eWorld Translations

As reported by The Daily Mail, two British tourists were barred from entering America after joking on Twitter that they were going to ‘destroy America’ and ‘dig up Marilyn Monroe’.

Leigh Van Bryan, 26, was handcuffed and kept under armed guard in a cell with Mexican drug dealers for 12 hours after landing in Los Angeles with pal Emily Bunting.

The Department of Homeland Security flagged him as a potential threat when he posted an excited tweet to his pals about his forthcoming trip to Hollywood which read: ‘Free this week, for quick gossip/prep before I go and destroy America?’

After making their way through passport control at Los Angeles International Airport (LAX) last Monday afternoon the pair were detained by armed guards.

Despite telling officials the term ‘destroy’ was British slang for ‘party’, they were held on suspicion of planning to ‘commit crimes’ and had their passports confiscated.

Leigh was also quizzed about another tweet which quoted hit US comedy Family Guy which read: ‘3 weeks today, we’re totally in LA p****** people off on Hollywood Blvd and diggin’ Marilyn Monroe up!

Federal agents even searched his suitcase looking for spades and shovels, claiming Emily was planning to act as Leigh’s ‘look out’ while he raided Marilyn’s tomb.

‘I couldn’t believe it because it was a quote from the comedy Family Guy which is an American show.

To make sure that your communications don’t run into similar language barriers, give us a call toll-free at +1-888-398-4968, or use the free quote form in the sidebar to the right, or email us at info@eworldtranslations.com or provide more detailed information on our contact form. You can also fax your documents to us at +1-312-803-2208.

A blog post at security vendor Websense indicates that Amnesty International’ Hong Kong website apparently has been compromised and was laced with malware that includes an exploit of a still unpatched vulnerability in Internet Explorer (IE) as well as exploits for holes in Flash, QuickTime and Shockwave.

According to The H Security, these new attacks confirm observations of the exploit in commercial packages sold to criminals – which means attacks will probably soon become more frequent.

For IE, the exploit can be curbed by enabling Data Execution Prevention (DEP) in Internet Explorer on Windows XP, Vista and Windows 7. DEP is enabled by default in IE8. To activate DPE in IE7, run Microsoft’s Fix-It tool, available here.

We’ll gladly help you to review and update your applications to alleviate the potential for exploits resulting from application versions that have known vulnerabilities. Contact us today.

When InformationWeek reported that more than a million cell phones in China have been infected by attackers with malware that automatically sends text messages, Stephen Northcutt, president of the SANS Technology Institute, remarked in an editor’s note, posted in the SANS NewsBites:

Cell phone OSs, processors and available memory are just too small for countermeasures like DEP. And in the rush to be number one in features neither Apple, Google, nor Nokia is likely to strongly police apps *before* they become available. Before you load an app ask yourself, do I really need it and how long has it been available.

According to Shanghai Daily, “the ‘zombie’ virus, hidden in a bogus antivirus application, can send the phone user’s SIM card information to hackers, who then remotely control the phone to send URL links.”

In its Top 10 security trends for 2011, security vendor Imperva asserts “We expect exponential growth in the number of incidents related to mobile devices in the next few years. From theft or compromise of information in these devices, through massive infection campaigns, and up to frequent exploit of the vulnerabilities introduced into the server side.”

We’ll gladly help you to review and update your policies and applications to alleviate the potential for exploits resulting from insufficient policies and applications or application versions that have known vulnerabilities. Contact us today.

As promised, Adobe today released the previously announced update for Flash Player, originally scheduled for November 9th, fixing 18 security holes with this update. For additional details, take a look at their corresponding security bulletin.

However, as The H Security reports, Adobe has confirmed another unpatched hole in Adobe Reader due to a flaw in the Doc.printSeps JavaScript function. At present, an exploit that is already in circulation only crashes the application.

This new Adobe Reader vulnerability is affecting all versions from 9.2 or 8.1 onwards for Windows, Unix and Mac OS X. According to Adobe, an update for both Reader and Acrobat will be released the week of November 15th, though it is not clear, yet, if said update will fix this new problem that was identified right on the heels of the authplay.dll hole we recently alerted our readers to.

The latest version of Adobe Flash Player is always available at this link. Please note that you will have to visit this link separately in Internet Explorer (which installs the Flash Active X plugin for IE) and other browsers (which install and use the non-IE version).

We’ll gladly help you to review and update your applications to alleviate the potential for exploits resulting from application versions that have known vulnerabilities. Contact us today.

Today, Google patched 12 vulnerabilities in its Chrome web browser. All of them were considered threats of the severity level high by the company’s security team.

Also included in the patched version of Chrome is an updated version of the Adobe Flash Player, providing Chrome users with an early fix ahead of the official patch release by Adobe later today.

Among the dozen flaws that were fixed in Chrome 7.0.517.44 were one in its JavaScript engine, three in aspects of its text handling and a couple related to SVG (Scalable Vector Graphics).

According to Computerworld, Google paid $7,500 in bounties to eight researchers who reported 11 of the 12 bugs.

Just a few days ago, Google expanded this program that pays security researchers who report software flaws in the company’s products discreetly from merely covering its Chrome open source browser project to also include bugs fort its web properties, including Gmail, YouTube and Blogger. Google’s client applications (e.g. Android, Picasa and Google Desktop) are, however, not included in the expanded bounty program.

Given the cap of $3,133.7 (leet speak for “elite”), the focus remains on public recognition combined with a financial reward and is not likely to attract anybody interested in a get rich quick scheme selling security vulnerabilities.

We’ll gladly help you to review and update your applications to alleviate the potential for exploits resulting from application versions that have known vulnerabilities. Contact us today.

