Wednesday, April 20, 2011 at 9:50PM Earlier today it was reported by a security research firm that all iOS 4 devices have been recording their GPS locations in a database which is located on the device. I'll post more information once I've had a chance to review the firm's data and have read more information about the issue.
Friday, July 30, 2010 at 8:46AM On July 16 security researchers discovers a new exploit in Microsoft's Windows Operating. This exploit is currently in the wild and affects all versions of Windows. Microsoft has not released a patch for the vulnerability and may not have one ready for next second Tuesday patch release. Vulnerability exists in the Windows Shell that very like allows an attacker to remotely execute code. The initial attack vector was via USB devices, but researchers are now pointing to examples that are in the wild of execution of the vulnerability via network shares and favicons (the small graphics file that is located in your browsers address bar). Microsoft has posted information on a work around that will disable the shell code, but the work around will also cause all of your desktop icons to disappear (not the best option). The security firm Sophos has created a third party software patch that will fix the issue for .LNK files. These are generally shortcuts that are created in Windows. This third party patch does not protect against the vulnerability of PIF files.
Craig N.
This afternoon Microsoft announced that it will be releasing an out-of-band patch for this
vulnerability.
Link
Craig N.
I just confirmed that Microsoft is not deploying this patching to anything prior to Service Pack 3 for Windows XP. I manage several systems and have noticed that none of those that are still running Windows XP SP 2 have installed the patch. All systems which I currently manage utilize Microsoft's Windows Server Update Services (WSUS). This is how I can confirm that the patch of the .LNK vulnerability is not deploying to anything prior to Windows XP SP 3.
