Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: 2006 Alerts - Q3

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash Player vuln - update available

    FYI...

    - http://secunia.com/advisories/20971/
    Release Date: 2006-07-10
    Critical: Highly critical
    Impact: DoS, System access
    Where: From remote
    Solution Status: Vendor Patch
    Software: Macromedia Flash Player 8.x
    ...The vulnerability has been reported in version 8.0.24. Prior versions may also be affected.
    Solution:
    Upgrade to version 9.0* ..."
    * http://www.adobe.com/shockwave/downl...ShockwaveFlash

    Test version installed:
    - http://www.macromedia.com/software/flash/about/

    Get Flash Player 9
    > http://www.adobe.com/products/flashplayer/

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #2
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Unhappy Worm Hits MySpace

    FYI...

    - http://www.techweb.com/article/print...section=700028
    July 17, 2006
    "A worm spreading through MySpace is embedding JavaScript code into users' profiles that redirects visitors to a site claiming the U.S. government was behind the 9/11 terrorist attacks, a security company warned Monday. The unnamed worm isn't malicious, said Symantec researchers, but the malformed Shockwave Flash (.swf) file containing the payload embeds JavaScript into the profile of any MySpace user who views the .swf file. "This script code would then be interpreted by any user who visited the site, allowing sensitive data to be stolen, such as a hash value required to carry out operations as a user," said Symantec. Currently, that access is being used only to spread the JavaScript code to other profiles on the popular social network site. An independent researcher has dissected the .swf file and commented on the code; his analysis is available here*..."

    * http://kinematictheory.phpnet.us/

    ...Yet another "conspiracy theory" - this one has some "extra" added.

    :(
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #3
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post Vonage ads loaded with spyware

    FYI...

    - http://www.benedelman.org/news/071806-1.html
    July 18, 2006
    "...Vonage spends huge amounts on advertising -- more than $20 million per month... Unfortunately, among this spending is widespread and substantial spyware-delivered advertising... manual and automated testing have documented Vonage ads appearing in all the major spyware programs..."

    (More info at the URL above.)
    ========================================

    Vonage Denies Spyware Charges
    - http://www.networkingpipeline.com/sh...leID=190600032
    July 19, 2006
    "Vonage denies that it uses spyware to deliver its advertising, as charged yesterday by spyware researcher Ben Edelman. Brooke Schulz, Vonage Senior Vice President, Corporate Communications, told Networking Pipeline that Edelman's claims that Vonage uses spyware "are unfounded," and that the company polices relationships with advertising vendors, to ensure that no ads are delivered via spyware. "Vonage has investigated every case of spyware that has been brought to its attention and terminated the relationship immediately with the entities in question who we find are in fact using spyware," Schulz said. "We believe Mr. Edelman's claims that this is a significant problem with our advertising are unfounded. Vonage takes this issue seriously and is committed to having good policing policies in place to prevent our brand from being sullied by unscrupulous spyware operators"..."

    "...who we find are in fact using spyware". Hmmm...

    Last edited by AplusWebMaster; 2006-07-19 at 18:52.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #4
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Arrow Net Watchdog: Hacked Sites Cause Headaches

    FYI...

    - http://www.pcworld.com/resource/prin...,126508,00.asp
    July 25, 2006
    "...Each of the sites... has been hacked by someone with the same modus operandi. The hacker has secretly inserted what is called an "iframe vulnerability" in the site's HTML code, without the site owner's knowledge. When you visit one of the hacked sites, a third party can try to install software onto your PC. Right now the hackers behind the iframe vulnerability are not distributing malicious code through any of the hacked sites. But at any time, they could flip the switch and start pumping out malware... It used to be that if you stayed away from the unsavory portions of the Web you could avoid getting hit with a drive-by download--where an attacker downloads malicious content to your PC without requiring any action from you. Today the Web bad guys have managed to penetrate nice Web neighborhoods. And some of the Web victims don't know what's hit them... A recently updated browser would most likely block malware from infecting a PC. But hackers hope that Web surfers who haven't installed the most recent Windows software patches or antivirus software will become their next victim... The trick these hackers use is to create a tiny, 1-by-1-pixel element on a Web page that links to a third-party Web site. The hacked site doesn't appear to be booby-trapped, enabling the hacker to keep a low profile. All the bad guy has to do to launch an attack is to load up the rigged site with malicious code; anyone who then visits the site is prey to a drive-by download. Cybercriminals are no longer mainly interested in defacing Web sites they break into, says Roger Thompson, chief researcher for Exploit Prevention Labs. Today they are more intent on quietly infecting PC users through vulnerabilities in Microsoft's Internet Explorer browser... One way to protect yourself from Web threats without obsessing about your PC's security deficiencies is to use programs that put extra locks on your Web browser. One excellent option comes from McAfee SiteAdvisor*... Another option comes from security firm Amust: Its 1-Defender** program attempts to lock down a browser so that when malicious code attempts to infect your PC, it hits a dead end. Other entrants include GreenBorder's GreenBorder Pro*** and Exploit Prevention Labs' SocketShield****..."