Two days after learning of the problem, Mozilla has updated Firefox to fix a flaw in the Windows, Mac OS X, and Linux versions of its browser that was actively exploited by malware secretly planted on the Nobel Peace Prize website.

The new versions of Firefox, 3.6.12 and 3.5.15 are not vulnerable to this exploit, but users who visited the site before installing the updated version might have been infected with a Trojan horse program.

According to Firefox security engineer Daniel Veditz “Firefox 4 beta users appear safe for the moment.”

Norwegian security vendor Telenor SOC reported the bug on, detailing that the Nobel site redirected to a Taiwanese attack server which then launched a JavaScript-based exploit that, if successful, placed a Trojan horse on the victim’s computer.

To download the new version of Firefox, visit http://www.mozilla.com/.

Also affected are Mozilla Thunderbird and SeaMonkey. A fixed version of the Thunderbird news and email client is available here and a fixed version of the SeaMonkey “all-in-one internet application suite” here.

We’ll gladly help you to review and update your applications to alleviate the potential for exploits resulting from application versions that have known vulnerabilities. Contact us today.

At the end of last week, Adobe published a security update for its Shockwave Player, patch 11 security holes.

A sample exploit illustrating this vulnerability is already in circulation, opening the Windows calculator once a web page featuring the exploit code is visited. Obviously it wouldn’t be all that difficult to start another program instead using the same mechanisms.

This update is unrelated to the holes reported on earlier in the week in Adobe’s Flash Player and Reader applications.

Users should update their Shockwave Player as soon as possible, downloading the latest version from Adobe’s website.

We’ll gladly help you to review and update your applications to alleviate the potential for exploits resulting from application versions that have know vulnerabilities. Contact us today.

Today, Adobe updated a security advisory published last week, alerting its customers and users to an unpatched bug in Flash Player which also affects the Adobe Reader and Adobe Acrobat applications.

While there are not yet reports of Flash Player itself being targeted, Adobe warns: “There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat.”

According to independent security researcher Mila Parkour, a malicious PDF file may exploit the Flash bug in Reader in order to place a Trojan horse program or other malicious software on the victim’s computer.

All versions of Flash on Windows, Mac, Linux and Android are vulnerable, Adobe admits.

Patched versions of the aforementioned three applications are expected to be released within the next 10 days; for Flash Player on most platforms tomorrow, 04 November 2010, and for Reader and Acrobat during the week of 15 November 2010.

Until a patch is available for this extremely critical vulnerability arising from the automatic execution of Flash content from within Reader and Acrobat via the authplay.dll library, users should exercise the utmost caution.

While deleting the authplay.dll file protects against the current attacks, both Acrobat and Reader will crash or produce an error message when they try to open a PDF file that contains Flash content.

We’ll gladly help you to delete the authplay.dll file and to review and update your applications to alleviate the potential for exploits resulting from application versions that have know vulnerabilities. Contact us today.

A recent SC Magazine article by Mark Weatherford, VP and CSO of North American Electric Reliability Corp. (NERC), discussed the effect of “unknown unknowns” on the electric grid and elaborated on the “High-Impact, Low-Frequency Even Risk to the North American Bulk Power System” which was created subsequent to a November 2009 workshop by NERC and the U.S. Department of Energy.

High-impact, low-frequency (HILF) events are somewhat elusive and unusual occurrences that potentially cause long-term, cataclysmic damage … in this case to the power grid, be it as a result of natural causes such as a solar storm triggering geomagnetic disturbances, or man-made causes like physical or cyber attacks, detonations of nuclear weapons or the outbreak of a pandemic.

To avoid the risk of the report gathering dust as a grand tome once it was delivered, NERC’s Electricity Sub-Sector Coordinating Council (ESCC) developed a “Critical Infrastructure Strategic Roadmap” framework based on which NERC and the electric industry drafted a Coordinated Action Plan in a collaborative public/private partnership.

It would not hurt to take this opportunity to review (or create, if you don’t have them, yet) your organization’s Continuity of Operations Plan (COOP), Disaster Recovery (DR) plan and/or Business Continuity Plan (BCP).

What would you for instance do if you are without power from the electric grid for an extended period of time? Do you have a UPS? If so, how long can it provide power for all your essential devices and facilities? Do you have a generator? If so, how long does your stored fuel supply last? Which steps have you taken to assure continued fuel supply until the situation has been remedied?

A freelancer, hit by a hurricane that knocked out power locally or regionally might just travel to a location not affected by the outage and operate from there using a laptop and a cellular phone. But this might not be quite as easy or even an option for a small or medium sized enterprise.

We’ll gladly help you to review and update or create your preparedness plans and policies. Contact us today.

As reported by eWeek, Microsoft’s 240-page Security Intelligence Report (SIR) Volume 9 indicates for the second quarter of 2010 that there are 2.2 million PCs in the US infected with bot software. This is more than in any other country in the world. With 550,000 PCs, Brazil comes in second. The statistics were gathered through 600 million PCs that use Microsoft’s update services and/or its Essentials and Defender security products.

Adrienne Hall, general manager of Microsoft Trustworthy Computing, blogged “Bot herders guard their botnets jealously and invest huge amounts of time, effort and money in them. They spread their bots by a central command to masses of computer users through malicious software and user deception. By keeping a low profile, bots are able to infiltrate computers and devices and can quietly operate in the background, often undetected for years.”

To avoid being or becoming one of these statistics, with the concomitant egg-in-the-face if and when both your own and confidential data your customers have entrusted you with ends up in the wrong hands, let us help you to review and update your computer’s configuration, your security mechanisms and your policies. Contact us today.