-
Content Count
2130 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Everything posted by Peaches
-
Twitter Clickjacking Hack Released A new proof-of-concept attack gains control of Twitter's "What are you doing?" update function Feb 03, 2009 | 02:54 PM By Kelly Jackson Higgins DarkReading "A Web developer has released a proof-of-concept clickjacking attack targeting Twitter that demonstrates how an attacker could take over a member's "update" function on the microblogging site. In a nutshell, all it takes is for the victim to click on a seemingly innocent link on a Webpage while logged into Twitter, and then his or her "What are you doing?" status is under the attacker's co
-
Removing admin rights stymies 92% of Microsoft's bugs Bulk of IE's bugs in '08 could have been blocked, says vendor By Gregg Keizer February 3, 2009 (Computerworld) "Nine of out 10 critical bugs reported by Microsoft last year could have been made moot, or at least made less dangerous, if people ran Windows without administrative rights, a developer of enterprise rights management software claimed today. BeyondTrust Corp., which touts its Privilege Manager as a way for companies to lock down PCs, tallied the individual vulnerabilities that Microsoft disclosed in 2008, then examined
-
Bugzilla Multiple Vulnerabilities Secunia Advisory: SA33781 Release Date: 2009-02-03 Critical: Moderately critical Impact: Cross Site Scripting Exposure of sensitive information Where: From remote Solution Status: Vendor Patch Software:Bugzilla 3.x Subscribe: Instant alerts on relevant vulnerabilities Description: Some vulnerabilities and a security issue have been reported in Bugzilla, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to potentially disclose sensitive information or to conduct cross-site request forgery
-
Gmail Simplifies the Labeling Process By Chris Crum - Tue, 02/03/2009 - 21:42 Google has taken a few steps to make labeling email messages in Gmail a little less complicated, particularly for those who are new to the service and not used to the Gmail labeling system. Gmail users will notice that the buttons at the top of their inboxes are a little different looking now: Before, if you wanted to move a message out of your inbox and into a label you first had to apply the label using the "More actions" menu and then click "Archive." Now as Gmail Engineer Emil A. Eklund explains, "I
-
2 February 2009, 10:03 UAC vulnerability found in Windows 7 Beta A simple script has been published by developer Rafael Rivera, which uses a vulnerability in the current Windows 7 beta to disable User Account Control (UAC). In a response to complaints about UAC in Windows Vista, Microsoft has made UAC in Windows 7 ask the user for permission less often and even hides prompts when users change Windows settings. Changing the UAC system settings has been made a lot easier for users in the new Windows 7 beta as the default security has been reduced. Rivera's script sends keyboard com
-
<h1 class="container" align="center">Protect Yourself from Fake Anti-Virus Software</h1> Today's issue is about a scam that's growing very fast and that you really need to be aware of: how fake anti-virus and anti-spyware software is being used by scammers and identity thieves in many cunning ways. Scammers, identity thieves and hackers have grown more sophisticated. Today, some cyber-criminals are selling -- or giving away -- software that supposedly fights viruses, spyware and malware. In fact, their "rogue software" often doesn't work, or actually infects your compu
-
Freebies: AShampoo Burning Studio 2009 - full free commercial software: Serial Code Leave "Get full version key" checked during installation to start the process of receiving your free registration key It's an excellent utility http://www.vnunet.com/vnunet/downloads/223...ing-studio-2009 DriverMax Free v. 4.9 for Windows Vista, Windows XP and Windows 2003 Note: DriverMax only works on Windows Vista, Windows XP and Windows 2003 (all service packs). Driver downloads are *only* available for Windows Vista and Windows XP users. DriverMax is a new tool that allows you to download
-
Free Download Manager Multiple Vulnerabilities Secunia Advisory: SA33524 Release Date: 2009-02-02 Critical: Highly critical Impact: System access Where: From remote Solution Status: Vendor Patch Software: Free Download Manager (FDM) 3.x Free Download Manager 2.x Binary Analysis: BA657 :: Available for 1 Credit BA640 :: Available for 1 Credit BA662 :: Available for 1 Credit Subscribe: Instant alerts on relevant vulnerabilities CVE reference: CVE-2009-0183 CVE-2009-0184 Description: Secunia Research has discovered some vulnerabilities in Free
-
