WordPress 3.0.4 critical security update

Version 3.0.4 of WordPress is a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES.


Certain unspecified input is not properly sanitized in the KSES library before being displayed to the user, according to Secunia.

This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site when the malicious data is being viewed.

This is a critical release, available immediately through the update page in your dashboard or for download here.

Older Facebook apps threaten your and your friends' privacy

Facebook users that are concerned with keeping their privacy have probably become more careful with the years about adding applications to their account, since many ask access to more information they are willing to provide.

But two, three years back - before Facebook was forced to give users more privacy control over each application used - applications asked for a lot more information in order to function than they do now. And all the users that use older versions of various applications are still giving it access to all that information that was agreed on before, reports Vanessa Dennis.

Take the YouTube App as an example, and see what information it asked access to before and what it asks now:


As you can see, before it could access practically all your information, post to your Wall and even access your friends' information. Unfortunately, that means that all the "Facebook" friends that are using any of these "older" applications are giving it access to your information - and vice versa.

If you are at all concerned about this, it's best to review every application you have on your account. Go to Privacy Settings/Apps and Websites, then click on the "Edit Settings" button and on each application individually to review their specific privacy settings. If you are not satisfied with them, delete the application and think twice about adding it again. Then send this article to your friends and ask them to do the same.

Fake iTunes e-mail leads to drive-by download

E-mails purportedly coming from iTunes and bearing "iTunes account may be suspended" in the subject line have been hitting inboxes in the last few days.

"Dear iTunes Customer, it is possible that your account password has been stolen. 4 different IP addresses have been used to login to your account within the last 24 hours. Please visit the bellow link and read what to do and how to contact support department," says in the message.

At first glance, this seems a typical phishing e-mail. But no - "iTunes will never ask you for your password or any confidential information," claims the e-mail, and perhaps gains the trust of some users who then proceed to click on the link.

They land on a fake Apple support page, and it doesn't ask them to share any confidential information:

But, unbeknownst to them, the site silently serves a malicious script that tries to exploit vulnerabilities in older versions of Java and Windows Help to gain access to the system and download and install malware. Users that patch their OS and software regularly are safe from this attack.

Worm blocks access to Facebook

A relatively new worm that Symantec named W32.Yimfoca presents a very interesting and never before seen modus operandi.

A variant of the worm spreads via Yahoo! Messenger and, once installed, downloads and installs W32.Yimfoca on the target system. Lately, it has been noticed that it specifically targets Facebook users by denying them access to their accounts if they don't complete a survey.

Every time the user lands on the Facebook homepage, a window offering the surveys pops up:


Also, while the victim fills out the survey, a progress bar is shown accompanied by a "threat" - "You have only 3 minutes to fill out the selected survey or you will not have access to your account."

Once you have completed a survey - which, by the way, earn the scammers up to $1 per survey - you can access your account. If you don't do it within 3 minutes, the worm will not allow you to access the account while it's running - and it resets even after a reboot of the infected computer.

It is also interesting to note that the worm blocks access to Facebook only if you use Internet Explorer. Using any other browser fails to trigger the worm and you can access your Facebook account without being sidetracked by annoying pop-ups.

Skype Global Outage

Skype is experiencing a massive worldwide outage today. The last major outage was in 2007, in a story that I broke and it lasted a day. They also had a DNS issue back in 2004. Not exactly good timing with the impending IPO and people wanting to wish each other Merry Christmas in 3 days.

This is according to Skype:

Earlier today, we noticed that the number of people online on Skype was falling, which wasn’t typical or expected, so we began to investigate.

Skype isn’t a network like a conventional phone or IM network – instead, it relies on millions of individual connections between computers and phones to keep things up and running. Some of these computers are what we call ‘supernodes’ – they act a bit like phone directories for Skype. If you want to talk to someone, and your Skype app can’t find them immediately (for example, because they’re connecting from a different location or from a different device) your computer or phone will first try to find a supernode to figure out how to reach them.

Under normal circumstances, there are a large number of supernodes available. Unfortunately, today, many of them were taken offline by a problem affecting some versions of Skype. As Skype relies on being able to maintain contact with supernodes, it may appear offline for some of you.

What are we doing to help? Our engineers are creating new ‘mega-supernodes’ as fast as they can, which should gradually return things to normal. This may take a few hours, and we sincerely apologise for the disruption to your conversations. Some features, like group video calling, may take longer to return to normal.

Stay tuned to @skype on Twitter for the latest updates on the situation – and many thanks for your continued patience in the meantime.

Skype Outage Lesson: Don't Rely On Consumer Services For Business Functions.

Apple Releases Patch For 15 QuickTime Vulnerabilities

For those of you out there who are running QuickTime on your Macs or PCs, a new version has been released which fixes 15 different security vulnerabilities. Of the bugs fixed, 14 were touted with the ability to "lead to an unexpected application termination or arbitrary code execution" according to Apple. The final flaw which only affects those running the movie player on Windows, could potentially allow access to a portion of the user's profile.

In a security advisory released by Apple this past Tuesday, the 15 patched vulnerabilities are described. There are multiple file types which can be used to cause different flavors of memory overflows in the QuickTime software. These file types are JP2, avi, movie, FlashPix, Gif, PICT, and QTVR. When one of these files is "maliciously crafted," it can be used to overflow various heap buffers and initiate uninitialized memory access. Apple has implemented better bounds checking and improved file handling when those files are found to be corrupted. Only QuickTime 7.x was affected by this security bulletin. That means that users running Snow Leopard and QuickTime X will not be affected. Earlier versions of OSX and all Windows (XP, Vista, and 7) are affected.

