A swarm of Safari security holes: Mac and Windows users told to update

Whether you own a Windows or Mac OS X computer, if you’re a user of Apple’s Safari browser, it’s time to update your computer against a swarm of security vulnerabilities.

 

With the attention of most Apple devotees diverted this week towards the sleek new iPhone 4, some may have missed that the Cupertino-based company has also issued a brand new version of its web browser, Safari.

 

Most interestingly to us, however, is the news that Safari 5.0 not only includes new functionality, but also plugs at least 48 different security vulnerabilities that (if left unpatched) could be exploited by hackers.

 

Mac OS X version 10.4 users (which Safari 5 doesn’t support) aren’t left in the lurch either. Apple has issued Safari version 4.1 for those customers, which addresses the same set of security issues.

 

Read More…

 

Facebook disables chat after security hole discovered

Facebook has taken down its instant messaging-style system which allows members to chat real-time with each other after claims that the system suffers from a serious security problem.

 

According to a report by TechCrunch, a security flaw allows your Facebook friends to secretly spy on your private live chats as well as any see any pending friend requests that you have made.

 

In the past Facebook has insisted that privacy is its “highest priority”, but there isgrowing concern that the site has played fast and loose with the personal information of its 400 million users, encouraging them to share too much private data online and changing privacy settings to be more “open”.

 

A video has been posted on YouTube which allegedly demonstrates the security hole:

 

The news that Facebook has disabled its chat system suggests that they are working on fixing the security problem. Hopefully it will be resolved quickly.

 

But even if this security issue is fixed promptly there are other security issues on Facebook, as with any other social network, that need to be considered if you plan on continuing to use the site. Make sure you read our guidelines for better security and privacy on Facebook.

 

Oh, and you might want to become a Fan of Sophos on Facebook too to ensure you are kept up-to-date with the latest security news.

 

by Graham Cluley, Sophos

 

 

The Hacker Door Facebook security scare

A warning being sent across Facebook is scaring users into believing that their accounts have been hacked.

 

Here is a typical example of a warning message:

To all of my friends: COPY & PASTE: New problem found.... Hacker in door in our friends list!....We are now listed as friends of ourselves! You need to delete yourself from your friends list to close the door to hackers. To do this ... Go to Account, go to edit friends, there search for your name on the list and click the X to get your name removed.

 

The problem with this warning is that it’s complete poppycock, and causing some users to panic that they could have been hacked.

 

Yes, there is a bug that means that when you search through your Facebook friends list, you show up yourself as one of your friends. And yes, even if you try and “delete” yourself as a friend you’ll pop up again when you refresh the webpage.

 

But this is not evidence that your account has been compromised, and if you forward this warning to your Facebook friends and acquaintances you are only helping to perpetuate the hoax.

 

We saw a similar hoax spreading across Facebook earlier this year in what we called the “Automation Labs” security scare.

 

In summary, the “Hacker Door” scare is not something to worry about, and you should always check your facts before forwarding security warnings like this to your friends and colleagues.

 

However, there are real security issues on Facebook, as with any other social network. Make sure you read our guidelines for better security and privacy on Facebook.

 

Oh, and you might want to become a Fan of Sophos on Facebook too!

 

By Graham Cluley, Sophos