Security Quest #1a: Introduction and Catching Up

I’ve been running another site called the Spam Chronicles which was last updated after Patch Tuesday in August. I’ve accepted that I don’t have time to keep both sites up to date. So, long story short – I’ll stop even thinking about updating the Spam Chronicles and will instead incorporate the new content here when it’s appropriate. The current Spam Chronicles will stay up, no reason to pull it down. (The site has been shut down.) When winter sets in I may find time to do a redesign.

A new feature here will be the Security Quest postings. I plan to do these every Wednesday (or so) since that gives me one easy topic each month – Microsoft Patch Tuesday. Today’s patch Tuesday information is in Security Quest #1b which will follow shortly. This one will serve as a round-up for news and information.

Software Updates

WordPress 2.2.3 is a security and bug fix release.

iTunes 7.4 (now 7.4.1) contained a security update which wasn’t mentioned in the download notification. If you get music files from unknown sources you should apply the update. If you only rip commercial CDs or download from iTunes you can hold off.

Lavasoft recently update Ad-Aware to work with Windows Vista. This includes the free version.

BitDefender recently updated the free version of their anti-virus software to version 10.

Security Information, News and Discussion

Skype is reporting that a worm is being spread through Skype for Windows. The worm spreads through the chat feature. via Wired Compiler Blog

Ars Technica has the story of Swedish security researcher that used TOR (The Onion Router) to collect password for embassy employees. TOR is used for anonymous Internet communication. He ran a sniffer on some tor exit nodes operated by his company. Unfortunately tor users probably didn’t realize their traffic was exposed to tor operators. A little encryption would help.

Ars Technica is also reporting an increase in botnet attacks on eBay users with the goal of stealing their eBay identity.

Mac OSX Hints tells us how to secure our Wireless connection at Starbucks. (Haven’t tried this myself, not being a T-Mobile user) via Lifehacker.

Tech.Blorg.com has the story of the Quechup social network using questionable techniques to get users. They want to make YOU the spammer. They will ask for you email address and password (for common email systems like GMail) and then send invites to every member of your address book and send them under your name. First, never give anyone your password. Second, avoid Quechup. Hopefully the company will fail.

It’s legal to call spyware “spyware”. Techdirt has an article about a lawsuit against anti-spyware vendors being dismissed.

Slashdot has a discussion of the Ophcrack opensource Windows password cracking program.

Microsoft Patch Tuesday news will be in the next post.