Novell GroupWise Multiple Vulnerabilities Secunia Advisory: SA33744 Release Date: 2009-02-02 Critical: Highly critical Impact: Security Bypass Cross Site Scripting DoS System access Where: From remote Solution Status: Vendor Patch Software: Novell Groupwise 6.x Novell GroupWise 7.x Novell GroupWise 8.x Subscribe: Instant alerts on relevant vulnerabilities CVE reference: CVE-2009-0272 CVE-2009-0273 CVE-2009-0274 Description: Some vulnerabilities have been reported in Novell GroupWise, which can be exploited by malicious people to conduct cross-sit
-
Google Chrome Cross-Site Scripting and Information Disclosure Secunia Advisory: 2009-02-02 Critical: Moderately critical Impact: Cross Site Scripting Exposure of sensitive information Where: From remote Solution Status: Vendor Patch Software:Google Chrome 1.x Subscribe: CVE reference: Description: Two vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to conduct cross-site scripting attacks or to disclose sensitive information. 1) A vulnerability in the Adobe Reader plug-in can be exploited by malicious people to conduct cross-site sc
-
Gears of War bug not SafeDisc DRM's first Legitimate owners of the PC version of the popular game were blocked starting Thursday By Eric Lai January 30, 2009 (Computerworld) The antipiracy technology that locked out players of the popular Gears of War game on Thursday was also implicated in a 2007 bug that allowed hackers to take control of Windows PCs. In November 2007, Microsoft Corp. revealed that copies of Windows XP and Windows Server 2003 were being exploited because of a bug in SafeDisc's digital rights management (DRM) technology, which is meant to guard against ille
-
How many men does it take to open a beer? None. It should be opened when she brings it. ------------ --------- --------- --------- --------- --------- --------- - Why is a Laundromat a really bad place to pick up a woman? Because a woman who can't even afford a washing machine will probably never be able to support you. --------------------- --------- --------- --------- --------- --------- -- Why do women have smaller feet than men? It's one of those 'evolutionary things' that allows them to stand closer to the kitchen sink. ------------ --------- --------- --------- ---
-
AMD set to release DDR3-capable chips ahead of schedule A leaked roadmap suggests the new Phenom II and triple-core processors are coming By Agam Shah January 30, 2009 (IDG News Service) Advanced Micro Devices (AMD) will soon introduce processors that are capable of supporting DDR3 memory, earlier than the company had anticipated. The company in the next few weeks will launch new processors targeted at desktops that will include DDR3-capable memory controllers, said John Taylor, an AMD spokesman. Taylor declined comment on specific processors being launched, though a leaked
-
Beware Revived Valentine's Day Virus Gregg Keizer, Computerworld Saturday, January 31, 2009 4:15 PM PST Spam trumpeting the power of love is nothing more than an old trick dressed up in new clothes, more evidence that the backers of the Waledec bot Trojan are the same bunch that hammered users in 2007 with Storm, security companies are warning. Multiple security vendors, including MX Logic Inc., Trend Micro Inc., and Panda Security, have issued alerts about new Valentine's Day-themed spam campaigns that try to dupe users into installing the Waledec bot. Subject lines for the spam, sa
-
31 January 2009, 20:59 Patches for VMware ESX and ESXi VMware has released updates for the ESX server and ESXi hypervisor, to fix four vulnerabilities which affect VMware ESXi 3.5, VMware ESX 3.5, VMware ESX 3.0.3 and VMware ESX 3.0.2. One fix is for an issue with corrupted VMDK delta snapshots, which meant that if a corrupted snapshot was loaded, it was possible that it could crash the ESX host. The net-snmp package was fixed to remove its vulnerability to denial-of-service attacks related to the processing of SNMP GETBULK commands. The XML parser library, libxml2, was also fixe
-
30 January 2009, 14:42 Microsoft's Web Sandbox is now open source Microsoft's Web Sandbox Live Labs project is now available under an open source license. Microsoft chose the Apache 2.0 license for the project, but pointed out that the project will not become an Apache project, although the vendor has been a member of the Apache Software Foundation since July 2008. The Sandbox technology aims at allowing developers to create secure mash-up solutions and page extensions, like ads, or web-based gadgets, by isolating the components. In addition, the project wants to provide interoper
-
Microsoft: Next step for Windows 7 is a release candidate Windows engineering exec confirms move straight to RC from beta, but no dates given January 30, 2009 (Computerworld) By Gregg Keizer The head of Microsoft Corp.'s Windows development confirmed today that Windows 7 will take the unusual path of moving straight from a single beta, which was launched earlier this month, to a release candidate. However, Steven Sinofsky, senior vice president in charge of the Windows engineering group, declined to spell out a timetable for the rest of the Windows 7's development. "This is in n
