DigitMemo.com

Two labs of America’s top scientists have fallen for the oldest trick in the hackers’ book

A report featured on ABC News concluded that two nuclear labs had been “hacked.”  The true story is a bit more entertaining and the reveals that there is no threat to the country’s nuclear safety.  Real threats such as concerted “hacks” conducted by the Chinese against the U.S. government are certainly a concern, but the only thing dangerous about the compromise at these labs is the stupidity of a few scientists and workers at the plants.

The Oak Ridge National Laboratory (ORNL) in Tennessee and Los Alamos National Lab in New Mexico have made a habit of collecting the social security numbers, names, and birth dates of scientists who visit the plants.  The information is put into a database, which reads like a who’s who of America’s top scientists.

Click for more on The True Story: Two U.S. Nuclear Labs "Hacked" »

Mozilla has issued a fix for a bug found in an update issued earlier this week.

It is the first time ever Mozilla has released two versions of the open-source browser in the same week. When Mozilla released Firefox 2.0.0.10 Monday, it included a bug in its rendering canvas HTML elements. Canvas elements allow for dynamic, scriptable rendering of bitmap images in HTML.

“The bug affects a specific use case of the Canvas tag, which is not yet in wide use,” said Mike Schroepfer, vice president of engineering at Mozilla. “We used our standard process of releasing a beta to tens of thousands of users and had no reports of this issue prior to the full release of 2.0.0.10. Once we became aware of the issue, we worked overtime to address it.”

The new version, Firefox 2.0.0.11 is now available for Windows, Mac, and Linux for free download.

Click for more on Mozilla Swats Firefox Bug With a Patch »

Among the fixes Mozilla has released is a patch for the well-known flaw in how Firefox handles .jar files

Mozilla has released an update to its Firefox browser, fixing a widely publicized flaw in the open-source software.

The 2.0.0.10 update fixes a handful of memory corruption flaws that crash Firefox and a cross-site request forgery flaw that could give attackers a way to get unauthorized access to certain Web sites.

Click for more on Handful of bugs squashed in Firefox security fix »

14 vulnerabilities in the FLAC file format that affect a huge range of media players on every supported operating system (Windows, Mac OS, Linux, Unix, BSD, Solaris, and even some hardware players are vulnerable).

A number of vulnerable apps that use the open source libavcodec audio codec library, which in turn relies on the flawed libFLAC library. These vulnerabilities could allow a person of ill will to trojanize FLAC files that could compromise your computer if they are played on a vulnerable media player. eEye worked with US-CERT to notify vulnerable vendors.

Click for more on Multiple FLAC Vulnerabilities Affect Every OS »

Seagate Maxtor Basics Personal Storage 3200 external HDDs get hit with the Virus.Win32.AutoRun.ah virus

The hard disk drive (HDD) market is a relatively boring one. Sure, there are capacity increases in the mobile and desktops sectors every once in a while, but spindle speeds have stayed relatively the same — HDDs don’t exactly have the same sex appeal as quad-core processors or high-end graphics cards.

Seagate, however, is making news these days not for how fast or capacious their new drives are; but for what’s included on them from the factory. Seagate is warning customers that a small batch of its 500GB Maxtor Basics Personal Storage 3200 external drives shipped with the Virus.Win32.AutoRun.ah virus. The company blames a Chinese sub-contract manufacturer for the problem.

Click for more on Seagate Serves External HDDs with a Side of Virus »

The November security updates fix the so-called URI problem, a critical Windows bug that has been exploited by online criminals.

Microsoft has released its November security updates, fixing a critical Windows bug that has been exploited by online criminals.

Microsoft released just two security updates this month, but security experts say that IT staff will want to install both of them as quickly as possible. The MS07-061 update is particularly critical because the flaw it repairs has been seen in Web-based attack code, said Amol Sarwate, manager of Qualys’s vulnerability research lab. “This was a zero day [flaw] that was being used in the wild by hackers,” he said

Click for more on Patch Tuesday: Microsoft Fixes Critical Windows Bug »

Hurry, free anti-spyware protection from ZoneAlarm, a $29.99 value. Promotion runs till Nov 14th 5pm PST.

Check Point® Software Technologies Ltd. (Nasdaq:CHKP - News), the worldwide leader in securing the Internet, is today advising PC users to immediately update their Microsoft Windows operating systems, Internet Explorer 7 browser and all security programs to thwart new vulnerabilities that may allow a hacker to gain control of a PC. The company also announced a special 24-hour promotion whereby consumers can download ZoneAlarm Anti-Spyware, a $29.95 value, for free at http://www.zonealarm.com/patchtuesday .

For the next 24-hours, Check Point will give away ZoneAlarm Anti-Spyware free of charge. Users must provide a valid email address (one product per email address). The offer expires at 7 a.m. PST 5 pm PST on Wednesday, Nov. 14. The company also is currently offering a free download of its brand-new ZoneAlarm ForceField virtual browser, another layer of protection available to consumers.

Click for more on Free ZoneAlarm Anti-Spyware for 24-Hours »

Trend Micro’s security software spans over a huge repertoire of operating systems and Internet browsers, and now it has become the first to bring similar Web safety tools to the PS3.

Trend Micro Web Security for PS3 launches today, and according to Trend Micro it is the first product of its kind for a gaming console.

Click for more on Antivirus for Playstation 3 from Trend Micro »

You should never have to choose functionality over security

Mozilla Firefox is a small, fast and very easy to use browser that offers many advantages over other web browsers, such as the ability to block pop-up windows and the tabbed browsing.

The 2.0.0.8 release fixed some 200 issues, but accidentally regressed a few things. Most users won’t see any difference or experience any problems, and those 200 fixes make the 2.0.0.8 update very valuable, but you should never have to choose functionality over security. So here is the 2.0.0.9 update to address them. The specific problems are:

• Bug 400406 - Firefox will ignore the “clear” CSS property when used beneath a box that is using the “float” property. There is a temporary workaround JS/CSS code available for web developers with affected layouts.
• Bug 400467 - Windows Vista users will get “Java not found” or “Java not working” errors when trying to load Java applets after updating. To fix this, users can right-click the Firefox icon and “Run as administrator”, then browse to a page with a Java applet — doing this once will fix the problem and permanently restore Java functionality.
• Bug 396695 - Add-ons are disabled after updating. Users can fix this problem by opening their profile folder and removing three files (extensions.rdf, extensions.ini and extensions.cache)
• Bug 400421 - Removing a single area element from an image map will cause the entire map to disappear. There is no workaround available at this time.
• Bug 400735 - Some Windows users may experience crashes at startup. There is no workaround available at this time.

Microsoft is warning users to avoid suspicious websites and emails after attacks were reported on an unpatched flaw in Internet Explorer 7.

The company would not provide exact figures, but said that a “limited number ” of attacks had been reported.

The attacks target a vulnerability in IE7’s handling of the uniform resource indicator (URI) commands used by browsers to launch third-party applications.

Microsoft disclosed the vulnerability on 10 October, explaining that it arises when the browser fails to check malformed URI instructions in Windows XP and Server 2003. Windows Vista is not believed to be vulnerable.

Click for more on Attackers take aim at IE7 unpatched flaw »