PhoenixDzine

Microsoft released another heap of patches today, twelve to be exact. Two of the more interesting patches resolve Internet Explorer vulnerabilities.

The first of the two Internet Explorer issues is documented as CVE-2011-0096, addressing XSS-identical results due to a flaw in the browser’s code.

The patch arrives eleven days after the Microsoft advisory release providing some sort of mitigation along with a “Fix it” installer. And it arrives 24 days after the Chinese zine release date. The writeup was originally authored by d4rkwind and added to a 5th edition Chinese mag “Ph4nt0m Webzine 0x05”.

Those of us not enjoying online translations of the web page can find interesting details of the exploit here.

According to its CVE entry,

A new version of the Android Market has just been launched, making it possible for every device owner to look for applications, buy or even remotely install apps to an Android device directly from the browser on a desktop computer. Wait, remotely install? Have we misheard something?

No, it’s an official feature of the brand new market. If you use an Android device, it means that you have a GMail account associated with your device, and now you can remotely install any application from the Android store. You just need to:

• log in to the market with your GMail account associated with your smartphone;

• choose any application you would like to install;
• click to the ‘Install’ link;
• carefully read all the permissions required by the application;

It’s February, and that means Valentine’s Day-related spam. Lots of it! There are already loads of adverts offering expensive alcohol and chocolates, jewellery and leather goods, romantic trips for two etc.

Other goods that are traditionally advertised in spam, such as fake designer watches and Viagra, have also exploited the Valentine’s Day theme to grab the attention of email recipients. The spammers appear convinced that there’s no better time than 14th February to increase your libido or buy cheap replicas of designer watches:

So far, this year’s Valentine’s Day spam has been mostly harmless, but we would like to warn our readers once again that the first half of February usually sees a surge in malicious links appearing in emails that appear to be for virtual greeting cards. So, be careful if you receive an e-card – make sure it has come from a genuine source before clicking any links.

Kaspersky Lab will be following developments closely in the run-up to Valentine’s Day.

After an amazing weekend in Erfurt, Germany I’m back to an even colder Sweden. This weekend I participated in the annual Kaspersky Student Conference: IT-Security for the Next Generation (European Cup). This is a conference where we at Kaspersky invite students who have submitted interesting and innovative research papers to come and present them. So we don’t just read about their research, but also get the chance to meet them face to face and share some of our research.

As a participant from Kaspersky I was also a speaker at the event. During the two days I gave one speech about the false perception that Unix/Linux based operating systems do not need any protection against malicious code. To demonstrate my points I also invited everyone to a workshop where they had achance to get their hands on this topic practically.