Realone 2.0 “pnxr3260.dll” Lets Remote Users IE Browser Crash

Impact:  Denial of service via network Version(s):Realone 2.0(build 6.0.11.868) Description:  A vulnerability was found in the IE browser with system installed Realone 2.0(build 6.0.11.868) in the processing of the ’embed’ tag. A remote user can create HTML that include <EMBED …> , when loaded by the client user, will cause the client user’s browser to call the plugin of Realone,and then the IE browser crash. Analysis: An attacker can exploit the above-described vulnerability to execute arbitrary code under the permissions of the target user. Successful exploitation requires that the attacker convince the end user to install realone 2.0(build 6.0.11.868). Solution: … Continue reading Realone 2.0 “pnxr3260.dll” Lets Remote Users IE Browser Crash

AOL gets ready to launch free Web e-mail

America Online is testing a Web-based e-mail service that will compete with Yahoo Mail, Microsoft’s Hotmail and Google’s Gmail. Right now, the beta service is available to AOL subscribers only, but it will eventually be offered for free to the public, the company said on Wednesday. The service, dubbed “AOL Mail on the Web,” is expected to officially debut early next year for members, and later in the year for the public. “This is paving the way for our free Web mail service that we will be offering to a wider audience in 2005,” AOL spokeswoman Jaymelina Esmele said. http://news.com.com/AOL+gets+ready+to+launch+free+Web+e-mail/2100-1038_3-5501107.html

Linux lasting longer against Net attacks

Unpatched Linux systems are surviving longer on the Internet before being compromised, according to a report from the Honeynet Project released this week. The data, from a dozen networks, showed that the average Linux system lasts three months before being compromised, a significant increase from the 72 hours lifespan of a Linux system in 2001. Unpatched Windows systems continue to be compromised more quickly, sometimes within minutes, the Honeynet Project report stated. The results are probably due to two trends, Spitzner said. The default installations of new Linux systems are much more secure than previous versions of the open-source operating … Continue reading Linux lasting longer against Net attacks

IMlogic Threat Center Activity Level: P2 (Moderate)

Reported threat activity this past week was moderate with: 8 new threats added to the IMlogic Threat Center.7 threats are categorized as “low risk”1 threat categorized as “medium risk”No threats of “high risk” were reported To view the current IM threats visit: http://www.imlogic.com/im_threat_center/index.asp The IMlogic Threat Center monitors the global IM networks in partnership with Microsoft, AOL, IBM, Yahoo, Symantec, McAfee, and dozens of leading security companies around the world. For real-time access to all IM and P2P threats visit: http://www.imlogic.com/im_threat_center/index.asp The IMlogic Threat Center suggests that all organizations protect themselves from emerging IM threats by following best-practices for anti-virus … Continue reading IMlogic Threat Center Activity Level: P2 (Moderate)

Subscribe to Microsoft Download Notifications

Spend Less Time Searching Sign up for Microsoft’s Download Notifications service, and each week there are new downloads available in the categories you select, Microsoft will send you a customized e-mail notification listing them. Download notifications are currently available in English only. http://www.microsoft.com/downloads/render.aspx?displaylang=en&content=notifications

Think Twice Before Dumping Your Old Computer

Think Twice Before Dumping Your Old Computer – Hard Drives May be Littered with Sensitive Data Many people will be unwrapping brand new computers this holiday season, and a large percentage of them will, unfortunately, leave themselves open to identity theft by disposing of their old PCs in a risky fashion. Kessler International, a worldwide computer forensics firm, explains how to securely delete sensitive information from your hard drive before discarding your obsolete hardware. http://www.net-security.org/press.php?id=2812

Microsoft’s Peter Torr Attacks Mozilla Firefox Security

A Microsoft Program Manager by the name of Peter Torr has posted a weblog entry about potential problems with security in Mozilla Firefox. Specifically, he singles out the fact that neither the Firefox installer nor most of the available extensions are digitally signed. By contrast, he notes, Microsoft Internet Explorer 6 Service Pack 2 will not install unsigned ActiveX by default. While many will immediately cry, “FUD!”, he’s actually right. Though the infrastructure is there, the lack of code signing in the vast majority of Firefox extensions has led to an environment in which many users simply install extensions without … Continue reading Microsoft’s Peter Torr Attacks Mozilla Firefox Security

Identify/React Chart: Zafi

The Zafi mass-mailing worm spreads by generating e-mail messages that contain Hungarian language text and a copy of the virus. TechRepublic’s Identify/React chart for Zafi puts critical information for identifying and eliminating the virus right at your fingertips. http://techrepublic.com.com/5138-6288-5489124.html

PHP Input Validation Vulnerabilities (addslashes, Windows Only)

PHP is vulnerable to meta character attacks. The bug could enable an attacker to read arbitrary files from the file system of a web server that hosts PHP scripts. In addition newer versions of PHP contain a bug that enables an attacker to manipulate the file name of uploaded files to perform directory traversal.  While both vulnerabilities exist in Windows and UNIX platform versions of PHP, they can only be successfully exploited on Windows systems. Vulnerable Systems: * PHP version 4.3.9 (arbitrary file reading) * PHP version 4.3.6 up to 4.3.9 inclusive and PHP version 5.0.0 up to 5.0.2 inclusive (directory traversal) … Continue reading PHP Input Validation Vulnerabilities (addslashes, Windows Only)

Linux Kernel Multiple Vulnerabilities

OS: Linux Kernel 2.6.x Multiple vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain knowledge of potentially sensitive information. Solution:  Secunia is currently not aware of an updated version, which fixes the vulnerabilities. Grant only trusted users access to affected systems. More details in http://secunia.com/advisories/13572/