Ryan Naraine

FTC: P2P Networks Rife With Leaked ID Data

The Federal Trade Commission today finally voiced concern about the long-known problem of data leaking into criminal hands via LimeWire, BearShare, Kazaa and dozens of other  peer-to-peer (p2p)  file sharing networks. The FTC put nearly 100 companies and agencies on notice that their employees appear to be regularly leaking large amounts of sensitive customer and employee data on popular peer-to-peer, or P2P, file-sharing networks.  Read the full story [The Last Watchdog]

OpenOffice Zaps Six Security Bugs

OpenOffice.org has shipped a new version of the desktop productivity suite to patch six vulnerabilities that could expose users to malicious hacker attacks.The flaws fixed in OpenOffice.org 3.2 could be exploited via GIF, XPM files and Microsoft Word document processing, according to an advisory released by the open-source group.


Adobe
today released an out-of-band security update to patch a pair of gaping
holes that expose hundreds of millions of computer users to remote code
execution attacks.
The vulnerabilities are rated “critical” and affect Adobe Reader and Adobe Acrobat on all platforms — Windows, Mac and Linux.

Malware hunters at SecureWorks have intercepted a new banker Trojan being used by cyber-criminals to steal financial credentials from banks in the U.S.The Trojan, dubbed “Bugat,” targets Automated Clearing House (ACH)
and wire transfer transactions by small- and mid-sized business in the U.S., much like the virulent Clampi Trojan that has stolen tens of millions of dollars.

Adobe has acknowledged that an internal screw-up caused a potentially dangerous Flash Player flaw to remain unpatched for more than 16 months after it was first reported by an external security researcher.”It slipped through the cracks,” said Emmy Huang, a product manager for Flash Player. Adobe’s mea-culpa follows the public release of proof-of-concept code demonstrating a Flash Player browser plug-in crash.

To entice security researchers to look for holes in the Chrome browser,
Google has announced it will pay $500 for dangerous security flaws found in the code. But
several experts say that’s not enough money to motivate skilled
vulnerability researchers. Read the full story [CNet]