Lots of sites have been exploited recently due to security filtering of Cross Site Scripting (XSS).

Sadly Symantec have been the latest company to have their website, erm tested and found to have some issues.

This just goes to show, even the bigger players are overlooking the security when it comes to their web applications.

Screenshots Here

On the 30th April, Adobe has released information of yet another vulnerability with its Adobe Reader product, just when you thought you had finished rushing around apply the recent patch release. So dont be to quick to re-enable browser and java functionality just yet.

The two security vulnerabilities in Adobe’s software are particularly nasty, because they lend themselves to the planting of malicious code on vulnerable PCs. The flaws therefore potentially lend themselves to drive-by download attacks. There’s no evidence of this happening as yet, even though proof of concept attack code has been developed.

Read more about this on the Adobe Blog.

This month (May) patch Tuesday should finally feature the long awaited patch for the Microsoft Power Point Security flaw.
Its certainly a long time coming, and MS have noted for a long time they are aware of the issue, just glad to see its coming, so keep your eyes peeled and ensure you apply this patch.

Visit TechNet for more info on this Vuln

I am abit late on this one, and I am not into Twitter, and tweeting and all this business, but thought it was a worthwhile post.

Its seems that Twitter has become victim of a rather nasty worm,  its self replicating and has been flooding the site with posts. The posts resulted in making other viewers accounts being infected, and also looking to get users to visit StalkDaily.com. Over 10,000 posts were generated by the worm, so this must have given the admins something to do over the easter weekend, I am sure they would have preferred an easter egg hunt 🙂

The general word is that people are once again concern around the security of twitter and the teams ability to respond and get ontop of these sort of security incidents.

As ever with any social sites of these type, you just need to use common sense and remain vigilant.

So, April 1st came and went, but now we are seeing a little more conficker activity. Reports have given some details that this variant is only programmed to operate upto the 3rd May 09, so who knows what happens after that.

What is now being seen though, is that if you are subjected to the latest E variant you could be infected with an anti-malware bit of code called “SpywareProtect2009”. If this is then activated, you will kindly be asked to cough up $49.95 to clean false infections on your machine, and not the real ones you would like to be cleaning up in the first place.