WordPress has just released the latest version 3.0.2 to fix a few critical vulnerabilities :-

• Fixed moderate security issue where a malicious Author-level user could gain further access to the site.
• Remove pingback/trackback blogroll whitelisting feature as it can easily be abused.
• … and more.

Files affected in this upgrade are :-

• wp-includes/ms-files.php
• wp-includes/version.php
• wp-includes/comment.php
• wp-includes/functions.php
• wp-includes/load.php
• wp-includes/canonical.php
• wp-includes/capabilities.php
• readme.html
• wp-admin/includes/plugin.php
• wp-admin/includes/file.php
• wp-admin/includes/update-core.php
• wp-admin/plugins.php

This update is a mandatory security update, so an upgrade from any older version is highly recommended. Just go to your WordPress Dashboard > Update, select “Upgrade Automatically” or “Download 3.0.2” to manually update the files listed above.

Cheers!

I’ve been receiving a lot of phishing emails sent from Maybank2U.com asking the users to secure the account by clicking a link in the email. See the screen shot of the phishing email below :-

The email looks very suspicious when I first received it :-

• 1. The title has obvious spelling mistake.
• 2. The email was sent from an unknown source outside Malaysia.
• 3. The link to secure your account looks legit when you hover your mouse over the link.
• In fact, the link is actually pointing to franchiyhancevic.biz (phishing website)

The Whois Record of Maybank2U.com does not have any information about Malayan Banking Berhad. However, the link Maybank2U.com is pointing to Maybank2U.com.my though.

Continue Reading »
Beware Of Maybank2U.com Phishing Email

This time Microsoft is fast to release the security patch for a critical vulnerability recently found in Internet Explorer (IE). The patch was released early this morning so you should patch your IE now!

Who needs to patch?

Any user of Internet Explorer from IE 5 to IE 8 Beta 2. Basically, you’ll need to install the security patch if you are using WinXP or above.

Check the version of your IE : In IE > Click Help > About Internet Explorer

Why patch?

Without applying the patch, an attacker might take advantage of this IE vulnerability to gain control of your system when you visit a specially crafted web page using IE. The attacker could gain Administrative right to your system if you are logged on as Administrator, so it’s lethal.

How to patch?

Go to this Microsoft Security Bulletin page, click the link of your IE version and the download will start. Run the downloaded file and restart the PC after installing. That’s it.

What to do next?

Well, of course I would recommend you to use other web browsers, such as Firefox , Opera or Google Chrome.

Cheers!

Listen up! Zone Alarm (ZA) is giving away Zone Alarm Pro for free!

The software you’ll get is a genuine copy and it is still retailing at US$39.95 on their website.

• Why free?
  Check Point Software (ZA developer) is celebrating 15th anniversary of ZA Pro. Thanks for their generosity!
• Where to download?
  Birthday Gift Page!
• How to download?
  Sign up with your name and email address, they’ll email you with instructions in 48 hours.
• Who is eligible?
  You! 1 PC per person only. Please don’t abuse.
• When is it gonna end?
  You have until 6am PST, 11^th Nov to sign up, which is about 8 hours left from the moment this post is published.

This is definitely the must-have software to complement your antivirus for maximum PC protection!

For more awesome deal like this in the future, don’t forget to subscribe to my RSS, which I’ve added a big button in the right there. Hope you all like it.

Cheers!

Beware if anyone of you downloaded a cracked version of the forthcoming Windows Vista from any online sources, including BitTorrent.

Quoted:
The program claims to be a “crack” designed to unlock pirated copies of Vista, which was made available to Microsoft’s volume licensing customers last week.

The cracked file named “Windows Vista All Versions Activation 21.11.06” actually contains a password-stealing trojan horse known as Trojan-PSW.Win32.LdPinch.aze.

Kaspersky is one of the antivirus applications manage to detect the trojan horse, but not Norton Antivirus and Eset’s NOD32, says the security researchers. So, be extra careful if you are using any of these 2 antivirus.

Sophos, U.K.-based security company, said on Wednesday, July 6, 2005, the length of time an unprotected PC survives on the Internet has shrunk to a measly dozen minutes and estimated that a new PC stands a 50-50 chance of being infected by a worm within 12 minutes of being connected to the Internet !!

Sophos reported that it had pinpointed 7,944 new pieces of malicious software in the first six months of 2005, an increase of 59% compared to the first half of 2004. The firm’s researchers tracked an even larger spike in the number of keylogging Trojan horses, tripled in number.
Continue Reading »
50% Chance PC Get Infected In 12 Minutes