Select Page

An email making the rounds makes the innocent claim that “it is possible that your account password has been stolen”.


Expecting a phish? 


Actually, no.  The site serves a malicious script.  Nevertheless, the exploits served are six to eight months old — CVE-2010–0886 (a Java exploit) and CVE-2010-1885 (a cross-site scripting method that exploits a vulnerability in Windows Help).   Downloading the latest version of Java and insuring you’re up-to-date on Windows patches will protect against any attack.

Alex Eckelberry