Adobe has announced a very serious and critical security flaw found in Adobe Flash and Reader which making your computer vulnerable to hackers like always, the curious thing is that it also affects  Macs and Unix systems using Adobe Reader. Below the complete warning:

Adobe (NSDQ: ADBE) on Wednesday issued a security advisory about a critical zero-day vulnerability that affects its Flash Player, Reader, and Acrobat software across all major operating systems.”A critical vulnerability exists in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX operating systems,” the company said. “This vulnerability (CVE-2009-1862) could cause a crash and potentially allow an attacker to take control of the affected system.”

US-CERT, which operates in conjunction with the Department of Homeland Security, warned users to disable Flash in Adobe Reader 9 on Windows computers and either to disable Flash Player or to enable only known safe Flash content.Adobe said it will have fixes ready on July 30, for Flash Player, and on July 31 for Reader and Acrobat. In the meantime, it would probably be wise to heed US-CERT’s advice: SANS Internet Storm Center handler John Bambenek reports that the vulnerability is being actively exploited.

Only a few malicious sites are currently serving the exploit, he said in a blog post, “but we confirmed that the links have been injected in legitimate Web sites to create a drive-by attack, as expected.”

“Flash Player users should exercise caution in browsing untrusted Web sites,” Adobe said in its advisory.

A series of recent vulnerabilities affecting Adobe’s software — clickjacking and the JBIG2 vulnerability, to name a few — have led security experts to question Adobe’s approach to security.

In December, Peleus Uhley, senior security researcher on Adobe’s secure software Engineering team, published a blog post titled, “We Care,” to reassure security researchers that Adobe wants to work with them and to acknowledge “that Adobe needed to do more to reach out to security community and be transparent in our efforts to protect customers.”

In May, Brad Arkin, Adobe’s director of product security and privacy, outlined three new Adobe security initiatives in a blog post: code hardening, incident response process improvements, and regular security updates.

Also in May, the company released Adobe Reader 9.11 to address at least one critical vulnerability. The following month, it released Reader 9.12 to fix nine critical vulnerabilities.

In a blog post in May, Andrew Storms, nCircle’s director of security operations, likened Adobe’s initiatives to the approach Microsoft took a decade ago when security issues threatened its reputation. He said that Adobe is off to a great start in rehabilitating its image and that it still had a long way to go.

Via – Information Week

So in the meantime try to be extra careful when using Adobe Flash and Reader because there will be no fix until July 30 and 31.

It seems that another security issue has appeared but this time it affects Internet Explorer, the worst of all this is that according to Microsoft there is no fix for this problem. Below the news via USATODAY

Microsoft warned users Monday about yet another serious security flaw related to its Internet Explorer browser for which there is no fix.

Security firm Symantec said the vulnerability, which affects PCs using Windows XP or Windows Server 2003 operating software, is already being taken advantage of by cybercriminals.

It can allow hackers to remotely take control of victims’ machines. The victims don’t need to do anything to get infected except visit websites infected with a tiny bit of code that taps into the security hole.

Dean Turner, director of Symantec Security Response, says a cybercriminal group has corrupted an estimated several hundred legitimate Web pages with such infections since July 1. The criminals most likely are sending out e-mail spam to trick victims into clicking to the corrupted pages.

Symantec researchers caught part of the malicious code moving across the Internet in a computer, called a honey pot, set up to receive infections. But they have not captured any samples of the e-mail trickery.

“This is not that uncommon,” Turner says. “But this kind of exploit in the wild, with no security patch yet available, has the potential to affect hundreds of thousands of people.”

A flurry of similar attacks on Internet Explorer took place in 2007 and 2008, but have slowed. Attackers in 2008 began to gravitate to security holes in popular applications, such as Microsoft Word.

And in the past few months, the most widely attacked program has been Adobe Acrobat Reader, says Roel Schouwenberg, senior researcher at Kaspersky Lab.

The so-called zero day vulnerability disclosed by Microsoft affects a part of its software used to play video. The problem arises from the way the software interacts with Internet Explorer, which opens a hole for hackers to tunnel into.

Microsoft urged vulnerable users to disable the problematic part of its software, which can be done from Microsoft’s website, while the company works on a “patch” — or software fix — for the problem.

Once the attacker gains access to a PC, the machine most often is used in a network of other compromised PCs, called bots, to spread spam and steal data. Bots are also widely used to spread promotions for fake anti-spyware subscriptions and to hijack cash from online banking accounts.

A Microsoft advisory says the company is working on a patch, which will be distributed “when it has reached an appropriate level of quality for broad distribution.”

Well I guess all I can say is watch the Websites you visit, if the code get installed in your computer the hacker will gain control and your personal data will get compromised.

It seems that another Microsoft fan less frustrated user created a Trojan to fool Windows operating system users making them believe that Microsoft is sending an update via email for Outlook Express. The email subject might say “Critical Update for Microsoft Outlook, after opening it says: Update for Microsoft Outlook / Outlook Express (KB910721)“ which is a complete lie because Microsoft never sends update via email instead it uses it own website to distribute the update.

So if you happen to receive an email telling that you have to update Windows OS Outlook Express don’t open it and delete it because it’s a Trojan Horse and I don’t think you want to reformat your hard drive do you?

Via [PC TipBox]

Spotify is a new online music company that offers free online music at no cost but you will hear ads between each songs. Also it offers 2 other options which is a one day pass with out any ads and a monthly subscription plan with no ads, Spotify has approximately 120,000 tracks to listen so you can hear a little bit of everything.

Spotify is very similar to Yahoo Online Music service which lets you hear free music with ads unless you become a premium user which removes all ads between songs.

But Spotify as a young sheep got it first attack by hackers and let them know they had a hole that let them enter via their protocols, but not to worry because they already correct the problem and they guaranty that your information will be safe now.

This is what they said in their blog

Updated security notice

March 4, 2009

It seems that there is some confusion about who may be at risk due to the recently communicated leak of information that could be used to guess some user’s password. To clarify, your password is at risk only if all of the following apply:

• You had a Spotify account before December 19th, 2008
• You have not changed your password since December 19th, 2008
• You have a weak password
• Someone from a small group of people asked our servers specifically to see your account details before that date
• Someone from the same small group decided to put computation time towards guessing your password

If your Spotify account was created before December 19th, 2008 you should have received an email about the issue by now, assuming that the email address you stated when registering the account was correct.

Source [Spotify Blog]

So like I said before don’t worry if your account wasn’t created before december 19, 2008 because it’s safe now, but if you open an account before that date I recommend you to change your passwords inmediatly to protect your personal information. Make sure to create a strong password and please don’t use your house, birthday, or ss mixed numbers to create your password because they can be guessed easy by hackers.

To hear free music but with ads click here

Note: To be able to use the free beta service you must previously receive a token or an invitation otherwise you will have to purchase the premium version.