The developers from the Mozilla project just released an update for Firefox 3, bumping the version number to 3.0.4. The patch remedies 11 vulnerabilities of which 4 are considered crititcal by the Mozilla developers. They may lead to execution of injected code (like a trojan) so please update ASAP.
Microsoft published 3 patches for critical weaknesses in it’s operating systems and the office solutions on November Black Tuesday which also may allow attackers to remotely take over users’ machines. Two patches close holes in Microsofts XML-parser (XMLcore). Another update is available which helps with a security problem which is known for roundabout 7 yeras now, a so called SMB reflector attack: An attacker on a network sends back credentials which he sniffed earlier and gets access to the SMB client. Users and companies are well advised to install the patches soon.
Another story is making rounds in the media concerning an ISP from San Jose in the U.S., McColo. That ISP provided “bullet proof hosting” which is often used for Command&Control-servers for botnets. The two major internet carriers which were connecting McColo to the internet pulled the plug yesterday. Since then the spam rate on the net dropped down to half of the usual amount, sometimes even to 10%. Unfortunately, this won’t hold long as the criminals are loosing profit and for sure look for alternatives.