been found to be
| suffering from major malware infections.
`----
http://www.itwire.com/content/view/28745/53/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkuWAaYACgkQU4xAY3RXLo5IYQCfVgkcYoP1eQ1aGpvd/MsMveGD
UFgAn3guO17fc8UGFXYw6BLGsdorB5/G
=eVGY
-----END PGP SIGNATURE-----
|
|