    * http://www.siteadvisor.com/

    ** http://www.amustsoft.com/1%2Ddefender/download/

    *** http://www.greenborder.com/consumer/

    **** http://explabs.com/ss/trial.html

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #5
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Arrow Firefox v1.5.0.5 released

    FYI...

    - http://isc.sans.org/diary.php?storyid=1515
    Last Updated: 2006-07-26 23:37:47 UTC
    "The Mozilla Foundation released new versions of Firefox, Thunderbird and SeaMonkey products. New versions fix numerous security vulnerabilities, of which some are rated critical..."

    (Short overview of the vulnerabilities that have been fixed available at the URL above, or: http://www.mozilla.org/download.html )
    ===========================================

    - http://secunia.com/advisories/19873/
    Release Date: 2006-07-27
    Critical: Highly critical
    Impact: Cross Site Scripting, DoS, System access
    Where: From remote
    Solution Status: Vendor Patch
    Software: Mozilla Firefox 0.x, Mozilla Firefox 1.x ...
    Solution:
    Update to version 1.5.0.5.
    http://www.mozilla.com/firefox/ ..."

    - http://secunia.com/advisories/21228/
    Release Date: 2006-07-27
    Critical: Highly critical
    Impact: DoS, System access, Cross Site Scripting
    Where: From remote
    Solution Status: Vendor Patch
    Software: Mozilla Thunderbird 0.x, Mozilla Thunderbird 1.0.x, Mozilla Thunderbird 1.5.x ...
    Solution:
    Update to version 1.5.0.5..."
    - http://isc.sans.org/diary.php?compare=1&storyid=1517
    "Update: (2006-07-28 19:50 UTC) (Thunderbird v1.5.0.5) is now available at the main site*... and will be automatically downloaded if you choose the "check for updates" from the Help menu."
    * http://www.mozilla.com/thunderbird/

    - http://secunia.com/advisories/21229/
    Release Date: 2006-07-27
    Critical: Highly critical
    Impact: Cross Site Scripting, DoS, System access
    Where: From remote
    Solution Status: Vendor Patch
    Software: Mozilla SeaMonkey 1.x ...
    Solution:
    Update to version 1.0.3.
    http://www.mozilla.org/projects/seamonkey/ ..."

    Last edited by AplusWebMaster; 2006-07-28 at 23:14. Reason: Updated info re: downloads...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #6
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Arrow Firefox v1.5.0.6 available

    FYI...

    - http://www.mozilla.com/firefox/
    1.5.0.6 for Windows, English (4.9MB)

    What's New in Firefox 1.5.0.6
    - http://www.mozilla.com/firefox/releases/1.5.0.6.html
    Firefox 1.5.0.6 is a stability update that is part of our ongoing program to provide a safe Internet experience for our customers. We recommend that all users upgrade to this latest version.
    * Fixed an issue with playing Windows Media content
    Release Date: August 2, 2006
    ===========================================

    - http://forums.mozillazine.org/viewtopic.php?t=444164
    (Time stamp of post is skewed)
    "...(v)1.5.0.6 has been released... Auto-upgrade should happen within the next few days..."

    Last edited by AplusWebMaster; 2006-08-03 at 21:36. Reason: Mozilla support info re: auto-upgrade...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #7
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Angry Spyware, Adware Increase 19 Percent in July...

    FYI...

    - http://www.darkreading.com/document....909&print=true
    AUGUST 9, 2006
    "ScanSafe... has released its latest Global Threat Report* on Web filtering, spyware and viruses. According to an analysis of more than five billion Web requests in July, ScanSafe found that on average, up to one in 600 profile pages on social-networking sites hosted some form of malware... The majority of malware identified by ScanSafe was spyware and adware, and ranged from more benign programs that track usage to difficult-to-remove spyware that can affect a user's Web experience, for example, by redirecting the browser..."
    * http://www.scansafe.net/scansafe/news/story?id=129831
    "...The ScanSafe Global Threat Report is based on real-time analysis of more than five billion Web requests processed by the company in July..."

    :(
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #8
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Lightbulb Dell to recall 4.1M laptop batteries

    FYI...

