ID: IRCNE2012071557
Date: 2012-07-17

According to "zdnet", over on Skype's Support Network, a handful of users started to complain about an odd occurrence in a thread titled "Skype text messages I received have gone to another contact."
Five other individuals of the Microsoft-owned program confirmed they were also seeing instant messages being sent to the wrong person from their contact list. Sometimes it's just a few messages, while other times it's a whole conversation.
So Skype began to look into the issue. "Thanks for your reports and sorry for the inconvenience caused by this," a Skype spokesperson said in a statement. "We are currently investigating and hope to provide a solution for this soon."
"We are rolling out a fix for this issue in the next few days and will notify our users to download an updated version of Skype", a Skype spokesperson told Engadget.
Since this appears to be related to a June 2012 update to Skype, it may be that all those on older versions are unaffected. Still, it's unclear how many users are experiencing this or how many incorrect instant messages have been sent. After all, five out of the six users who complained about it on the forums signed up just to confirm they were having problems.

ID: IRCNE2012071556
Date: 2012-07-17

According to “TechWorld”, Google has quietly changed the way Chrome browser adds extensions, blocking automatic installs from all but those downloaded through the company's Chrome Web store.
The motivation for the modification is security. Previously, extensions could be installed by any website without user intervention, an obvious boon for malicious attacks.
“In the latest version of Google Chrome, you must explicitly tell Chrome that you want to install these extensions by adding them through the Extensions page,” Google said, a way of forcing users to pay attention to non-approved software.
“Online hackers may create websites that automatically trigger the installation of malicious extensions. Their extensions are often designed to secretly track the information you enter on the web, which the hackers can then reuse for other ill-intended purposes.”
Anyone who tries to add an extension outside the Web Store will receive the message, "Extensions, apps, and user scripts can only be added from the Chrome Web Store. Learn more."

In pointing users towards its Store, Google will focus on filtering software added there for suspect code.
Individuals or companies hosting legitimate extensions on their own websites will need to add these to the Store or use inline installation (where apps appear to be hosted on a site but are actually on Google's Store).

ID: IRCNE2012071555
Date: 2012-07-17

According to “CNet”, a recent update to Symantec's antivirus software rendered some Windows-based PCs inoperable, the security software maker disclosed Friday.
An update earlier in the week to Symantec Endpoint Protection 12.1 antivirus software for businesses caused some Windows XP-based computers to crash repeatedly with a "blue screen of death," the company revealed on its Web site.
"On July 11th, 2012 Symantec Security Response started receiving reports of customers experiencing blue screens after applying the July 11th revision 18 definitions," Orla Cox, of Symantec Security Response, wrote in the post. "Machines may continue to blue screen after they reboot. This problem only appears to occur on Windows XP machines."
In an update, the company said the crashes were limited to XP machines running Endpoint Protection 12.1 and certain software from Norton. Once the cause was identified, Symantec issued a rollback of signatures on Thursday, the company said.
"Although we are not providing compensation packages, we are working around the clock to provide information on remediation and technical support to help customers address this issue," Symantec spokesperson Ellen Hayes told CNET. "This includes reaching out to customers directly to offer technical assistance who have posted comments to our online community seeking help."

ID: IRCNE2012071554
Date: 2012-07-17

According to "cnet", a major update to Panda Cloud Antivirus today provides more robust protection for fans of the lightweight security suite.
Available exclusively today from CNET Download.com, Panda Cloud Antivirus Free 2.0 (download) and Panda Cloud Antivirus Pro 2.0 (download) bring some welcome changes to Panda's security alternative. The Pro version now comes with a firewall that leverages Panda's community network and uses intrusion prevention signatures.
In version 2.0, people with Cloud Antivirus Free get access to the behavioral analysis engine that had previously been only in the Pro version. Other improvements in both versions include a better exposure of how Cloud Antivirus protects you when you're offline, a cloud-based disinfection protocol, and dramatic improvements in scan benchmarking. Panda representative Pedro Bustamante said that the scans in 2.0 are about "50 percent" faster than in version 1.6.

