Peaches

Update Experts
 View Profile  See their activity

  • Content Count

    2130

  • Joined

  • Last visited

 Content Type 

Posts posted by Peaches

  1. Buffer Overflow In Vista's Tcp/ip Stack

    in Security Alerts

    Posted

    24 November 2008, 12:57

    Buffer overflow in Vista's TCP/IP stack

    "Researchers at Austrian firewall maker phion AG have discovered a local vulnerability in Windows Vista's TCP/IP stack that may be exploited to obtain complete control of the operating system. Phion's security advisory says that calling the Windows CreateIpForwardEntry2 API function with a cunningly chosen parameter causes a kernel memory area to be overwritten, so that the system crashes with the dreaded blue screen. The same effect can reportedly be achieved by issuing the command route add and inputting a net mask with more than 32 bits as a parameter – evidently this command uses the same Windows function."

    Heise Security: http://www.heise-online.co.uk/security/Buf...k--/news/112040

  2. Low-price Apple Netbook Coming Next Year

    in Mac, iPhone, iPad, iPod

    Posted · Edited by Peaches

    Low-Price Apple Netbook Coming Next Year

    Gregg Keizer, Computerworld

    Monday, November 24, 2008 1:40 PM PST

    "Apple Inc. will roll out a lower-priced and lighter-weight laptop in the first half of 2009 to compete in the growing "netbook" category, an analyst said today.

    The slipping economy will force Apple to address a glaring omission in its line-up: the lack of a lower-priced laptop, said Ezra Gottheil, an analyst with Technology Business Research Inc.

    "Apple is facing the possibility that as the economic news gets worse, that they're increasingly pricing themselves out of an important market," said Gottheil. "Economic conditions are accelerating this."

    Apple won't compete directly with netbooks on price or form factor, Gottheil maintained, but will have to respond with something he characterized as an "entry-level notebook" that could compete with the $300-500 price tags of most netbooks. Currently, Apple's lowest-priced notebook is the older, white-cased MacBook , which the company retained when it unveiled new unibody MacBooks and MacBook Pros last month. That MacBook lists for $999, although Best Buy has launched a sale of Apple hardware that prices the model at $899."

    More here: http://www.pcworld.com/businesscenter/arti..._next_year.html

  3. Critical Bof Vulnerability Found In Ffdshow

    in Security Alerts

    Posted

    Nov 24 2008

    Highly critical

    Critical BoF vulnerability found in ffdshow affecting all internet browsers

    4:01 pm under Bkis Security Advisories

    ffdshow is a DirectShow filter and VFW codec for many audio and video formats, such as DivX, Xvid and H.264. It is the most popular audio and video decoder on Windows. Besides a stand-alone setup package, ffdshow is often included in almost all codec pack software such as K-lite Codec Pack, XP Codec Pack, Vista Codec Package, Codec Pack All in one,…

    In Oct 2008, SVRT-Bkis has detected a serious buffer overflow vulnerability in ffdshow which affects all available internet browsers. Taking advantage of the flaw, hackers can perform remote attack, inject viruses, steal sensitive information and even take control of the victim’s system.

    Since ffdshow is an open source software (can be found at http://sourceforge.net/projects/ffdshow-tryout), we have contacted the developing team and they have patched the vulnerability in the latest version of ffdshow.

    http://security.bkis.vn/?p=277 & http://secunia.com/advisories/32846/

  4. Kernel Vulnerability Found In Vista

    in PC Tips and Tricks

    Posted

    November 22, 2008 4:15 PM PST

    Kernel vulnerability found in Vista

    Posted by David Meyer

    A flaw in Vista's networking has been found that can crash the system, but no fix is expected until the next service pack

    A flaw has been found in Windows Vista that could allow rootkits to be hidden or denial-of-service attacks to be executed on computers using the operating system.

    The vulnerability was found by Thomas Unterleitner of Austrian security company Phion and was announced Friday. Unterleitner told ZDNet UK on Friday that Phion told Microsoft about the flaw in October but that he understood a fix would only be issued in the next Vista service pack.

