Oracle Java 7 Security Manager Bypass Vulnerability

Posted by on Jan 16, 2013 in Virus and Security | 0 comments

According to US-Cert alert, all PC or Mac which has Java should be removed or update immediately for security reason. Read the article below for more infomation : Alert (TA13-010A) Oracle Java 7 Security Manager Bypass Vulnerability Systems Affected Any system using Oracle Java 7 (1.7, 1.7.0) including Java Platform Standard Edition 7 (Java SE 7) Java SE Development Kit (JDK 7) Java SE Runtime Environment (JRE 7) OpenJDK 7 and 7u IcedTea 2.x (IcedTea7 2.x) All versions of Java 7 through update 10 are affected.  Web browsers using the Java 7 plug-in are at high risk. Overview A vulnerability in the way Java 7 restricts the permissions of Java applets could allow an attacker to execute arbitrary commands on a vulnerable system. Description A vulnerability in the Java Security Manager allows a Java applet to grant itself permission to execute arbitrary code. An attacker could use social engineering techniques to entice a user to visit a link to a website hosting a malicious Java applet. An attacker could also compromise a legitimate web site and upload a malicious Java applet (a “drive-by download” attack). Any web browser using the Java 7 plug-in is affected. The Java Deployment Toolkit plug-in and Java Web Start can also be used as attack vectors. Reports indicate this vulnerability is being actively exploited, and exploit code is publicly available. Further technical details are available in Vulnerability Note VU#625617. Impact By convincing a user to load a malicious Java applet or Java Network Launching Protocol (JNLP) file, an attacker could execute arbitrary code on a vulnerable system with the privileges of the Java plug-in process. Solution Update Java Oracle Security Alert CVE-2013-0422 states that Java 7 Update 11 (7u11) addresses this (CVE-2013-0422) and a different but equally severe vulnerability (CVE-2012-3174). Java 7 Update 11 sets the default Java security settings to “High” so that users will be prompted before running unsigned or self-signed Java applets. Disable Java in web browsers This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered. To defend against this and future Java vulnerabilities, consider disabling Java in web browsers until adequate updates are available. As with any software, unnecessary features should be disabled or removed as appropriate for your environment. Starting with Java 7 Update 10, it is possible to disable Java content in web browsers through the Java control panel applet. From Setting the Security Level of the Java Client: For installations where the highest level of security is required, it is possible to entirely prevent any Java apps (signed or unsigned) from running in a browser by de-selecting Enable Java content in the browser in the Java Control...

Read More

Best Free Antivirus Software

Posted by on Nov 25, 2012 in Virus and Security | 0 comments

If your PC doesn’t have any antivirus program and your budget doesn’t include any money for antivirus protection, you’ve got plenty of good choices for free antivirus. Norton Security Suite: Powered by Norton 360™ Technology. XFINITY® Internet Comcastcustomers can now get the #1 ranked Norton™ Security Suite ($160 value) at no additional charge. It’s superior online protection that won’t slow you down*. AVG Antivirus Free 2013: Detects and stops viruses, threats and malware. Great, easy-to-use protection everyone needs. Avast Free Antivirus: Protect your PC against the latest viruses and spyware. Avira Free Antivirus 2013: Detect and eliminate viruses, get free protection for home users. ZoneAlarm Free Antivirus+Firewall: Protect your PC from various malicious threats with antivirus and firewall. PC Tools Antivirus Free: Detect and clean thousands of threats. Microsoft Security Essentials: Protect your computer with Microsoft’s latest security software. Panda Cloud Antivirus Free Edition: Protect your PC against viruses, spyware, rootkits, and trojans. Comodo Internet Security: Provide firewall and antivirus protection for PCs. Kingsoft Antivirus: Protect your computer with antivirus powered by cloud security system....

Read More

FBI Moneypak Virus

Posted by on Nov 15, 2012 in Virus and Security | 0 comments

A New Version of FBI Moneypak Virus/ Malware – To unlock the computer, you must pay the fine through MoneyPak of $200. Your PC  has infected the The Reveton virus, used by hackers in conjunction with Citadel malware—a software delivery platform that can disseminate various kinds of computer viruses. It usually locks up your screen and you cannot do anything much. Do not pay any money or provide any personal information. Contact a computer professional to remove Reveton and Citadel from your computer.Be aware that even if you are able to unfreeze your computer on your own, the malware may still operate in the background. Certain types of malware have been known to capture personal information such as user names, passwords, and credit card numbers through embedded keystroke logging programs. Lappy Fix,...

Read More