شماره: IRCNE2012071553
تاريخ: 24/04/91

Phandroid بلافاصله پس از كشف هك شدن سرور ميزبان سايت فروم اندرويد، به كاربران فروم­هاي خود توصيه اكيد كرده است كه كلمات عبور خود را تغيير دهند.
داده­هاي لو رفته شامل نام­هاي كاربري، آدرس­هاي ايميل، كلمات عبور درهم­سازي شده و آدرس­هاي IP بيش از يك ميليون كاربر اين فروم­ها مي­باشد. كاربران براي تغيير كلمه عبور مي­توانند به UserCP مراجعه كرده و يا از لينك فراموش كردن كلمه عبور استفاده نمايند. مطابق معمول در صورتي­كه از آدرس ايميل و كلمه عبور مشابه فروم اندرويد براي حساب­هاي كاربري ديگر خود نيز استفاده مي­كنيد، بايد آنها را نيز تغيير دهيد.
يكي از مديران اندرويد اظهار داشت كه سرور ميزبان Androidforums.com مورد سوء استفاده قرار گرفته و پايگاه داده هاي اين وب سايت مورد دسترسي قرار گرفته است. به گفته وي، روش مورد استفاده براي جمع­آوري داده­ها شناسايي شده و مشكل مربوطه رفع شده است.

شماره: IRCNE2012071552
تاريخ: 24/04/91

اوايل هفته گذشته، هكرهاي گروه D33ds ادعا كردند كه مسئول حملات عليه سرويس ياهو هستند و 450000 اعتبارهاي ورود به سيستم را افشاء كرده اند. آن ها از يك آسيب پذيري تزريق SQL در سرويس ياهو سوء استفاده كرده اند تا نام هاي كاربري و رمز هاي عبور مربوط به 450000 حساب كاربري را به سرقت ببرند. اين گروه رمز هاي عبور و آدرس هاي پست الكترونيكي را بر روي وب منتشر كردند. پس از آن ياهو تاييد كرد كه حساب هاي كاربري به خطر افتاده است، اما تنها 5 درصد اعتبارنامه ها معتبر بوده اند.
هم چنين ياهو تاييد كرده است كه اعتبارنامه هاي حساب هاي به سرقت رفته متعلق به كاربراني است كه حساب هاي ياهو خود را در Yahoo Contributor Network ثبت كرده اند.
جالب توجه است كه در آخرين بيانيه اي كه ياهو منتشر كرد، تعداد حساب هاي كاربري كه افشاء شده بود 40000 حساب بود. اگر شما داري حساب كاربري ياهو هستيد، بايد رمز عبور خود را تغيير دهيد. علاوه بر اين اگر از آدرس پست الكترونيك ياهو و رمز عبور آن براي پست هاي الكترونيكي ديگر استفاده مي كنيد، آن ها را نيز تغيير دهيد.

شماره:IRCNE2012071551
تاريخ: 24/04/91

بنا بر اطلاعات منتشر شده در وب سايت اوراكل، اين شركت قرار است روز سه شنبه 24 تيرماه، اصلاحيه اي را براي برطرف كردن 88 آسيب‌پذيري در محصولات مختلف اين شركت عرضه كند.
برخي از حفره‌هاي امنيتي بر بيش از يك محصول اثر مي‌گذارند و به كاربران اوراكل توصيه شده است تا اين اصلاحيه ها را در اولين فرصت ممكن نصب نمايند.
چهار اصلاحيه مربوط به پايگاه داده اوراكل مي‌شود. سه عدد از آسيب‌پذيري‌ها مي توانند بدون نياز به وارد شدن به شبكه توسط هكرها مورد سوءاستفاده قرار گيرند.
اوراكل همچنين قرار است 22 اصلاحيه را براي خانواده Middleware منتشر سازد كه هشت عدد از آنها مي توانند بدون نياز به نام كاربري و كلمه عبور، از راه دور مورد سوءاستفاده قرار گيرند.
25 اصلاحيه ديگر نيز براي برطرف ساختن ضعف‌هاي امنيتي در خانواده محصولات Sun از جمله نرم‌افزار سرور GlassFish و سيستم عامل سولاريس، منتشر خواهند شد.
اين بسته اصلاحيه همچنين حاوي شش اصلاحيه براي پايگاه داده MySQL است. بنا بر گفته اوراكل هيچ كدام از اين آسيب‌پذيري‌ها نمي‌توانند بدون داشتن نام كاربري و رمز عبور از راه دور مورد سوءاستفاده قرار گيرند.
اوراكل معمولاً هر سه ماه يك بار اصلاحيه اي را براي برطرف ساختن ضعف‌هاي امنيتي در محصولاتش منتشر مي‌سازد. اوراكل همچنين اصلاحيه‌هايي را به صورت منظم براي زبان برنامه‌نويسي Java SE منتشر مي‌سازد كه زمان‌بندي آن كمي متفاوت است.