    According to Unterleitner's disclosure of the flaw, the issue lies in the network input/output subsystem of Vista. Certain requests sent to the iphlpapi.dll API can cause a buffer overflow that corrupts the Vista kernel memory, resulting in a blue-screen-of-death crash.

    "This buffer overflow could (also) be exploited to inject code, hence compromising client security," Unterleitner said.

    Unterleitner told ZDNet UK via e-mail that the "exploit can be used to turn off the computer using a (denial-of-service) attack." He also suggested that, because the exploit occurs in the Netio.sys component of Vista, it may make it possible to hide rootkits.

    Using a sample program, Unterleitner and his colleagues ascertained that Vista Enterprise and Vista Ultimate were definitely affected by the flaw, with other versions of Microsoft's operating system "very likely" to be affected as well. Both 32-bit and 64-bit versions are vulnerable. Windows XP is not affected.

    More here: http://news.cnet.com/8300-1009_3-83.html

  5. Microsoft Yanks Fake Security Software

    in Security Alerts

    Posted

    Microsoft Yanks Fake Security Software

    Gregg Keizer, Computerworld

    Saturday, November 22, 2008 1:48 PM PST

    "Microsoft said that the anti-malware tool it pushes to Windows users as part of Patch Tuesday removed fake security software from nearly a million PCs during nine days this month.

    In a post to the company's malware protection center blog on Wednesday, three of Microsoft's security researchers spelled out the impact this month's edition of the Malicious Software Removal Tool (MSRT) has had on phony security software. In the period from Nov. 11 to Nov. 19, said Scott Wu, Scott Molenkamp and Hamish O'Dea, MSRT purged more than 994,000 machines of what the tool recognizes as "W32/FakeSecSen," the malware label for a broad range of bogus security program with names such as "Advanced Antivirus," "Spyware Preventer," "Ultimate Antivirus 2008" and "XPert Antivirus."

    Windows users have been plagued with a flood of worthless security software in recent months as criminals have discovered that they're money-makers. According to one researcher, cyber-crooks can pull in as much as US$5 million a year by installing the rogue programs on PCs, then dunning users with made-up claims that the machine is infected. Unless consumers fork over a payment -- usually $40 to $50 -- the constant stream of pop-up messages continue, making the machine hard to use."

    Read here: http://www.pcworld.com/businesscenter/arti...y_software.html

  12. 3 Different Security Warnings

    in Security Alerts

    Posted

    Symantec Sees Spike in Dangerous Microsoft Attacks

    Robert McMillan, IDG News Service

    Friday, November 21, 2008 4:20 PM PST

    "Symantec is warning of a sharp jump in online attacks that appear to be targeting a recently patched bug in Microsoft's Windows operating system, an analysis that some other security companies disputed Friday.

    Symantec raised its Threat Con security alert level from one to two because of the attacks, with two denoting "increased alertness." But other vendors, including Arbor Networks and McAfee, said they were seeing no such activity.

    The attacks spotted by Symantec target a flaw in the Windows Server Service that Microsoft says could be exploited to create a self-copying worm attack. Late last month, Microsoft took the unusual step of rushing out an emergency patch for the bug after it saw a small number of online attacks that took advantage of it.

    Since then, security experts and Microsoft have said that the attacks have not been widespread, but that may now be changing, according to Symantec. "

    Read here: http://www.pcworld.com/businesscenter/arti...ft_attacks.html

    >>>>>>>>>>>>>>>>>>

    IBM Warning: Holidays To Bring Blizzard Of New Attacks on Consumers

    IBM Internet Security Systems warns against a new wave of security threats during the holidays and provides guidance on how consumers and businesses can protect themselves

    Nov 21, 2008 | 02:52 PM

    By IBM

    DarkReading

    "ATLANTA - Based on both current and historical security trends, IBM Internet Security Systems (ISS) today announced five major areas of holiday security risk for consumers and businesses, along with four suggestions for avoiding these risks during the holiday season.

