The Dirtiest Sites

It's not about adult content - although plenty of adult sites are on the list. This compilation of the Top 100 Infected Sites, by Norton Safe Web, shows some websites that you may not want to visit. (Note that I use something other than Norton Antivirus myself.)

Facebook Malware

Security researcher Rik Ferguson at Trend Micro discovered a number of Facebook apps that were actually malware. Use them, and they would steal your credentials and immediately begin spamming your friends with bad links. (One of my Facebook friends ran afoul of one of these, because I got some of the spam.) Facebook has disabled the bad apps, so for the moment you have nothing to fear. However, there will probably be some new threats popping up soon.

Top Site in Safari May Be Bad Site

Apple Safari 4 for OS X 4 and 5 has a new feature called Top SItes, that lets users see their top sites quickly. Unfortunately, the feature has a bug that may let a malicious website nominate itself for the list, which can then be used for a phishing attack. Safari 4.0.3 fixes this by keeping automated visits from affecting the Top Sites listing. Read more about the Safari security fix.

Microsoft Finds a Bug in Windows Media

A bug in the way Microsoft Windows handles Windows Media files may allow an attacker sneak in hostile code via AVI files. This can affect all versions of Windows from 2000 to Vista. Microsoft has patch information here.

Nine Security Bulletins from Microsoft in August

Microsoft released nine security bulletins on "Patch Tuesday". Five of them were critical, four important. There will be some individual coverage on the BugBlog, but all the gritty details are at the Microsoft Security Center.

Adobe Becomes More of a Target

ZD Net points out that security weaknesses in Adobe products are becoming an increasing target of cyber-attackers. What is significant about that is that most computer users have either Adobe Reader or Adobe Flash Player, or both, on their systems. That makes security holes in those programs a fat, juicy target.

TypePad and Twitter Aren't Sharing

According to the tech support people at TypePad, some of the features that allow you to share posts from your blog, such as this one, to your Twitter account are encountering difficulties because of the recent cyber attacks on Twitter. On the TypePad, bloggers are seeing the erroneous message that their Twitter password is wrong. TypePad and Twitter are working on it, but don't have a fix yet.

Security Problems in XML Libraries

The Computer Emergency Response Team of Finland (CERT-FI) warns that a number of popular XML libraries may have security bugs. When unexpected values are found in XML elements, it may trigger loops, or memory out of bounds errors. Attackers may be able to use these to cause denial of service attacks at the very least, or launch hostile code at the worst. Some of these libraries include Python libexpat, Apache Xerces, and the Sun JDK and JRE 6 Update 14 or 19. Keep an eye here for update and patch information. (While they are Finnish, they have excellent English-language versions of their bulletins.)

Watch Out for Fake BSODs

Watch out for fake Blue Screens of Death (BSOD). Some malware attacks are triggered by a web page designed to look like a Windows error message. The attackers try to trick you into downloading "security software" that actually delivers malware. The ZD Net Security Blog shows an example.

Microsoft Patches IE - All of them

MIcrosoft has issued out-of-cycle security patches for Internet Explorer 5 through 9. This is to patch serious memory corruption bugs that may allow an attacker to take over your computer. "Out-of-cycle" means Microsoft didn't want to wait two weeks for Patch Tuesday, the normal second Tuesday of the month when they normally release their security bulletins. That indicates the seriousness of the bugs. Read more from Microsoft here.