Decrease in Critical Issues and Bulletins
As far as individual issues, Critical-class CVEs accounted for less than a third of the issues we addressed in bulletin releases for the first time since we began our monthly bulletin-release cadence in 2004. And in absolute numbers, Critical-class CVEs are at their lowest levels since 2005. The fact that we're seeing lower percentages of Critical issues and bulletins year-over-year demonstrates progress made by the product groups in creating more secure software.
With this regularly scheduled monthly release, our bulletin count for 2011 is 99, with 13 released today. Of those, we determined 10 to be Important-class bulletins, with only three classified as Critical in severity. In 2011, Critical-class bulletins represented just 32 percent of all bulletins – the lowest percentage since we began our monthly bulletin-release cadence in 2004 and, again, the lowest absolute number since 2005. Interestingly, for the second half of the year the numbers are even lower, with under 20 percent of bulletins released in the last six months rated Critical in severity.
FREMONT, CA - DECEMBER 6, 2011 - Foxit Corporation, a leading provider of solutions for reading, editing, creating, organizing, and securing PDF documents, today announced Amazon.com, Inc. has made an investment in the company, and will be working with Amazon to support PDF reading in Kindle devices and free Kindle reading apps. Terms of the investment were not disclosed.
"Kindle has long supported PDF as a document format that is independent of application software, hardware, or operating systems." said Jeff Blackburn, senior vice president, business development, Amazon.com. "Foxit has an industry-leading PDF technology that we think will make the customer experience for PDF's on Kindle even better - we’re excited to back such a great team."
"We are honored to be working with Amazon to provide high-quality rendering of PDFs for Kindle," said Eugene Y. Xiong, CEO for Foxit Corporation. "With over 100 million users, Foxit PDF software continues to find increasing adoption among the Fortune 500 for its breadth of PDF features, blazing speed, affordability, security, and high quality."
Foxit's PDF solution provides the platform independence, lightweight footprint, performance, and display quality to provide a superior user experience across multiple platforms with no loss of quality or consistency.
Download.com a.k.a. C|Net download.com is no longer a safe location to download programs, because it now wraps the software in a Trojan Installer, detected as malware by major Anti-Virus programs.
This story was first reported back in August on the ExtremeTech site, when VLC was "trojanised" by Download.com. See "Download.com wraps downloads in bloatware, lies about motivations"
Now it has re-emerged, because another well-known program used by Computer Security testers (nmap) has also been "trojanised" by Download.com:
I've just discovered that C|Net's Download.Com site has started wrapping their Nmap downloads (as well as other free software like VLC) in a trojan installer which does things like installing a sketchy "StartNow" toolbar, changing the user's default search engine to Microsoft Bing, and changing their home page to Microsoft's MSN.
The installer is actually detected as malware:
In fact, if we UPX-unpack the Trojan CNet executable and send it to VirusTotal.com, it is detected as malware by Panda, McAfee, F-Secure, etc: http://bit.ly/cnet-nmap-vt
That bit.ly link will redirect you to virustotal.com for the test results.
Looks like download.com is no longer a safe place to go, for any downloads.
Earlier today, Apple's very own Steve Jobs passed away at the age of 56 due to a rare form of pancreatic cancer. His death happens just a day after Apple announced the iPhone 4S.
"Apple has lost a visionary and creative genius, and the world has lost an amazing human being", the company said. "Those of us who have been fortunate enough to know and work with Steve have lost a dear friend and inspiring mentor. Steve leaves behind a company that only he could have built, and his spirit will forever be the foundation of Apple".
According to the LA Times, Jobs was diagnosed in 2003 with pancreatic neuroendocrine cancer, which produces islet cell or neuroendocrine tumors. This form is usually less aggressive than pancreatic exocrine cancer and patients can live longer, with the average survival rate more than three years. Some people with the neuroendocrine form can live as long as 20 years. He had a liver transplant in 2009 and took an extended medical leave from Apple last January. Several forms of treatment are available.
Microsoft's Digital Crimes Unit has shut down a botnet that was investigated for hosting the MacDefender scareware that preyed on Mac OS X users.
The botnet, known as Kelihos or "Waledac 2.0," has been linked to spam messages, ID-theft attacks, pump-and-dump stock scams and websites promoting the sexual exploitation of children, according to Microsoft senior attorney Richard Domingues Boscovich.
The botnet contained about 41,000 computers worldwide and was capable of sending 3.8 billion spam e-mails per day.
For the first time since Microsoft's anti-cybercrime team started disabling botnets, the company moved to the U.S. court system and identified a defendant that allegedly owned the domain that controlled the botnet.
In the complaint, Microsoft names Dominique Alexander Piatti alongside dotFREE Group SRO and John Does 1-22 and said they owned domains and subdomains that were used to operate and control the Kelihos botnet.
Brothersoft is celebrating their 9th anniversary and they want to celebrate it with you. You have a chance to win a Brothersoft 9th Anniversary Limited Edition tshirt. Interested? Here's how you can enter to get a shirt.
1. Click the "Join" button and tweet the activity news.
2. Follow Brothersoft on Twitter
Then you will be considered for this giveaway. The Winners will be picked at random, so everyone will have the equal chance. Remember the rate of winning prize can reach 50%.
Brothersoft is one of the top download websites available on the Internet. They keep getting better and better.
Here's to another great year, Brothersoft. Looking forward to celebrating your 10th anniversary with you all!
Recently Support.com acquired SUPERAntiSpyware for a healthy sum of $8.5 million. The deal is expected to finalize by the end of the year. SUPERAntiSpyware is a free tool that is extremely useful when cleaning up a system. It’s offered in both paid and free versions, but for most the free product delivers as promised.
What many people don’t know is that SUPERAntiSpyware, headquartered in Eugene, Oregon, is developed and maintained by a staff of ten. Those ten people, including founder Nick Skrepetos, will join Support.com full-time once the $8.5 million dollar deal is complete.
What changes will this mean for the SUPERAntiSpyware software? That much is unclear at this point in time. It's rumored that the free version will remain as such, free for many to use. However, the pay version will be pushed heavily.
Malwarebytes has certainly been getting a lot of attention from other companies. In 2009, IOBit decided to take advantage of Malwarebytes definition files by implementing them into their own. Malwarebytes quickly caught wind of this and accused Chinese software firm IOBit so reverse engineering it's malware signatures. This of course brought about a lot of commotion and IOBit received a lot of negative press. Thankfully, they finally did the right thing and removed Malwarebytes definitions from their own definitions.
Recently, ChronoPay revealed to security researcher and journalist Brian Krebs that they've hired programmers to reverse engineer the free version of Malwarebytes in an attempt to create their own anti virus solution. Upon learning this to the researcher published screenshots from a ChronoPay internal system showing that they deal with distributing scareware, selling pirated music, running illegal online pharmacies and much more. When confronted about this, ChronoPay released an official statement denying any involvement in the distribution of scareware. "We assure both our customers and competitors that we have no involvement at all with scareware or malware and warn anyone attacking our company with likes and rumor that we will put the full weight of our company behind the appropriate legal response."
ChronoPay may be attempting to find a way of evading the Malwarebytes product since they deal with distributing scareware. Another possibility, is that they're interested in the code to use for one of their own products that they may release in the future. Either way, attempting to reverse engineer someone elses intellectual property without permission is never good news.