One of the big stories in Apple's recent announcements was a new social network based in iTunes called Ping. It's probably early to draw too many conclusions about Ping, but according to Chet Wisniewski at Sophos one thing is clear: they didn't think too long about comment spam on the service: "......less than 24 hours after launch, Ping is drowning in scams and spams." So I signed up for Ping myself and followed a few of the people Ping recommended to me. Seconds later I found my first comment spam: Wisniewski: "Coincidentally, the most common spam on Ping at the moment targets Apple itself. The attacks are nearly identical to survey spams we have blogged about on Facebook, Google and Twitter." Obviously this agrees with my experience. He also notes that it's trivial to create fake accounts on Ping since there's no hard authentication. Techcrunch also notes this phenomenon, pointing out that while Facebook and Apple are spatting about Ping, a fake Mark Zuckerberg is signed up for the new service.

(added September 3, 2010) A full-content feed is available at http://www.us-cert.gov/current/index.atom

(added September 3, 2010) A full-content feed is available at http://www.us-cert.gov/current/index.atom

Most antivirus products run on a yearly subscription model. At the end of the year, you either re-up or start looking for a replacement. Is that anniversary coming up for you? Will you stay with the same security vendor, or are you itching for a change? Smart users keep up with the competition even when that Day of Reckoning is months away.

It's true that quite a few significant security vendors haven't yet released their 2011 editions. Last year's Norton Internet Security 2010 is still current - until next week anyway. Trend Micro Internet Security Pro (version 3) also gets replaced by an update next week, and Spyware Doctor with AntiVirus 2010 the following week. Updates from F-Secure, ZoneAlarm, McAfee and others are further off.

Even so, quite a few of the major and minor players have already stepped up with new and innovative versions for 2011. In The Best Antivirus Software for 2011 (So Far) I've rounded up six commercial antivirus utilities and four free ones, all with new versions from this summer. Look for new roundups as more contenders enter the ring.

There's a new version of iTunes out to provide lots of new features and services from Apple, but it's got another surprise under the covers: security vulnerability fixes.

iTunes 10 for Windows includes a new version of the Webkit web browser which fixes 13 security vulnerabilities, the same fixes recently provided in Safari 5.0.1. Many of these are critical remote code execution vulnerabilities or information disclosure bugs.

Oddly, the iTunes update says that only Windows is affected, but the CVE vulnerability descriptions (such as this one) say that both the Windows and OS X versions are affected. The Safari updates were also listed both for Windows and OS X. It makes sense that iTunes for OS X is also vulnerable but not yet fixed. In all likelihood, the earlier fixes to Safari in OS X fixed the installation of Webkit used by iTunes on that platform.

If you read PCMag regularly you know more than the average Jo about how to protect your computer and your personal information from all kinds of cyber-attacks. That puts you way ahead of the crowd, but you'd be even safer if everybody took proper precautions. To reach a wider audience with their security message the techies at Symantec are enlisting some new help - hot rapper Snoop Dogg and YOU. Yes, you can be part of their new "Hack is Wack" initiative by submitting your own rap video for a chance to win awesome prizes.

(added August 25, 2010; updated September 1, 2010) A full-content feed is available at http://www.us-cert.gov/current/index.atom

(added September 1, 2010) A full-content feed is available at http://www.us-cert.gov/current/index.atom

Microsoft has updated their advisories and issued a new tool for the vulnerability in many Windows apps that could lead to the unwitting execution of a malicious DLL. This story has been developing for a couple weeks now and this is not the last we'll hear of it.

(added August 31, 2010) A full-content feed is available at http://www.us-cert.gov/current/index.atom

Type: Vulnerability. Apple QuickTime is prone to a remote code-execution vulnerability.

Download and install the updates and ensure that you have automatic updating turned on.

Type: Vulnerability. Microsoft Silverlight ActiveX control is prone to a remote memory-corruption vulnerability; fixes are available.

Type: Vulnerability. Microsoft Word is prone to a remote code-execution vulnerability; fixes are available.

Type: Vulnerability. Microsoft Windows is prone to a local privilege-escalation vulnerability; fixes are available.

Type: Vulnerability. Microsoft Windows Movie Maker is prone to a remote buffer-overflow vulnerability; fixes are available.

Download and install the update and ensure that you have automatic updating turned on.

Read how Microsoft Active Protections Program (MAPP) will include vulnerability information sharing from Adobe Systems Incorporated.

Download and install the updates, or check whether they have been installed automatically.

Improve efficiencies between security practices and HIPAA regulatory activities by adopting Microsoft's Security Development Lifecycle (SDL)