>the laziest blog on earth...contact me: mudwerks AT gmail DOT com
ALL MY SONGS!...
AVAILABLE NOW on bandcamp!
Adobe Systems has released a patch for two Flash player vulnerabilities that are being actively exploited online to surreptitiously install malware, one in attacks that target users of Apple’s Macintosh platform.
While Flash versions for OS X and Windows are the only ones reported to be under attack, Thursday’s unscheduled release is available for Linux and Android devices as well. Users of all affected operating systems should install the update as soon as possible.
The Mac exploits target users of the Safari browser included in Apple’s OS X, as well as those using Mozilla’s Firefox. That vulnerability, cataloged as CVE-2013-0634, is also being used in exploits that trick Windows users into opening booby-trapped Microsoft Word documents that contain malicious Flash content, Adobe said in an advisory. Adobe credited members of the Shadowserver Foundation, Lockheed Martin’s Computer Incident Response Team, and MITRE with discovery of the critical bug.
The other bug under attack, CVE-2013-0633, also works by tricking Windows users into opening a Word document containing malicious Flash content. It was discovered by researchers from antivirus provider Kaspersky Lab…
Hackers are actively exploiting a critical vulnerability in Microsoft’s Windows operating system that allows them to remotely execute malicious code when victims visit a booby-trapped website.
“These attacks are being distributed both via malicious web pages intended for Internet Explorer users and through Office documents,” Andrew Lyons, a Google security engineer, wrote in a blog post published Tuesday. “Users running Windows XP up to and including Windows 7 are known to be vulnerable.”
In their own advisory, Microsoft officials confirmed the active attacks and encouraged customers to apply a temporary fix as soon as possible. The vulnerability exploits an uninitialized variable in XML Core Services, which is installed by default in all supported versions of Windows. Users of Microsoft Office 2003 and 2007 are also susceptible.
Attacks work when a vulnerable system uses Internet Explorer to visit a website that contains XML code that corrupts memory in a way that can execute malicious code. The code has the same privileges of the logged-on user, so accounts that don’t include administrative privileges may be less affected.
The warnings came the same day that Microsoft issued seven updates that patch at least 26 vulnerabilities in its software as part of its monthly Patch Tuesday. Lyons said Google researchers alerted Microsoft to the attacks on the XML package two weeks ago and that “Microsoft has been responsive to the issue and has been working with us.
(via Android users targeted in drive-by download attacks | Ars Technica)
Almost a dozen sites are actively targeting Android users with malware that could gain access to corporate networks and other protected systems, security researchers said. They note it’s the first time compromised sites have been used to infect users of a mobile handset.
The malware, dubbed NotCompatible, is being transmitted by websites when they’re accessed on smartphones running Google’s Android operating system. This is according to a blog post published Tuesday by researchers from Android antivirus provider Lookout. An iframe tag included in the sites provides a link to malicious software that’s automatically downloaded after the site is visited. The sites then provide notifications prompting end users to install the downloaded app. Installation is possible only on phones that have been configured to run apps acquired from sources other than the Google Play market.
“Hacked websites are frequently used to infect PCs with malware,” Lookout researchers wrote in Wednesday’s post. “However, today we have identified the first time hacked websites are being used to specifically target mobile devices.” The company’s security app automatically blocks installation of the software…
(via Hair-Cutting Attacks Stir Fear in Amish Ohio - NYTimes.com)
Photographs from the Jefferson County, Ohio, Sheriff’s Department show, from left, Levi Miller, Johnny Mullet and Lester Mullet, of Bergholz, Ohio.
BERGHOLZ, Ohio — Myron Miller and his wife, Arlene, had been asleep for an hour when their 15-year-old daughter woke them and said that people were knocking at the door.
Mr. Miller, 45, a stocky construction worker and an Amish bishop in the peaceful farmlands of eastern Ohio, found five or six men waiting. Some grabbed him and wrestled him outside as others hacked at his long black beard with scissors, clipping off six inches. As Mr. Miller kept struggling, his wife screamed at the children to call 911, and the attackers fled.
For an Amish man, it was an unthinkable personal violation, and all the more bewildering because those accused in the attack are other Amish.
“We don’t necessarily fight, but it’s just instinct to defend yourself,” Mr. Miller recalled.
The attackers, the authorities said, had traveled from an isolated splinter settlement near Bergholz, south of the Miller residence. Sheriffs and Amish leaders in the region, home to one of the country’s largest concentrations of Amish, had come to expect trouble from the Bergholz group. It is said to be led with an iron hand by Sam Mullet, a prickly 66-year-old man who had become bitterly estranged from mainstream Amish communities and had had several confrontations with the Jefferson County sheriff.
But the violent humiliation that men from his group are charged with inflicting on their perceived enemies throughout this fall, using scissors and battery-operated clippers, came as a bizarre shock.
The assaults — four are known to the authorities — have stirred fear among the Amish and resulted in the arrests, so far, of five men, including three of Mr. Mullet’s sons, on kidnapping and other charges. Officials say that more arrests are possible.
In the first incident, on Sept. 6 in the town of Mesopotamia, a married couple who had left the Bergholz community four years ago, Martin and Barbara Miller, were attacked at night by five of their own sons and a son-in law, along with their wives, all of whom had elected to remain with Mr. Mullet, according to the victims. The gang left the father with a “ragged beard,” as a sheriff’s report described it, then turned on their mother — who is Mr. Mullet’s sister — and chopped off large patches of her hair.
“The beard is a key symbol of masculine Amish identity,” said Donald B. Kraybill, a sociologist and expert on the Amish at Elizabethtown College in Pennsylvania. The women view their long hair, kept in a bun, as their “glory,” Dr. Kraybill said, and shearing it was “an attack on her personal identity and religious teaching…”
