Nasty week - wireless (Intel) drive-by possibility and lots more
The latest SANS @RISK newsletter highlights some fairly nasty problems that have come to light - including one that potentially affects anyone with a laptop with Intel's WIFI "Centrino 2200BG" wireless chip in it - and that's a lot of machines as this is a popular chip.If you have a laptop and suspect it contains this chip - and you are using Microsoft's Windows, you should follow the link here to get the update:
http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00001&languageid=en-fr
This problem can open up your Windows laptop to being attacked without your knowledge or interaction - a so called "drive-by" exploit. If your laptop is powered on and in your car, it could literally be a drive-by if the bad-ugly is in the next car or sitting on the street corner.
In a slightly different vein but still with laptops, you should note that the California Appeals court has ruled that US Customs and Border Patrol officers can search your laptop in the same fashion that they can search your luggage - and with no reason to suspect that you have anything in particular to hide. Note that IANAL (I am not a lawyer) but this ruling likely extends to your MP3 player, camera, cell phone and any other "computer" that might contain pictures, documents or whatever.
As I've noted before, lots of businesses are taking a long hard look at what their traveling employees are allowed to have on their company laptops - and some are going so far as to give them "empty" ones and arrange for encrypted remote access to files via the internet.
In addition to the above Intel WIFI problem, there are a number of Adobe products with problems that Adobe has not yet come up with a fix for. These include Photoshop Album Starter, After Effects CS3 and Photoshop CS3. Personally I use GIMP - but there are lots of you out there that don't yet :)
http://www.adobe.com/support/security/advisories/apsa08-04.html
And much as I hate to say it, Open Office version 2.3 and earlier has several vulnerabilities in how it opens several file formats - mostly Microsoft Office but also Quattro Pro.
http://www.openoffice.org/ - a place you should visit even if you don't already have Open Office, as even though it has some problems currently, it has had far fewer than Microsoft's equivalents and besides, it's free!
Now on to the web---
There are literally hundreds of thousands of web sites infected with a javascript downloader that is poised to infect anyone who visits one of the pages with a Microsoft system. These pages and sites include a huge number that are government and legitimate businesses, so it is not just the nasty sites or porn sites this time.
As I noted earlier, Google is working hard to mark sites and pages that they find various exploits on, and I think it will come to the point where you (and I) will visit sites via Google (and other search engines if/when they jump on the bandwagon of pre-testing pages they link to) rather than going via bookmarks or direct entry in the URL bar - just so we get that extra warning.
Changes every day - this one is still evolving but you heard it here first :)
What's Related