Fake Microsoft Security Bulletin?

According to a Network World bulletin, what appears to be an urgent Microsoft security bulletin may actually be Mozilla Firefox malware. Read more about it here.

More on Minimizing Password Damage from Gawker

Infoworld  has more on the security breach at the Gawker sites, and what you can do to minimize any potential damage you may be facing. Read it here.

IE 8 and the SmartScreen Filter

If you are using MIcrosoft Internet Explorer 8 on a Windows XP, Windows Vista, or Windows 7 computer, there is a chance that your personal data can be exposed. Microsoft has an automated fix that scans your computer, sees if this is a problem, and fixes it. See the details.

If You Make Enemies, Keep Tight Security

If you have a bunch of blogs that annoy people, such as the Gawker Media empire, then it's a good idea to have very good security. That way, it will be difficult for people to hack in and steal all your passwords. Unfortunately, that is what happened at Gawker. If you are a registered user with them, you want to change your password.

Firesheep In Action

The blog Technology Sufficiently Advanced gives a real-life demonstration of the dangers of using public Wi-Fi when Firesheep is around.

More on Firesheep

While the headlines talk about Firesheep making Facebook and Twitter vulnerable, this hijacking tool can actually be used against plenty of sites, as long as you are accessing them via an open WiFi network. This Computerworld article talks about some defenses that can be used, although there is no simple fix (other than not using open WiFi.)

Facebook, Twitter and Other Sites Vulnerable to Firefox Extension

TechCrunch and other sites are talking about a Firefox extension that will let you eavesdrop on open WiFi connections and capture log-in information. The extension, called Firesheep, appears to be very simple, but powerful. "Anytime you’re using an open Wi-Fi connection, anyone can swiftly access some of your most private, personal information and correspondence (i.e. direct messages, Facebook mail/chat)— at the click of a button. And you will have no idea." You can also read more at ComputerWorld and SlashDot. The real issue is that there is now an easy tool to do this kind of snooping.

The Dirtiest Sites

It's not about adult content - although plenty of adult sites are on the list. This compilation of the Top 100 Infected Sites, by Norton Safe Web, shows some websites that you may not want to visit. (Note that I use something other than Norton Antivirus myself.)

Facebook Malware

Security researcher Rik Ferguson at Trend Micro discovered a number of Facebook apps that were actually malware. Use them, and they would steal your credentials and immediately begin spamming your friends with bad links. (One of my Facebook friends ran afoul of one of these, because I got some of the spam.) Facebook has disabled the bad apps, so for the moment you have nothing to fear. However, there will probably be some new threats popping up soon.

Top Site in Safari May Be Bad Site

Apple Safari 4 for OS X 4 and 5 has a new feature called Top SItes, that lets users see their top sites quickly. Unfortunately, the feature has a bug that may let a malicious website nominate itself for the list, which can then be used for a phishing attack. Safari 4.0.3 fixes this by keeping automated visits from affecting the Top Sites listing. Read more about the Safari security fix.