اخبار مرتبط:
انتشار 88 اصلاحيه امنيتي اوراكل در روز سه شنبه

ID: IRCNE2012071553
Date: 2012-07-14

According to “CNet”, Phandroid is urging members of its Android forums to change their passwords immediately after discovering that the server hosting the forum site was hacked this week.
The data includes the user names, e-mail addresses, hashed passwords, and registration IP addresses of the forums' more than 1 million users. To change your password, go to UserCP, or use the "forgot your password?" page. As always, if you use the same e-mail address and password combination on other accounts, change those too.
A community manager for the site posted the news earlier this week, informing members that it may have been an attempt to grab e-mails. Phandroid will continue to investigate what happened.
"I have some unfortunate news to pass along," the post reads. "Yesterday I was informed by our sever/developer team that the server hosting Androidforums.com was compromised and the website's database was accessed. While the breach is most likely harmless, there are important and potential pitfalls, and we want to provide as much helpful information to our users as possible (without getting too technical)."
The post explains that the method used to get the data has been identified and resolved. The site's staff have been reviewing the database and file system for further issues.

ID: IRCNE2012071552
Date: 2012-07-14

According to "zdnet", earlier this week, the hacker group D33ds Company claimed responsibility for attacking a Yahoo service and exposing 450,000 plain text login credentials. It had exploited a basic SQL injection vulnerability in a Yahoo service to steal the usernames and passwords associated with 453,000 accounts. The group published the passwords and email addresses on the Web.
Yahoo then confirmed that the accounts were compromised, though it emphasized less than 5 percent of the credentials were valid. Yahoo also confirmed that the stolen account credentials belonged to registered users of its Yahoo Contributor Network, which was previously known as Associated Content.
Yahoo today closed the saga by fixing the flaw in question.
Interestingly, the last time Yahoo provided a statement, the number of compromised accounts was 400,000.
If you have a Yahoo account, you should change your password, just to be on the safe side. Furthermore, if you use the same e-mail address and password combination elsewhere, you should change it there as well.

ID :IRCNE2012071551
Date: 2012-07-13

IDG News Service - Oracle is planning to deliver 88 security fixes next Tuesday for a wide range of its products, according to a pre-release announcement posted to its website on Thursday.
A number of the bugs affect more than one product, and customers are advised to apply the patches as soon as possible, Oracle said.
Four fixes are for Oracle's database. Three of the database vulnerabilities involved can be exploited by an attacker over a network without the need for login credentials, according to Thursday's notice.
Oracle is also set to release 22 patches for its Fusion Middleware family, eight of which can be remotely exploited without a username or password, Oracle said.
The company uses the CVSS (Common Vulnerability Scoring System) to rank the seriousness of its patches. One of the fixes, for the Fusion Middleware product JRockit, has a CVSS score of 10.0, the highest on the scale.
Another 25 fixes cover weaknesses in Oracle's Sun product family, including the GlassFish application server and Solaris OS.
The patch batch will also deliver six fixes for the MySQL database. None of the weaknesses involved can be exploited remotely without credentials, Oracle said.
Other patches in the release include ones for Hyperion, Enterprise Manager Grid Control, E-Business Suite, Siebel CRM, PeopleSoft and Oracle Industry Applications.
Oracle releases patches for its applications, middleware and infrastructure software on a quarterly basis. The last set, issued in April, also included 88 bug fixes.
It also releases patch sets for the Java SE programming language periodically, but on a different schedule from that for its other products.

Related Topics:
Oracle to issue 88 security patches on Tuesday
Source:
http://www.computerworld.com/s/article/9229081/Oracle_to_release_88_security_fixes?taxonomyId=17