    The risks include:

    * A new wave of malcode-carrying spam - Throughout the year, the IBM ISS X-Force security research team has observed a growing wave of "parasitic" malcode. These are malicious email payloads that bypass end-user security software (anti-virus, personal firewalls, etc.) and compromise the target computer. Once compromised, the computer comes under the remote control of criminals. This holiday shopping season, the X-Force team expects a wave of socially engineered "holiday cheer" emails that pack a malicious punch.

    * New phishing theme: Bank merger mania - As banks continue to struggle and merge, the X-Force believes criminals will exploit shaky consumer confidence in the banking industry with a wave of phishing attacks designed to fool banking customers into revealing personal information such as account numbers and passwords.

    * Spoofed online portals - As Black Friday approaches, IBM ISS expects to see phishing gangs launch a new generation of fake online shopping portals that spoof well-known brands, in an effort to steal credit card information. They also will likely promote these counterfeit sites with emails, offering steep discounts or "special sales."

    * Tainted toys and gadgets - Every Christmas brings an abundance of electronic gadgets, smart-phones and auto-play DVDs. Past X-Force research has shown that some of these toys are loaded with malware and can be used by cybercriminals as a backdoor for entry into corporate networks."

    More here: http://www.darkreading.com/internet/securi...ttacks/breaches

    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

    PandaLabs Warns 'High School Musical' Fans to Watch Out for Virus-Laden Downloads

    November 21, 2008

    Cybercrooks targeting younger audiences by disguising malware as files related to hit movie

    By PandaLabs

    DarkReading

    "GLENDALE, Calif., Nov. 21, 2008 - PandaLabs, Panda Security's malware analysis and detection laboratory, has reported that numerous downloadable songs and videos related to the hit movie "High School Musical" are being used by cyber-crooks to disguise malware (viruses, worms, Trojans, etc.). The infected files are distributed through popular peer-to-peer (P2P) file sharing networks such as eMule, eDonkey, etc. and when users search for files related to "High School Musical" using these programs, some of the results include files infected with malware.

    When users run one of these fake files they may expect to hear songs from the film or see a video clip, yet all that will happen is that the computer will be infected by VB.ADQ, the Agent.KGR Trojan, the adware Koolbar, or another strain of malicious code. Some of these might display images related to the film when they are run, but this is just to avoid arousing suspicion.

    "Cyber-crooks are exploiting the interest of the numerous fans of these films, by hiding their creations in files with names related to 'High School Musical,'" explains Luis Corrons, technical director of PandaLabs. "An added danger is that many of these fans are very young and as such are more likely to fall into the trap. It is important that safeguards and appropriate parental monitoring solutions are put into place to protect consumer's PCs."

    http://www.darkreading.com/security/antivi...ttacks/breaches

  13. Internet Explorer 8 Will Ship In 2009

    in Article Submissions

    Posted

    Internet Explorer 8 Will Ship In 2009

    Microsoft has put to rest speculation that its next browser will drop before year's end.

    By Paul McDougall

    InformationWeek

    November 21, 2008 11:40 AM

    "Computer users hoping to get their hands on a final version of Microsoft's Internet Explorer 8 Web browser are going to have to wait a bit longer.

    Though speculation has pegged IE8's release for sometime this year, a Microsoft executive has confirmed that the browser will not ship until 2009.

    Twitters Evan Williams and Current TVs Joel Hyatt talked at the Web 2.0 Summit about the current state of media, including some of the changing ways that people are communicating, sharing and making money with user-generated content.

    In a blog post Wednesday, IE general manager Dean Hachamovitch said Explorer 8 will not be released in final form at least until the first quarter of next year. In fact, the browser will undergo beta testing into the new year, said Hachamovitch.

    "We will release one more public update of IE8 in the first quarter of 2009, and then follow that up with the final release," Hachamovitch wrote. "Our next public release of IE indicates the end of the beta period. We want the technical community of people and organizations interested in Web browsers to take this update as a strong signal that IE8 is effectively complete and done."

