Miles Associates LLC

Adobe has issued a security advisory about a “critical” vulnerability in its Flash Player and Adobe Reader and Acrobat products that it says could let attackers take control of people’s computers.

The company said late Friday that there had been reports of the hole actually being exploited and that an official patch was not yet available.

Affected software includes:

• Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux, and Solaris
• Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh, and Unix

via Adobe reports ‘critical’ flaw in Flash, Acrobat | Security – CNET News.

According to Google’s Web Search Help blog, the search giant has decided it’s important to keep search inquiries from the prying eyes:

“With Google search over SSL, you can have an end-to-end encrypted search solution between your computer and Google. This secured channel helps protect your search terms and your search results pages from being intercepted by a third party. This provides you with a more secure and private search experience.”

TechRepublic’s Chad Perrin recently penned an article about the benefits of SSL-encrypted Web searches. He also advises caution as some searches are not protected by SSL encryption and under certain circumstances SSL is vulnerable.

via Google Search over SSL has an oops | IT Security | TechRepublic.com.

 Slates record-tying 34 patches for Windows, IE, Office and SharePoint

The patches will also quash two bugs that Microsoft acknowledged in February and April.

“I’d actually call this a moderate month,” said Andrew Storms, director of security operations at nCircle Security. “Looking at the criticality of the bulletins, and the fact that the number [of bulletins] is low, it doesn’t look like a huge month to me.”

By the numbers, however, next week’s updates will be huge. Although the 10 updates fall short of the record of 13 — first set in October 2009, then repeated in February 2010 — Microsoft will fix a total of 34 vulnerabilities, the same number as the current record, also set last October.

via networkworld.com.

Google has been “accidentally” collecting wi-fi data, but not if it was encrypted.

Google is facing scrutiny and investigation around the world following revelations that it has been capturing and archiving wi-fi data collected by its Google Street View vehicles that drive around capturing the image data used by the Street View service. It is questionable whether Google should have done that, but what is not questionable is whether or not Google should have any data from your wi-fi network.

…

While it may seem like an invasion of privacy–and in some countries or jurisdictions it may very well be–it is not necessarily against the law here in the United States. Frankly, there is no reasonable expectation of privacy for data that you willingly broadcast unencrypted into public airwaves.

via http://www.networkworld.com/news/2010/052110-does-google-have-wi-fi-data.html.

No surprise that there are a lot of updates (11) and that there is something critical for just about everybody!

Microsoft Security Bulletin Advance Notification issued: April 8, 2010

Microsoft Security Bulletins to be issued: April 13, 2010

This is an advance notification of security bulletins that Microsoft is intending to release on April 13, 2010.

via Microsoft Security Bulletin Advance Notification for April 2010.

Palo Alto Networks surveyed Web application usage at 347 organizations and found Facebook, Twitter and other programs for communications and collaboration are all being used in enterprises to a great degree. Some 22 Google applications, including Gmail, Google Calendar, Google Docs and Google Wave, showed particularly strong usage, according to research from the network security firm. Of course, the widespread use of social network and other Web apps used in enterprises can wreak havoc on network security and regulations for financial services and health care industries.

Palo Alto Networks surveyed use of 750 applications across 347 organizations for its fifth Application Usage and Risk Report, released March 30. The company’s firewall appliances and software monitored the use of Web apps for the volunteering companies from September 2009 through March 2010.

…

Some of the stats are eye-popping. The bandwidth consumed per organization by social networking applications doubled from 18 months ago to 9GB in this new report, with Facebook consuming an amazing 5GB of these companies’ bandwidth counts.

via eWeek.  (Emphasis added by me — jm)

Microsoft today announced it will issue an emergency security update for Internet Explorer IE tomorrow to patch a zero-day vulnerability that has been used to launch drive-by attacks for at least several weeks.

Tuesday’s update will be the second out-of-band update — Microsoft’s term for one outside its normal once-each-month Patch Tuesday — in the last three months.

via http://www.networkworld.com/news/2010/032910-microsoft-to-patch-ie-zero-day.htm