Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Microsoft Security Advisory (903144) – vulnerability in the Microsoft Java VM

July 7th 2005 in Uncategorized

This vulnerability (otherwise known as Bloodhound.Exploit.40) affects the Microsoft Java VM (which has been ‘out of circulation’ for quite a long time, but may still be on older operating systems).


 


Carefully read this article:


http://www.microsoft.com/technet/security/advisory/903144.mspx


 


My recommended (and the least disruptive) workaround is the first one – “disable the javaproxy.dll COM object from running in IE”.


 


Some antivirus programs are starting to detect attempts to take advantage of this exploit.


 


If you choose to remove the Java Virtual Machine, you can replace it with the Sun version, available here:


http://www.java.com/en/download/download_the_latest.jsp


 


While we’re on the topic of vulnerability java virtual machines, if you have Sun Java installed, make sure you are using the latest version, and more importantly, uninstall old versions of Sun Java which may still be installed – old, vulnerable versions of Sun Java can be accessed by hostile web sites or programs:


http://msmvps.com/spywaresucks/archive/2005/03/25/39584.aspx


Comments are closed.

A group called the “Pew Internet & American Life Project” (PIALP) has released a report examining the effect that spyware has had on (an American’s) behaviour when on the Internet.
 
The report is available in PDF format here:http://www.pewinternet.org/pdfs/PIP_Spyware_Report_July_05.pdf
 
The media release can be seen here:
http://www.pewinternet.org/PPF/r/108/press_release.asp
 
To summarise PIALP concluded that:
 
52% of home internet users say their computer has […]

Previous Entry

Version 1.0.5 has been released which includes two critical and four highly sensitive security patches (plus six other patches).  Let’s hope THIS version doesn’t break something (remembering the XML debacle).
Details of the critical vulnerabilities are “embargoed“ until 20 July.
WARNING: Before installing 1.0.5 make sure that the target installation directory is EMPTY (ie uninstall old versions […]

Next Entry

Archives