ep's blog

Canadian Privacy Commissioner Unveils New Tools to Help Young Internet Users Protect Their Privacy


I think that the materials that the Privacy Commissioner of Canada is promoting are great.  Everyone should follow the advice they present to teach their families about online privacy.  Here are the links to three great tools they have launched on their www.youthprivacy.ca website.

APPLE-SA-2011-04-18-1 iTunes 10.2.2 for Windows


"iTunes 10.2.2


Available for: Windows 7, Vista, XP SP2 or later

Impact: A man-in-the-middle attack may lead to an unexpected
application termination or arbitrary code execution

Description: Multiple memory corruption issues exist in WebKit. A
man-in-the-middle attack while browsing the iTunes Store via iTunes may
lead to an unexpected application termination or arbitrary code execution.


Leaked version of Skype for Android leaks sensitive data


Leaked copies of Skype for Android with video-conferencing capabilities
have been floating around. Before using, note that there is no security
of any kind on your personal & login information. It is literally stored
in text files with world-readable permissions. However, PCI DSS was
followed, so Credit Card information is safe.

Adobe to Patch Flash Zero Day on Windows, Mac on Friday, April 15, 2011


Thanks to Kevin for the heads up.

"Adobe is planning to patch the recently disclosed Flash Player
vulnerability on Friday for users on Windows, Mac OS X and Linux. The
vulnerability is being used in targeted attacks right now that use
malicious Word documents.

Horde IMP Webmail 'fetchmailprefs.php' HTML Injection Vulnerability


"Horde IMP Webmail is prone to an HTML-injection vulnerability because
it fails to sufficiently sanitize user-supplied data before it is used
in dynamic content.

Attacker-supplied HTML or JavaScript code could run in the context of
the affected site, potentially allowing the attacker to steal
cookie-based authentication credentials and to control how the site is
rendered to the user; other attacks are also possible.

VMware vmrun utility local privilege escalation


"The VMware vmrun utility is susceptible to a local privilege escalation
in non-standard configurations."

All users of the vmrun utility should visit the advisory and see if
his/her instance is susceptible. If so, it is critical to update the
software through the links provided in the advisory.