Just to wish all my friends and family, including my extended families the best holiday wishes.

Have a Merry Christmas and a joyous New Year!

Finally, a "critical" Java runtime update from Apple by ZDNet's Ryan Naraine -- Apple has shipped a long-overdue Java runtime update to plug at least 30 vulnerabilities that expose Mac OS X users to remote code execution attacks.

This article really only highlights the issue. Quicktime has (and still has) many bugs so many that I'd simply deem it the 'Buggiest and Most Insecure Application of ALL TIME' Anyone who uses Quicktime should REMOVE IT immediately, and then clean there system. I'd even recommend cleaning the registry of any APPLE or QUICKTIME entries, something I'm typically loathe to do under any circumstances. Apple simply seems to not understand the security climate in todays world, or doesn't care about it's users. Either way it's reprehensible that they are doing so well in the technology markets without putting security first.

I recently came across an article from 'Information Security' that reviewed several "Enterprise" class security suites. I have reviewed several here on this blog in the past year and have found very disappointing results. There have been a couple of new comer's to the land of the personal desktop namely 'Blink' by eEye that I have been testing for several months. The tool isn't ready for personal use, but it's professional version has been commended for a while. This article compared Blink's Enterprise tool (at time of writing I haven't been able to confirm the differences between Pro and Enterprise).

For most readers of this blog, they may dismiss reviews of enterprise class applications but I decided to include it since for most of these vendors the Enterprise version represents the 'best of the best' of their offerings. As this review compares all the top providers including Symantec, CA, Trend Micro, ISS, eEye and a few others I decided it was worth while comparing them.

Really? A FREE YEAR of Broadband?!? Nobody gives away a free year...

Recently I've received copies of a Phishing Attempt that looks like it's from Shaw (a cable/internet/telephone service company in Canada). This phishing attempt is congruous to the Ebay and banking phishes of the recent past, in that it actually does NOT resemble a 'real' email, rather a fictional email to get people excited, in this case instead of warning the user it attempts a positive reaction from "getting free internet for a year". Whoopie! A years worth of internet from Shaw isn't that expensive. Phishing attempts are typically NOT viral or malware orientated but certainly can and do use such methods. In this case it looks like a standard email spam sent via exploited web sites.

This is a sophisticated method. It uses a similar style as Shaw uses in their correspondence and uses a legit; if inappropriate, email address. The email was generated and sent using multiple methods so tracking it will be harder to accomplish. Additionally, I shall show the details of the spam and my analysis. Our whois data will be included in the rest of the article.