-
Microsoft warns that Vista, XP upgrade blockers set to expire Kills Windows XP SP3 blocker after just 10 months By Gregg Keizer January 30, 2009 (Computerworld) Microsoft Corp. is warning customers that tools for blocking automatic upgrades to the newest service packs of Windows Vista and Windows XP will expire in the coming months. In a note on a company blog aimed at enterprise IT professionals, Microsoft said the Vista Service Pack 1 (SP1) blocking tool expires on April 28, while the one for XP SP3 expires May 19. The tools, which were released in December 2007, prevent servic
-
31 January 2009, 03:36 Symbian trojan steals money from mobile accounts According to media reports, Kaspersky is trying hard to damp down the effects of a warning about a new trojan for Symbian-based smart phones. Earlier this week, Kaspersky warned of a trojan which was able to transfer small sums, of between 45 and 90 cents, by texting. To do so, it makes use of a prepaid service from an Indonesian mobile phone provider. The malware, which has been christened SMS.Python.Flocker, spreads via Bluetooth and is written in Python. A successful infection requires an active Bluetooth con
-
Exaprotect Issues Warning on Apple Trojan Urges IT Industry to secure their virtual networks not just from external and internal attacks, but also from unwittingly giving remote malicious users the tools to attack other networks Jan 30, 2009 | 01:04 PM By Exaprotect DarkReading Mountain View, CA—January 27, 2009—Exaprotect, a leader in enterprise security management innovation, today urged the IT Industry to secure their virtual networks not just from external and internal attacks, but also from unwittingly giving remote malicious users the tools to attack other networks. On Ja
-
28 January 2009, Windows Mobile Bluetooth vulnerability allows access to any files A directory traversing vulnerability in the Bluetooth OBEX-FTP server of Windows Mobile 6 allows attackers to access files outside of the permitted list. According to the report, using "../" or "..\\" as part of the path name, is sufficient to traverse to other directories. An attacker could use the technique to copy files from a device, or to install their own software, such as a key logger, or other spyware. The issue does require that the targeted hand held device is paired with the attacking devic
-
IE8's clickjacking protection will have 'zero impact,' says researcher More info from Microsoft doesn't change opinion of researcher who reported problem By Gregg Keizer January 28, 2009 (Computerworld) " Microsoft Corp. provided more iformation today about how Internet Explorer's new anti-clickjacking feature works, but one of the researchers who first reported the problem last year said it will have "zero impact" on protecting users. Clickjacking is the term given last September to a new class of browser-based attacks that tricks users into clicking on site buttons or Web forms. Such att
-
Multiple heap overflows in plug-in for GStreamer media framework Jan 26, 2009 Modified QuickTime files can be used to provoke several heap overflows in the GStreamer Good Plug-in. Free Media players such as Totem and Amarok use the GStreamer framework for playing audio and video files. For a successful attack the victim must download a modified file and open it on an affected version. The vulnerability has been fixed in version 0.10.12 and version 0.10.13 , which is also free of this bug, has already been released to fix an error that was not security related. The new versions are ava
-
Review: Internet Explorer 8 RC1 -- almost ready to roll Release Candidate 1 of Microsoft's IE8 offers faster performance, better searches, more security and enough stability to be truly useful. The just-released Release Candidate 1 (RC1) of Internet Explorer 8 is a fast, stable browser, tweaked for productivity and security, with few obvious changes over the previous Beta 2 release. RC1 is feature-complete and largely bug-free. It appears nearly ready for widespread release, so don't be surprised if the final version arrives relatively soon. In this review, I'll look at the changes
-
Microsoft repeats IE8 lock-in warning for XP users with SP3 XP SP3 users may not be able to roll back to older browser, says company Jan 26, 2009 Greg Keizer "Microsoft Corp. today again warned users of Windows XP Service Pack 3 (SP3) that they may not be able to uninstall either the service pack or Internet Explorer 8 (IE8). The warning, made by Jane Maliouta, a Microsoft program manager as the company delivered Release Candiate 1 (RC1) on Monday, was a repeat of a caution she gave last August when Microsoft launched the browser's second beta. In a post to the IE blog, Maliouta re