This is yet another example of how no operating system is completely virus-proof. While there is no evidence of any of these vulnerabilities being exploited in the wild, they certainly could have been. Seeing how Apple's market share has grown exponentially in the last few years, with Mac taking over college campuses around the country, it is certainly time to stop calling Mac a 'virus-proof' alternative to Windows. The only reason there are not more viruses for Apple products is because there are so many more Windows users to target. As the Mac user base increases, so will the interest in Mac viruses.

Tracking a pirated software license

When Avast Software spotted a license for its avast! Pro Antivirus software being distributed online, they decided to do a simple experiment - they didn't take any action that would curb its spread, and simply monitored how many time the license will be used to register the software.

The license spread virally via file-sharing sites and has been detected on a number of warez sites around the world. After nearly a year and a half, 774,651 active users were tracked through their IP address, and it turns out that the software had been installed in more than 200 different countries - from Afghanistan to Zimbabwe, Russia to Brazil, USA to the (unexpected!) Vatican City.

Avast Software is currently in the process of "converting" these users - they are actually trying to turn this experiment into a marketing opportunity. The following notice pops-up on the users' screen:


Upon pressing the "Fix this situation" button, they are notified that they will be cut off from virus database updates, but that they have a choice of converting to avast! Free Antivirus or buying avast! Pro Antivirus.

How new Facebook user profiles impact privacy

Facebook today announced its New Profile, designed to help users share their experiences, discover common interests and highlight meaningful relationships. The service will be rolled out across Facebook’s 500 million accounts over the coming months.

According to a Facebook blog, the new feature encourages users to, “Give a more complete picture of how you spend your time, including your projects at work, the classes you take and other activities you enjoy (like hiking or reading). You can even include the friends who share your experiences."

Users should think carefully about how much information they are willing to share using this new service. Information about users’ life and lifestyle is much more use to identity thieves, cyberscammers and fraudsters than it is to the average person that might be a friend on Facebook.

“Adding features to facilitate sharing updates, interests and photos may be appealing to some Facebook users, however people need to be wary about how much personal information they’re willing to give away online,” said Carole Theriault, senior security consultant at Sophos.

“Many Facebook users are online ‘friends’ with complete strangers and so we’d advise Facebook users to consider their privacy settings, make sure they’re only sharing information with people that they know and trust and to think carefully about how much personal information they want to make public.”

Twitter accounts spreading malicious code

Cybercriminals are exploiting Twitter to spread malware using festive-themed messages, according to PandaLabs. Using methods akin to black hat SEO techniques, hackers are taking advantage of trending topics to position malware distribution campaigns.

As the holiday period has begun, topics such as "Advent calendar," "Hanukkah" or even "Grinch," are among the most popular subjects used by hackers to entice users.

Thousands of tweets have been launched using holiday-related phrases, such as "Nobody cares about Hanukkah," or "Shocking video of the Grinch," along with short URLs pointing to malicious websites.


Users who click the link will be taken to a page that infects systems with false codecs. These exploit a security hole in PDF files and try to trick users into downloading a codec that is really a downloader Trojan, which in turn downloads more malware onto the compromised computer.


In addition to subjects related to Christmas, cyber-criminals are using other hot topics to spread their creations, including the Sundance festival, the AIDS campaign, the Carling Cup and tweets about the actor Morgan Freeman.

With the increased risk over the holiday period, PandaLabs offers users a series of practical security tips for using social media:

1. Don't click suspicious links from non-trusted sources. This should apply to messages received through Twitter, through other social networks and even via email.

2. If you click on the links, check the target page. If you don't recognize it, close your browser.

3. Even if you don't see anything strange in the target page, but you are asked to download something, don't accept.

4. Install all available operating system updates and patches. Cyber-criminals are particularly skilled at exploiting critical vulnerabilities in operating systems and commonly used applications. Computer users are often silently redirected to a website with a carefully crafted malicious payload that leaves the computer infected with data-stealing malware or extortion-based threats. In addition to updating your system, you should update Adobe Flash, Adobe Reader and Java software, which are all commonly targeted by cybercriminals.

5. If you do download or install an executable file and the PC starts to launch messages or behaves strangely, there is probably malware on your computer. In this case, you should check your computer with a free online scanner.

6. As a general rule, make sure your computer is well protected to ensure that you are not exposed to the risk of infection from any malicious code.

Malicious Kodak Galleries used for serving Trojan

A variant of a highly specialized Trojan has appeared on fake sites mimicking Kodak Gallery pages, where potential victims are urged to download software that would supposedly allow them to watch the offered slideshow, but actually creates a folder with configuration files and copies a few executables into the System32 folder.


But before doing that, it actually does show the users a slideshow of car pictures, which acts as a smokescreen in order to hide the malicious activity.

Further research by Sunbelt's experts reveals that the fact that the pictures are of a car might not be so random. The Bayrob Trojan - of which this is a variant - has had a history of targeting eBay users, especially those buying motors and cars since that means that bigger amounts of money are involved. The Trojan spoofs various eBay pages and tries to trick the users into parting with their money.

This particular variant has a very low detection rate, so be careful when checking out links that you find on forums or receive in spam e-mails - or even in e-mails and instant messages seemingly coming from a friend.