    Microsoft is planning to include a number of new features in IE8, most noticeably in the privacy arena. "

    Read here: http://www.informationweek.com/news/intern...cleID=212101380

    >>>>>>>>>>>>>>>>

  14. Useless Information

    in The Comedy Club

    Posted

    Useless Information

    * The ''sixth sick sheik's sixth sheep's sick'' is said to be the toughest

    tongue twister in the English language.

    * 23% of all photocopier faults worldwide are caused by people sitting on them and photocopying their buttocks.

    * A pregnant goldfish is called a twit.

    * It is physically impossible for pigs to look up into the sky.

    * A duck's quack doesn't echo, and no one knows why.

    * My husband and I divorced over religious differences. He thought he was God and I didn't.

    * I'm not a complete idiot -- Some parts are just missing.

    * Consciousness: That annoying time between naps.

    * Ever stop to think, and forget to start again?

    * Out of my mind – Will be back in five minutes.

    * It’s scary when you start to make noises the same as your coffeemaker.

    * Ham and eggs - A day's work for a chicken, a lifetime commitment for a pig.

    New meanings

    BLAMESTORMING: Sitting around in a group, discussing why a deadline was missed or a project failed, and who was responsible.

    STRESS PUPPY: A person who seems to thrive on being stressed out and whiney.

    SEAGULL MANAGER: A manager who flies in, makes a lot of noise, craps on everything, and then leaves.

    ASSMOSIS: The process by which some people seem to absorb success and advancement by kissing up to the boss rather than working hard.

    SALMON DAY: The experience of spending an entire day swimming upstream only to get screwed and die in the end.

    CUBE FARM: An office filled with cubicles.

    PRAIRIE DOGGING: When someone yells or drops something loudly in a cube farm, and people's heads pop up over the walls to see what's going on.

    MOUSE POTATO: The on-line, wired generation's answer to the couch potato.

    SITCOMs: Single Income, Two Children, Oppressive Mortgage. What yuppies turn into when they have children and one of them stops working to stay home with the kids.

    SWIPEOUT: An ATM or credit card that has been rendered useless because the magnetic strip is worn away from extensive use.

    XEROX SUBSIDY: Euphemism for swiping free photocopies from one's workplace.

    IRRITAINMENT:Entertainment and media spectacles that are annoying but you find yourself unable to stop watching them.

    PERCUSSIVE MAINTENANCE: The fine art of whacking the crap out of an electronic device to get it to work again.

    ADMINISPHERE: The rarefied organizational layers beginning just above the rank and file. Decisions that fall from the adminisphere are often profoundly inappropriate or irrelevant to the problems they were designed to solve. 404: Someone who's clueless. From the World Wide Web error message "404 Not Found," meaning that the requested document could not be located.

    GENERICA: Features of the American landscape that are exactly the same no matter where one is, such as fast food joints, strip malls, and subdivisions.

    OHNOSECOND: That minuscule fraction of time in which you realize that you've just made a BIG mistake.

  15. Symantec Backup Exec For Windows Servers Multiple Vulnerabilities

    in Security Alerts

    Posted

    Symantec Backup Exec for Windows Servers Multiple Vulnerabilities

    Moderately critical

    Some vulnerabilities have been reported in Symantec Backup Exec for Windows Servers, which can be exploited by malicious people to bypass certain security restrictions and by malicious users to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

    Solution:

    Apply patches.

    Backup Exec for Windows Servers version 12.5 build 2213:

    http://support.veritas.com/docs/314380

    Backup Exec for Windows Servers version 12.0 build 1364:

    http://support.veritas.com/docs/314497

    Backup Exec for Windows Servers version 11d build 7170:

    http://support.veritas.com/docs/314512

    Backup Exec for Windows Servers version 11d build 6235:

    http://support.veritas.com/docs/314515

    secunia: http://secunia.com/advisories/32810

  16. Itunes Customers Angry Over Copy Protection Moves At Apple

    in Mac, iPhone, iPad, iPod

    Posted

    November 19, 2008 5:57 PM PST

    iTunes customers angry over copy protection moves at Apple

    Posted by Elinor Mills

    "Want to watch a high-definition show from iTunes on an older external display? Good luck!

