The Opera web browser has just been updated to version 9.62. The update includes two security fixes: the first fixes an issue where History Search could be used to execute arbitrary code, and the second ensures that the Links panel no longer allows cross-site scripting. The latest version of the program is available for download here.
The guys at BeamEcho, a Toronto Mac dealer and repair shop, have whipped up a short film of a new Mac virus that they have discovered. (Hint: it’s a Halloween special.) We thought we’d bring it to you here so you can see what may be in store for you if you’re not protected.
As you certainly know, your keyboard is an electronic device. It converts your physical movements (keypresses) into electrical signals to send data to your computer. As I type this sentence, the keyboard is changing my movements into codes that my Mac interprets as letters.
Naturally, this raises the question: do the electronic impulses that your keyboard generates travel through the air as well? Researchers at the Swiss Federal Institute of Technology (EPFL) in Lausanne, Switzerland decided to test this. They say that, “Wired keyboards emit electromagnetic waves, because they contain eletronic components. These eletromagnetic radiation could reveal sensitive information such as keystrokes.” And they have proven that this is the case. In their tests, they say that “We found 4 different ways … to fully or partially recover keystrokes from wired keyboards at a distance up to 20 meters, even through walls. We tested 11 different wired keyboard models bought between 2001 and 2008 (PS/2, USB and laptop). They are all vulnerable to at least one of our 4 attacks.” You can see videos of their experiments.
You may think that this is the stuff of James Bond, but imagine that you are in a hotel room, and in the next room someone has a keyboard sniffer. As you type your user names and passwords, the “spy” in the next room can intercept them. Does this sound like something out of an espionage novel? Actually, we can imagine something like this being used in hardball industrial espionage, among other things.
Here’s a tip, though, if you’re worried. When you need to type a user name and password, type a few letters of the former, then switch to the next field and type a few characters of your password. Go back and forth, and even add some incorrect characters and backspaces to delete them. Sure, this is overkill of 99% of us, but for that 1% for whom security is an absolute, it may be necessary.
Of course there’s another, much more secure solution: biometrics. Using, say, a thumbprint for logging onto computers and websites. That’s not common yet, but it may be the way to go in the future.
There’s a new trend out there designed to scam computer users: web sites that sell bogus software. Not only does the software not do what it claims to do, but the companies that sell this “software” get a hold of your credit card and can do even more damage to your bank account.
Intego has spotted one such company, claiming to sell Macintosh antivirus software. MacGuard claims the following:
Macguard’s high-tech system scanner will search your hard drive for malicious objects such as Adware, Spyware and Trojans, cleaning your files, eliminating the threats, and securing your privacy in just a matter of minutes. Its Real Time smart protection will also ensure new threats will not even reach your desktop.
But what’s interesting is that Winiguard claims exactly the same thing. Not only is that claim the same, but every word on the two websites is identical.
One way you can spot a fake is that when you click what is supposedly the product’s download link, nothing downloads. So you can see that there’s no software behind the web site. (On the Winiguard site, something does indeed download.) If you are gullible enough to purchase this software from a company you have never heard of, who has no references, and whose web site is vague and imprecise, it is likely that you will find additional charges on your credit card. ArsTechnica reports that more than 30 million people have been scammed by such software.
We all know that security is a serious risk when using a computer, and especially the Internet, but one should not blindly trust a web site just because it claims that its software will do something. Look for trustworthy, reliable software, such as Intego VirusBarrier, which, over the years, has proven itself. Trust the gatekeepers – the computer magazines and websites that test such software; Macworld said that “VirusBarrier X5 is the gold standard.”
As the saying goes, let the buyer beware. That goes for anything you purchase online, but even more for so-called security software that does nothing more than take your money and run.
Read the full Intego security memo here.
Adobe has released a new version of Flash Player, its media player software. This version includes a fix for the clickjacking issue that has been making the rounds recently. Earlier this month, we reported on Adobe’s security advisory about this risk. Adobe’s security bulletin outlines the fix that was added to Flash Player: “This update includes further changes to enhance Flash Player’s interpretation of cross-domain policy files. These changes could help prevent privilege escalation attacks against web servers hosting Flash content and cross-domain policy files.”
We strongly recommend that all Flash users – which means just about everyone who uses the Internet – upgrade now.
Microsoft has issued updates for Office 2008 and 2004. These new versions, respectively 12.1.3 and 11.5.2, “contain several improvements to enhance stability and performance. In addition, this update includes fixes for vulnerabilities that an attacker can use to overwrite the contents of your computer’s memory with malicious code.” Microsoft rates this vulnerability as “critical”, saying, “An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
Needless to say, we recommend that all Office users update their software as soon as possible.