    - http://tinyurl.com/ec5pb
    August 14, 2006
    "Dell is recalling 4.1 million notebook computer batteries because they could erupt in flames, the company said today. This will be the largest safety recall in the history of the consumer electronics industry, the Consumer Product Safety Commission said. Dell, the world’s largest PC maker, said the lithium-ion batteries were made by Sony and were installed in notebooks sold between April 2004 and July 18 of this year. The recall raises broader questions about lithium-ion batteries, which are used in a host of devices like cellphones, portable power tools, camcorders, digital cameras and MP3 players. The potential for such batteries to catch fire has been acknowledged for years and has prompted more limited recalls in the past. But a number of recent fires involving notebook computers, some aboard planes, have brought renewed scrutiny. Dell has reported to the safety agency that it documented six instances since December in which notebooks overheated or caught on fire. None of the incidents caused injuries or death. Dell said the problems were a result of a manufacturing defect in batteries made by Sony... Federal regulations require that lithium-ion batteries be clearly marked with warnings when they are shipped in bulk on airplanes, and various agencies are considering more stringent regulations following a fire that was detected as a United Parcel Service cargo plane began its descent into Philadelphia in February. Though a cause of that fire, which consumed and destroyed the plane after it landed, has not been determined, lithium-ion batteries are suspected..."

    > http://www.dellbatteryprogram.com/
    (More info available at this site effective 01:00AM 8.15.2006)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #9
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Arrow SunJava v1.5.0_08 released

    FYI...

    Update 8.27.2006 - Other Sun websites show the "latest" as 1.5.0_06 in error.
    Use: >>> http://java.sun.com/javase/downloads/index.jsp
    (Look for "Java Runtime Environment (JRE) 5.0 Update 8", amongst other downloads on that page)

    Release notes
    - http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_08

    Test your installation:
    - http://www.java.com/en/download/installed.jsp


    Last edited by AplusWebMaster; 2006-08-27 at 18:29.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #10
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Arrow Problems with Intel wireless drivers

    FYI...

    Problems with Intel wireless drivers
    - http://isc.sans.org/diary.php?storyid=1633
    Last Updated: 2006-08-24 07:10:38 UTC
    "...Intel initially issued a big file (100MB) that you had to download, but at least it upgraded everything on your machine, if it needed upgrades. After rebooting in the next few days I noticed that my machine is a bit slower then it was. A look at Task manager output, or excellent Process Explorer from Sysinternals showed that a process called S24EvMON.exe is using quite a bit of CPU... Dell... released their own version of drivers... Dell's drivers have the same problem... It looks that everyone with (at least) 2915ABG/2200BG wireless cards is affected. F-secure posted this in their weblog as well* ...
    UPDATE:
    The easiest way to start and stop these services (so you actually run them only when you really need them) is to create a batch file that will do this job for you (so you don't have to click manually on all 4 of them). You can use the sc start <service name> and sc stop <service name> commands to perform this for you...
    UPDATE 2:
    ..You can use the built-in Windows Wireless Zero Config service, in which case you only need to patch the driver for your wireless card, so you are not vulnerable. As the problem with CPU/memory leaks are in the management service, this is an effective workaround at least until the management service is fixed..."

    Working with the Intel Wi-Fi Drivers Again
    * http://www.f-secure.com/weblog/archi....html#00000954
    August 21, 2006
    "...We noticed that software (S24EvMON.exe) installed with the driver seems to be leaky. It's eating tons of file handles and tons of memory - and it continues to grow!... Intel's tech support has replied. They are aware of the issue and are currently at work on it. No official release date yet. We'll let you know."

    (Screenshots available at -both- URL's above.)


    =========================================

    - http://isc.sans.org/diary.php?storyid=1643
    Last Updated: 2006-08-26 18:16:44 UTC
    "Release Notes for the Intel(R) PRO/Wireless 3945ABG Network Connection update have been posted at Intel. The release notes* describe a number of bug fixes including Memory Utilization Increase issues... The download location for Intel® PROSet/Wireless Software version 10.5.0.1 is here**..."

    * http://downloadmirror.intel.com/df-s...G/relnotes.htm
    > "...Issues resolved in this release
    o Potential Memory Utilization Increase
    o Profiles Not Migrated When Upgrading from Previous Software Version
    o Potential Auto-Suspend Failure when using Microsoft Windows* 2000
    o Intermittent Authentication Failure with Cisco Access Point in Heavy Traffic Environment
    o Intermittent Failure to Load or Save a Roaming Profile..."

    ** http://support.intel.com/support/wir.../CS-010623.htm

    Last edited by AplusWebMaster; 2006-08-26 at 21:51. Reason: Fix released...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •