Microsoft desmascarada

Para incentivar atualização, Microsoft chama Internet Explorer 6 de 'leite estragado' - Autor(Renato Bueno)

URL: http://uoltecnologia.blog.uol.com.br/arch2010-05-09_2010-05-15.html#2010_05-14_14_59_00-141838948-26

quinta-feira, 25 de março de 2010

Exploits of unpatched IE6, IE7 flaw on the rise

URL: http://feeds.arstechnica.com/~r/arstechnica/index/~3/YfFFN64Z_Vo/exploits-of-unpatched-ie6-ie7-flaw-on-the-rise.ars

An unpatched flaw in Internet Explorer versions 6 and 7 is increasingly being exploited. The flaw, first reported two weeks ago, was initially used in limited, targeted attacks. It is now evolving into something more widespread and indiscriminate.

Security researchers for antivirus company AVG are now reporting tens of thousands of attacks per day, and this number is likely to grow further. Rival firm Trend Micro has reported similar growth. It appears that there are now two main attacks being used by two separate gangs of hackers; one installs fake antivirus software, the other installs a trojan.

Redmond is yet to release (or even announce) a patch, though an automated workaround is now available. The next Patch Tuesday is not until April 13, so if the growth in exploitation continues, the company will be under increasing pressure to publish a update sooner. There is, however, one robust fix already available: upgrade to Internet Explorer 8. The newest browser version doesn't contain the flaw at all.

Read the comments on this post

terça-feira, 23 de março de 2010

Microsoft promete resolver "nas próximas horas" problema com MSN

URL: http://redir.folha.com.br/redir/online/folha/informatica/rss091/*http://www1.folha.uol.com.br/folha/informatica/ult124u710829.shtml

A Microsoft afirmou, em comunicado à Folha Online, que identificou a causa do problema que afeta os usuários do comunicador instantâneo MSN desde a noite desta segunda-feira (22), em diferentes regiões do mundo.STJ mantém multa contra Google por comunidades ofensivas
Usuários reclamam de pane no MSN pelo mundo
Com nova versão, ICQ entra na era das redes sociais e tempo real
Para velocidade, jovens preferem rede social e SMSA queixa mais comum dos usuários é que os contatos aparecem off-line, quando na verdade estariam on-line, como resume pelo Twitter a empreendedora Karin van Kempen, na França.Leia mais (23/03/2010 - 15h21)

sexta-feira, 12 de março de 2010

0-day exploits for IE flaw another reason to switch to IE8

URL: http://feeds.arstechnica.com/~r/arstechnica/index/~3/zxQR0iBSIWQ/0day-exploits-for-ie-flaw-another-reason-to-switch-to-ie-8.ars

Microsoft confirmed on Tuesday a new flaw affecting version 6 and 7 of its Internet Explorer web browser that could allow remote code execution. The security advisory noted that targeted attacks using the flaw were already in the wild.

This information was confirmed by McAfee, reporting that exploitation of the flaw was originating from the domain topix21century dot com over both HTTP and HTTPS. The drive-by attacks install a backdoor which connects to a command-and-control server.

Analysis by Symantec reveals that the exploit works effectively on IE6. IE7 tended to crash instead, and IE8 is, as stated in the Microsoft advisory, immune. The attack loads some malicious code, and then makes repeated changes to the HTML document eventually provoking execution of the malicious code.

The best solution is to upgrade to IE8, as one of the many improvements found in this browser also seals off the security hole. Failing that, enabling Data Execution Prevention in IE7 should provide some level of mitigation, as the current exploits do not circumvent DEP (though they could probably be combined with DEP bypass techniques). Removing access to the file iepeers.dll using either of the mechanisms described in Microsoft's advisory prevents Internet Explorer from loading the flawed code, but may also break print and web folder functionality. Finally, disabling of scripting and ActiveX in the Internet and Local Intranet security zones should also provide protection against exploitation.

Microsoft has still made no indication whether this flaw will receive an out-of-band update, but with exploits in the wild and documented analysis of the exploit, clearly this flaw is something that needs fixing, and soon.

Read the comments on this post

segunda-feira, 8 de março de 2010

Novo Windows nem sempre se comunica com equipamentos antigos

URL: http://redir.folha.com.br/redir/online/folha/informatica/rss091/*http://www1.folha.uol.com.br/folha/informatica/ult124u703043.shtml

Computadores parecem seguir aquela velha recomendação: não converse com estranhos. Para que um PC se comunique com periféricos (impressoras, scanners, entre outros equipamentos), eles têm que ser compatíveis.Uma das razões para o fracasso do Windows Vista foi a sua falta de capacidade para se comunicar com periféricos feitos para o XP. Após a lição, a Microsoft concentrou esforços para garantir a compatibilidade deles com o Windows 7. A melhora foi nítida, segundo a imprensa especializada. Porém alguns problemas permanecem e nem sempre o Windows 7 conversa com o passado.

Christof Stache -22.out.09/AP