 |
|
 |
 |
 |
 |
|
Security
» Attack Code Released for a new flaw in Internet Explorer
|
|
Raven writes: "The exploit code, made public Monday, aims to take advantage of the
"extremely critical" vulnerabilities in IE 5.5 and IE 6 running on XP
Service Pack 2 (SP2), and IE 6 running on Windows 2000 SP4, security
researcher Secunia said in advisory.
Once a PC user is tricked into visiting a malicious Web site, the
exploit can be triggered automatically, without the user doing
anything.
"An attacker could use the exploit to run any code they want
to on a person's system," said Thomas Kristensen, Secunia's chief
technology officer. "It could be they want to launch some really nasty
code on a user's system."
The flaw lies in a Javascript component of IE used for loading
Web pages onto a computer, according to an advisory from SANS Internet
Storm Center.
Microsoft has not released a patch for the hole exploited by
the code. People can attempt to work around the problem by either
shutting off Javascript or using another type of browser, security
companies advised.
Security researchers said the IE vulnerability has been known for the past six months..." Click HERE for the rest of the story.
Secunia's solution: Disable Active Scripting except for trusted sites.
|
|
|
Posted by VinDSL on Tuesday, November 22, 2005 @ 4:15 PM EST (2679 reads) ( comments? | Score: 5) |
|
|
|
 |
|
 |
|
|
|
|
Security
» Firefox Exploit Ventures Into The Wild
|
|
An exploit for the just-patched IDN bug in Mozilla's Firefox browser and namesake suite has been published on the Internet, a French security vendor said late Thursday. The hack creates a heap buffer overflow, and when it works, can give the user complete control of a vulnerable machine running Firefox, Mozilla, or even Netscape.
FrSIRT warned users of Firefox and Mozilla that the exploit code -- which FrSIRT published in its entirety, a not-uncommon practice for the firm -- should be considered a critical risk.
Tuesday, Mozilla patched the Firefox browser against the bug in its support of international domain names (IDN). Thursday, it followed up with a similar fix for the Mozilla suite in its Windows, Linux, and Mac OS X incarnations. Netscape, however, has not yet patched that browser.
Firefox 1.0.7 and Mozilla 1.7.12, which stymie the exploit, can be downloaded from the Mozilla site.
Source: informationweek.com/story/showArticle...
|
|
|
Posted by VinDSL on Saturday, September 24, 2005 @ 2:26 AM EDT (2392 reads) ( comments? | Score: 0) |
|
|
|
|
|
|
|
|
|
|
Security
» SCO Offers $250,000 MyDoom Reward
|
|
The SCO Group's web site was offline again this evening, as the company issued a statement saying it is experiencing a denial of service attack (DDoS). SCO also offered a $250,000 reward for information leading to the conviction of the author of the fast-spreading MyDoom worm, which is programmed to attack the SCO web site. The source of the outage at sco.com is unclear, as the DDoS component of MyDoom is not triggered until Feb. 1.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Security
» File Leeching? Bandwidth Theft? Is This The Answer???
|
|
In view of recent discussions concerning web site shutdowns due to excessive file leeching and bandwidth theft, I started looking around for a simple solution to the problem. Of special interest to me was a feature I saw on NukeScripts that required a passcode be entered before a file could be downloaded. This still allows unregistered, anonymous downloading, but also gives you some degree of control over who does the downloading. Specifically, it requires someone to actually visit your site and manually enter a passcode to get a file.
I thought this was a great idea, but unfortunately, it was being held back as a feature for the soon to be released NSN-Nuke distribution. I figured this was too important to the Nuke community at large to wait for eventual release, so I went in search of the original author. Whether or not I found him, I don't know, but I definitely found the mod.
Here is the end result:
Example of PHP-Nuke Passcode Security Feature for Downloads on Lenon.com
What do you think? Will it work? I think so!
I've been testing and tweaking it on my site for a few days with no complaints from either the users or myself. BTW, the example above is a link to the actual download mod if you want to get it from my site and try it for yourself...
|
|
|
Posted by VinDSL on Friday, September 05, 2003 @ 9:41 AM EDT (3897 reads) ( comments? | Score: 3.66) |
|
|
|
|
|
|
|
|
|
|
Security
» Spyware alert - Clientman
|
|
ExtremeTech reports on a new spyware program on the scene. It's name is Clientman and it seems to be a nasty piece of work.
Read the article here.
Also, If you're looking for a good spyware removal program, I would suggest Adaware. In the past it has worked flawlessly for me and has a great easy-to-use interface.
|
|
|
Posted by VinDSL on Thursday, May 01, 2003 @ 6:01 AM EDT (6252 reads) ( comments? | Score: 4) |
|
|
|
|
|
|
|
|
|
|
|
There isn't content right now for this block.
| |
|
|
|