    Some Mac users are teed off that they are getting error messages saying the iTunes movie they rented or bought can't be played on their display because it is not HDCP (High Digital Content Protection) authorized.

    And some people are complaining they are only able to play certain standard definition iTunes content on their laptop or via an HDMI connection.

    As a result, some Apple forum participants have threatened to boycott iTunes."

    More here: http://news.cnet.com/8300-1009_3-83.html

  17. Researchers Find Vulnerability In Windows Vista

    in PC Tips and Tricks

    Posted

    Researchers Find Vulnerability in Windows Vista

    Jeremy Kirk, IDG News Service

    Thursday, November 20, 2008 7:40 AM PST

    "An Austrian security vendor has found a vulnerability in Windows Vista that it says could possibly allow an attacker to run unauthorized code on a PC.

    The problem is rooted in the Device IO Control, which handles internal device communication. Researchers at Phion have found two different ways to cause a buffer overflow that could corrupt the memory of the operating system's kernel.

    In one of the scenarios, a person would already have to have administrative rights to the PC. In general, vulnerabilities that require that level of access somewhat undermine the risk since the attacker already has permission to use to the PC."

    Read here: http://www.pcworld.com/businesscenter/arti...dows_vista.html

    >>>>>>>>>>>>>>>>

  18. Paypal Spam Warns Of Fraud, Installs Worm Instead

    in Security Alerts

    Posted

    Nov18

    PayPal Spam Warns of Fraud, Installs Worm Instead

    "A new fake PayPal email message is being spammed — this time, it is not the typical PayPal phishing email that everyone is accustomed to. Instead of including links asking for the recipient’s personal information, this spammed message asks users to open a .ZIP attachment.

    It informs recipients that their PayPal accounts were hacked, and that some fraudulent activity may have occurred. As part of security measures, “PayPal†is asking users to review the “report†in the .ZIP file and then contact the company if anything unusual is discovered.

    The attachment that arrives with this spam, however, does not contain a report or any similar information.

    Inside the .ZIP archive is a worm that infects the recipient’s computer upon execution.

    More plus screenshots: http://blog.trendmicro.com/

  19. Thanks To Gamers, The Desktop Supercomputer Arrives

    in Article Submissions

    Posted

    Thanks to gamers, the desktop supercomputer arrives

    Nvidia's graphics processing power produces a (relatively) inexpensive HPC, the Tesla Personal Supercomputer

    November 18, 2008 (Computerworld)

    AUSTIN -- "The definition of a personal supercomputer goes something like this: It's inexpensive, can sit on a desk, plugs into a wall socket and is at least within jumping distance of the Top500 supercomputing list. By that measure, Nvidia Corp.'s new computer is one of the first arrivals in this emerging product category.

    Nvidia today unveiled a workstation it calls the Tesla Personal Supercomputer at the Supercomputing 08 show here. The Tesla sports 960 cores, delivers almost 4 teraflops of performance and costs less than $9,995. It achieves that speed and price by using four graphics processing units (GPU), each of which has 240 cores.

    "This really is the supercomputer on your desk," Dell Inc. CEO Michael Dell told attendees at the conference, which drew more than 10,000 science and commercial high-performance computing users, along with a slew of vendors hoping that the high-performance computing (HPC) market will be a bright spot in otherwise difficult tech economy. The attendance was a new record for this annual conference."

    More here: http://www.computerworld.com/action/articl...ticleId=9120741

  20. Hosting Firm Takedown Bags 500,000 Bots

    in Security Alerts

    Posted

    Hosting firm takedown bags 500,000 bots

    The shutdown of McColo knocks out a record number of bots, says researcher

    By Gregg Keizer

    November 18, 2008 (Computerworld)

    "The shutdown last week of a U.S.-based Web hosting company crippled more than 500,000 bots, or compromised computers, which are no longer able to receive commands from criminals, a security researcher said today.

    Although the infected PCs are still operational, the previously-planted malware that tells them what to do can't receive instructions because of the shutdown last week of McColo Corp.

    "Half a million bots are either offline or not communicating" with their command-and-control servers, estimated Joe Stewart, director of malware research at SecureWorks Inc.

    McColo was disconnected from the Internet by its upstream service providers at the urging of researchers who believed the company's servers hosted a staggering amount of cybercriminal activity, including the command-and-control servers of some of the planet's biggest botnets. Those collections of infected PCs were responsible for as much as 75% of the spam sent worldwide. When McColo went dark, spam volumes dropped by more than 40% in a matter of hours."

    Read here: http://www.computerworld.com/action/articl...;intsrc=hm_list

  21. Spam Drop Could Boost Trojan Attacks

    in Security Alerts

    Posted

    Spam Drop Could Boost Trojan Attacks

    John E. Dunn, Techworld.com

    Monday, November 17, 2008 8:03 AM PST

    "The dramatic fall in spam traffic reported last week after alleged rogue ISP McColo was taken offline will only be a temporary reprieve and could actually generate a new wave of Trojans, experts have warned.

    ISPs disagree on the global percentage drop caused by the shuttering of California-based McColo last week, with estimates given by those contacted by Techworld ranging from 50 to 80 percent, but even the lower figure is still an unprecedented fall in such a short space of time. It appears that even those who were aware of its use as a hosting port had not guessed that a single ISP could be behind such a huge chunk of the world's spam.

    "Our servers haven't been so relaxed for months," said Richard Cox, CIO of respected spam-fighting organisation, Spamhaus, ruefully. "This proves how important it is for the law to get at this sort of criminality."

    Read here: http://www.pcworld.com/businesscenter/arti...?tk=rl_noinform

  23. Avg Slaps Trojan Label On Adobe Flash

    in Security Alerts

    Posted

    AVG slaps Trojan label on Adobe Flash

    Third false alarm follows upgrade offer

    By John Leyden

    "AVG, the popular anti-virus package, has falsely identified Adobe Flash as potentially malicious. The snafu comes just days after AVG slapped a bogus Trojan warning on a core Windows component.

    Users on AVG forums complained on Friday that Adobe Flash was detected by AVG's scanner as malicious, following a recent update. The gaffe follows an even more glaring screw-up when user32.dll, a core Windows component, was identified as a banking Trojan following a signature update issued on Sunday. Users who followed AVG's advise and deleted the "harmful file" were left with systems that either failed to boot or went into a continuous reboot cycle. Users of both AVG 7.5 and 8 (free and full-feature editions) were affected.

    Less than a month ago AVG identified CheckPoint’s Zone Alarm as a Trojan.

    False alarms by anti-virus scanners are a well-known Achilles heel. Everybody who's anybody has problems with false alarms from time to time but to have three such problems in less than a month is difficult to defend."

    More here: http://tinyurl.com/5sug22

  24. Pdf Malware Hits Acrobat Reader Flaw

    in Security Alerts

    Posted

    PDF Malware Hits Acrobat Reader Flaw

    Megan Burger, PC Advisor

    Saturday, November 15, 2008 3:05 PM PST

    "PC Tools is reporting an increase in PDF-based malware, some of which can evade antivirus software.

    According to a PC Tools blog posting, the security vendor's user community is seeing a slew of rigged PDF files attacking various buffer overflow vulnerabilities in the Adobe Acrobat Reader software. The PDF malware attacks target the newest publicly known Adobe Acrobat Reader vulnerability. Adobe issued a patch last week.

    On some occasions users are duped into downloading malicious files that appear to be Microsoft software updates. More often, users appear to be downloading silent malicious installers.

    Worryingly, two of the downloaded, packed files behave in a way that evades antivirus file scanning."

    Read here: http://www.pcworld.com/businesscenter/arti...eader_flaw.html