Facebook has started to allow users to create their own apps. If you're a member, you may have noticed this by the massive number of application requests you have started receiving. The problem is, these apps by default won't go through much of a vetting process. This allows sites such as this one, to find all of the nasty holes each new app pokes into Facebook. If this doesn't worry you because you aren't using any of the broken apps, it should, because many of these apps can be abused to direct attacks against people who don't use the apps. Given that much of Facebook involves sending content from one user to another (i.e. propagation), this has the potential for a self-propagating malware ala the MySpace "Samy" worm.
A big problem in the win32 world is managing patches for the various applications you have installed. Windows does a good job of patching itself with Microsoft Update, but other apps aren't as good. Some, such as Adobe, have their own updater, but these updaters aren't consistent and leave you trying to manage several different updating tools, with several different schedules and capabilities (e.g. does it support your proxy), and you still end up with more than half of your win32 apps not having an updater at all.
Continue reading "Secunia releases Security Patch tool for Windows Applications"