Mozilla Flaw Lets Links Run Arbitrary Programs:
"The Mozilla Foundation has confirmed findings that its Mozilla and Firefox browsers are vulnerable to attacks using the 'shell:' scheme, which execute arbitrary code under Windows without the user having to click a link."
Security researchers are reporting another security issue in Web browsing under Windows, but this time Internet Explorer is not the culprit. The Mozilla Foundation's Mozilla and Firefox are reported as vulnerable.
The Mozilla Foundation has confirmed the problem and issued a fix, which is available here.
http://update.mozilla.org/extensions/moreinfo.php?id=154
http://www.eweek.com/article2/0,1759,1621451,00.asp?kc=ewnws070904dtx1k0300599
Saturday, July 10, 2004
Article compilation: You've been hacked - TechRepublic
Article compilation: You've been hacked - TechRepublic:
"You'll want to download this collection of articles and keep them handy. They detail what to do in the first five minutes and first few hours of an attack on your network and provide help for preventing future attacks."
requires free registration
http://techrepublic.com.com/5138-6288-729430.html?tag=e601
"You'll want to download this collection of articles and keep them handy. They detail what to do in the first five minutes and first few hours of an attack on your network and provide help for preventing future attacks."
requires free registration
http://techrepublic.com.com/5138-6288-729430.html?tag=e601
IE Exploit Attacks Another Piece of ActiveX
IE Exploit Attacks Another Piece of ActiveX:
"Using Internet Explorer hasn't gotten any safer in the past few days as a Dutch security hacker, Jelmer Kuperus, pointed out yet another unblocked security problem in the popular Web browser.
The latest exploit, an attack on a Windows ActiveX component called Shell.Application, is similar to the Download.Ject attack, also called JS.Scob.Trojan. In that exploit, crackers broke into IIS servers on several popular but still unnamed sites and used them to spread keyboard loggers, proxy servers and other malware through IE's ActiveX scripting technology."
Indeed, attackers used the spyware technique of installing a pop-up ad program, except this one silently installed a Trojan and a BHO (Browser Help Object) designed to swipe login information from several dozen financial sites.
The sites that spread the malware have since been fixed, but there has been no master shipping solution for the underlying IE vulnerabilities. Disabling Active scripting and ActiveX controls in the Internet Zone and Local Machine Zone will prevent exploitation of these holes, but at the cost of seriously affecting IE's functionality.
Microsoft shipped a "patch" Friday that addressed part of this security problem by disabling the Windows component called ADODB.Stream.…
http://www.eweek.com/article2/0,1759,1620855,00.asp?kc=ewnws070804dtx1k0000599
"Using Internet Explorer hasn't gotten any safer in the past few days as a Dutch security hacker, Jelmer Kuperus, pointed out yet another unblocked security problem in the popular Web browser.
The latest exploit, an attack on a Windows ActiveX component called Shell.Application, is similar to the Download.Ject attack, also called JS.Scob.Trojan. In that exploit, crackers broke into IIS servers on several popular but still unnamed sites and used them to spread keyboard loggers, proxy servers and other malware through IE's ActiveX scripting technology."
Indeed, attackers used the spyware technique of installing a pop-up ad program, except this one silently installed a Trojan and a BHO (Browser Help Object) designed to swipe login information from several dozen financial sites.
The sites that spread the malware have since been fixed, but there has been no master shipping solution for the underlying IE vulnerabilities. Disabling Active scripting and ActiveX controls in the Internet Zone and Local Machine Zone will prevent exploitation of these holes, but at the cost of seriously affecting IE's functionality.
Microsoft shipped a "patch" Friday that addressed part of this security problem by disabling the Windows component called ADODB.Stream.…
http://www.eweek.com/article2/0,1759,1620855,00.asp?kc=ewnws070804dtx1k0000599
Wednesday, July 07, 2004
The Builder.com guide to SpamAssassin
The Builder.com guide to SpamAssassin:
"Spam is one of the most serious problems plaguing Internet users today. There's nothing quite as frustrating as arriving at work each morning to a mailbox full of unwanted ads. Sorry, there is one thing more frustrating...wasting the next hour deleting those ads for drugs and refinancing and other junk you don't want or need.
Fortunately there is a cure for the spam blues. It's called SpamAssassin, and it's possibly the best tool out there to combat spam. In this guide we'll show you how it works, and then how to install and configure it for your server.…"
http://builder.com.com/5100-6372_14-5247932.html?tag=e601
"Spam is one of the most serious problems plaguing Internet users today. There's nothing quite as frustrating as arriving at work each morning to a mailbox full of unwanted ads. Sorry, there is one thing more frustrating...wasting the next hour deleting those ads for drugs and refinancing and other junk you don't want or need.
Fortunately there is a cure for the spam blues. It's called SpamAssassin, and it's possibly the best tool out there to combat spam. In this guide we'll show you how it works, and then how to install and configure it for your server.…"
http://builder.com.com/5100-6372_14-5247932.html?tag=e601
The New York Times > Technology > You've Got Mail (and Court Says Others Can Read It)
The New York Times > Technology > You've Got Mail (and Court Says Others Can Read It):
"When everything is working right, an e-mail message appears to zip instantaneously from the sender to the recipient's inbox. But in reality, most messages make several momentary stops as they are processed by various computers en route to their destination.
Those short stops may make no difference to the users, but they make an enormous difference to the privacy that e-mail is accorded under federal law.…"
http://www.nytimes.com/2004/07/06/technology/06net.html?pagewanted=all&position=
"When everything is working right, an e-mail message appears to zip instantaneously from the sender to the recipient's inbox. But in reality, most messages make several momentary stops as they are processed by various computers en route to their destination.
Those short stops may make no difference to the users, but they make an enormous difference to the privacy that e-mail is accorded under federal law.…"
http://www.nytimes.com/2004/07/06/technology/06net.html?pagewanted=all&position=
Another summer of misery for Windows users? | CNET News.com
Reheated Bagle comes with side of source code | CNET News.com:
"The author of mass-mailing worm Bagle began distributing its source code and two new variants on Sunday, which could trigger another summer of misery for Windows users. "
http://news.com.com/Reheated Bagle comes with side of source code/2100-7349_3-5258179.html?tag=adnews
"The author of mass-mailing worm Bagle began distributing its source code and two new variants on Sunday, which could trigger another summer of misery for Windows users. "
http://news.com.com/Reheated Bagle comes with side of source code/2100-7349_3-5258179.html?tag=adnews
Subscribe to:
Posts (Atom)
Posts
