Microsoft on the Issues: Bring Spyware Out of the Shadows

Concerted action will help consumers gain more control over the programs running on their PCs Thanks to Congress, law-enforcement agencies may soon have stronger tools to help curb spyware. Spyware is deceptive software that sneaks into computers, usually via the Internet. It can disrupt the operation of PCs and furtively collect personal information about their users. It has become pervasive and increasingly troublesome as the world has become more connected. The U.S. House of Representatives has overwhelmingly approved two different anti-spyware bills. As the Senate takes up the issue, Microsoft and many other technology companies have joined in supporting targeted … Continue reading Microsoft on the Issues: Bring Spyware Out of the Shadows

Internet Explorer ‘javaprxy.dll’ COM Object Exception Handling Lets Remote Users Crash the Browser

A vulnerability was reported in Microsoft Internet Explorer in ‘javaprxy.dll’. A remote user can cause the target user’s browser to crash or potentially execute arbitrary code. A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a heap overflow in ‘javaprxy.dll’ and cause the target user’s browser to crash. Specially crafted object tags can cause certain COM componenets to crash.  It may be possible to overwrite a function pointer to execute arbitrary code. However, the vendor could not reproduce a function pointer overwrite. http://securitytracker.com/alerts/2005/Jun/1014329.html

Fresh Javascript Browser Exploit

Hot on the heels of an exploit which allowed Javascript popups to appear in front of another site, Neowin has learned of another, potentially more dangerous, use for the script. The latest problem, reported to us by Neowin user flanderssoft, centres around the ability to refresh a page other than the one currently open – if that page has loaded a popup in the first place. It would allow visitors clicking on a malicious link to Hotmail to initially be served with the correct page, before being transferred seconds later to one which looks identical on another server. If the … Continue reading Fresh Javascript Browser Exploit

Mozilla Browsers Error in Processing Empty Javascript Functions Lets Remote Users Deny Service

Paul Kurczaba reported a vulnerability in the Mozilla Firefox, Mozilla Suite and Mozilla Camino browsers.  A remote user can cause the browser to crash.  A remote user can create specially crafted Javascript that, when loaded by the target user, will cause the target user’s browser to crash. The code can repeatedly call an empty function to trigger the flaw.  Impact:  A remote user can cause the target user’s browser to crash.Solution:  No solution was available at the time of this entry.  As a workaround, Javascript can be disabled. http://securitytracker.com/alerts/2005/Jun/1014292.htmlhttp://securitytracker.com/alerts/2005/Jun/1014293.htmlhttp://securitytracker.com/alerts/2005/Jun/1014294.html http://www.kurczaba.com/html/security/0506241.htm

Microsoft Shared Computer Toolkit for Windows XP

Shared computers are commonly found in schools, libraries, Internet and gaming cafés, community centers, and other locations. Often, non-technical personnel are asked to manage shared computers in addition to their primary responsibilities.Managing shared computers can be difficult, time-consuming, and expensive. Without restrictions, users can change the desktop appearance, reconfigure system settings, and introduce spyware, viruses, and other harmful programs. Repairing damaged shared computers costs significant time and effort. User privacy is also an issue. Shared computers often use shared accounts that make Internet history, saved documents, and cached Web pages available to subsequent users. The Microsoft Shared Computer Toolkit for … Continue reading Microsoft Shared Computer Toolkit for Windows XP

The Security Guide for Home Computing

Newhall Enterprises, Inc. offers The Security Guide for Home Computing. It is an animated e-book that explains computer security in plain English that everyone can understand. The guide has animated readers and over 55 FREE security software links (Free personal firewalls and antivirus software). The said animated e-book comes in 2 flavors: $ – The Security Guide for Home Computing Free – The Security Guide for Home Computing Lite The Security Guide also includes a 200-word security dictionary. A free Lite version covers security basics for your home computer and can be downloaded from the web site. Don’t miss visiting: … Continue reading The Security Guide for Home Computing

TCP-IP Datalook Lets Local Users Deny Service

A vulnerability was reported in TCP-IP Datalook. A local user can cause denial of service conditions.  A local user can send a specially crafted request to the listening port to cause the target service to crash. Impact: A local user can cause the target service to crash.Solution: No solution was available at the time of this entry.Cause: Exception handling error Underlying OS: Windows (Any)

Green Armor Solutions Introduces Identity Cues

This past week, an innovative system, designed by a psychologist in conjunction with an information-security expert, was introduced to help enterprises prevent their users from falling prey to phishing, pharming, and online fraud.  Through the use of simple visual cues, Identity Cues by Green Armor Solutions makes obvious to even non-technical and untrained users whether they are communicating with an organization’s legitimate web-site or with a phony site set up by a criminal — and it provides this benefit without requiring users to install any software, carry any security devices, register for any services, or memorize any extra secrets. Even … Continue reading Green Armor Solutions Introduces Identity Cues