Tag: d

Some program Vulnebilities Detected!!

Paul

Just got done looking at some of my security sites and according to SecuriTeam there are are several programs that have vulnerabilities. here are the Ones that I’ve found:

Google chrome is vulnerable to URI Obfuscation vulnerability.
An attacker can easily perform malicious redirection by manipulating the browser functionality. The link can not be traversed properly in status address bar.This could facilitate the impersonation of legitimate web sites in order to steal sensitive information from unsuspecting users. The URI specified with @ character with or without NULL character causes the vulnerability.

[ad#ad2-right]iPhone Configuration Web Utility for Windows Directory Traversal
iPhone Configuration Web Utility lets “you easily create, sign and distribute configuration profiles using a web browser”. A vulnerability in iPhone Configuration Web Utility allows remote attackers to access files that reside outside the bounding root directory of the program’s files folder.

Streamripper Multiple Buffer Overflows
Streamripper “records Shoutcast and Live365 MP3 streams to a hard disk, creating separate files for each track. Runs under Unix and Windows.” Secunia Research has discovered some vulnerabilities in Streamripper, which can be exploited by malicious people to compromise a user’s system.

Amaya URL Bar Stack Overflow Vulnerability
A vulnerability in Amaya browser allows remote attackers to cause it to overflow an internal buffer which in turn can be leveraged to execute arbitrary code.

These are the ones that I found and wanted to let you know about these so you can make your system even more secure.   if I find any others I’ll let you know!!!

Vista has a new Vulnebility!

Paul

According to Techworld.com,  Vista has a new Vulnerability that could let a hacker infect a Vista machine with a rootkit.  The talk from them is quite intriguing.   I will quote it to better let you know what the Vulnerability is:

The vulnerability could allow a hacker to install a rootkit, a small piece of malicious software that is very difficult to detect and remove from a computer, Unterleitner said.

[ad#ad2-left]Phion notified Microsoft about the problem on 22 October. Microsoft indicated to Phion that it would issue a patch with Vista’s next service pack. Microsoft released a beta version of Vista’s second service pack to testers last month. Vista’s Service Pack 2 is due for release by June 2009.
[via Techworld.com]

The way they could do this is through the Device IO Control which in turn could corrupt the Kernel of Windows Vista.  Now we all know that Microsoft will release a patch quicker than 6 months away.  According to this article, people are already looking for the exploit and want to know more about it.  I would be willing to bet they will have a patch out sooner than later.  Probably January or Febuary, which will be a big deal because no one will expect it.  I would also imagine hackers will start trying to figure out how they could install software as quick as possible before Microsoft pushes out the patch.   So what can you do to protect yourself, Get a firewall, a Antivirus and learn how to protect yourself to prevent yourself from getting a computer virus.

Hulu Launches the Hulu for the Holidays!

Paul

[ad#ad2-right]This is near and dear to my heart.  Hulu finally launches the Hulu for the Holidays sponsored by Wal-Mart.   I have talked about what they might bring to the holiday season and if you want to find out what I thought might come to Hulu check out these links:

Some movies or show that will probably come to Hulu are going to be Christmas themes.  I would wager it will be Charlie Brown, Peanuts, The Grinch who Stole Christmas.  I am sure there will be even more later on, ones that I didn’t think would come to Hulu.   We shall see what comes from what they want to do the next few weeks.  To bad they aren’t doing clues this time around people seemed to like doing that.

Google Now lets you Video/Voice chat!!

Paul

After checking out some of what Google has been doing.  I find out that you can now Video Conference for free.  That is to say that you can conference with someone on line and do cloud computing.   According to Google:



To Get this Video and Voice chat Click this link

[ad#ad2-right]Now I might not a lot but this will be most likely be used in association with the new Google Phone, the G1. So I thought about how this will be used? This will be used in several ways. To keep in touch with family, to make it easier to telecommute and to Video Conference with associates from work. Google Model is “DO NO EVIL”. There is a flaw to this I am sure, this is a Internet Protocol to Internet Protocol connection and in doing so you create so much possibility of a virus getting through. There is no doubt that this is using flash. It also is know to make the infrastructure of a business weak. The Intranet of the business would be compromised. I am sure there are vulnerabilities in this and we will hear them shortly. I’d give it a week or two, remember the problem with Google Chrome and how un-secure it is. These are just a few of what would cause security headaches to all who work in the IT field. I just want to bring that up to prove a point. Google’s mantra isn’t perfect, it is what it is.

AVG Detected a False Positive

Paul3 Replies

[ad#ad2-left]According to Security and The Net:

An update for the AVG virus scanner released yesterday contained an incorrect virus signature, which led it to think user32.dll contained the Trojan Horses PSW.Banker4.APSA or Generic9TBN. AVG then recommended deleting this file; this causes the affected systems to either stop booting or go into a continuous reboot cycle. So far, the problem only appears to affect Windows XP, but there is no guarantee that other versions of Windows don’t have the same issue.

[Via Security and The Net]


[ad#ad2-right]I bring this up because this is a false positive according to AVG. AVG since sent out another update to there Database and you can go and update the database to get rid of this problem. If you need to restore that DLL check out the article Security and The Net, they got some excellent suggestions on fixing the problem.

If you’ve not been affected by this yet, you probably won’t be. It is yet unknown how many people have been affected. I’m blogging about this to tell people about this and to warn people that not all of warnings from AVG are true and that is why you should always ask before you delete or do anything to your system. I always USE google when it comes to these types of questions