Lost+Found: Identity crisises and cookies crumbled

Too short for news, too good to lose; Lost+Found is a roundup of useful and interesting security news. In this edition: Anti-virus software suffers identity crisis, easily digestible Joomla cookies and more than 1200 bugs, including one in Google Chrome's PDF viewer.

• McAfee ePolicy Orchestrator is supposed to ensure the security of the clients managed by it. As this video shows, however, if it's not up to date, it can be transformed into a highly reliable means of disseminating malware.

• Wicked tongues (and researchers) are claiming that Android anti-virus programs offer little resistance to a really dedicated trojan app. A recently fixed DoS vulnerability in Lookout Mobile Security does not exactly strengthen trust in this genus of mobile malware hunter.

• Anti-virus software Malwarebytes Anti-Malware appears to be suffering an identity crisis. Following a recent signature update, it now regards itself as a trojan downloader.

• Users are advised to pay extra attention to their Joomla cookies. Weak encryption means that the plain text password stored in the cookies can easily be cracked.

• Researchers at Carnegie Mellon University, Pittsburgh have used their Mayhem vulnerability finder to discover 1200 bugs in Debian packages. Their next task is to fill in 1200 bug reports.

• What you see is what you get? Not on the PDF display module in Google Chrome. When saving an open PDF file in Google's browser, it is possible to inject other files of your choice – including executables (.exe).

(djwm)