Home Vulnerabilities Exploits Hacking IT Security Malware
Twitter
RSS

Archive for the ‘exploits’ Category

« Older Entries

Spammers exploit second Facebook bug in a week

By admin on Tuesday, September 7th, 2010 | No Comments

Computerworld - Facebook today said it has fixed the bug that allowed a spamming worm to automatically post messages to users’ walls earlier this week.

The flaw was the second in the past week that let spammers flood the service with messages promoting scams.

Last week, Facebook quashed a different bug in its photo upload service that let a spammer post thousands of unwanted wall messages.

The newest worm was noticed Monday by researchers at a pair of antivirus vendors, Finland-based F-Secure and U.K.-based Sophos.

“A clever spammer has discovered a Facebook vulnerability that allows for auto-replicating links,” said Sean Sullivan, an F-secure security researcher. “Until now, typical Facebook spam has required the use of some social engineering to spread.”

Clicking on the link to the bogus application automatically added the app to users’ profiles, then automatically reposted a status message with a

Read the rest

Read More...

Why software sales models hurt customers and vendors

By admin on Friday, September 3rd, 2010 | No Comments

At the TechRepublic event in early July 2010, there were a lot of great discussions, and one of the un-conference sessions that tied everything together was “How do we fix the software industry and stop ripping off our customers?”

There are companies that are universally despised by their customers, yet continue to enjoy revenues in the billions by abusing their customer bases. We have entire software classes that cost customers millions to purchase and millions more to install and integrate, but are so useless and difficult to use that only about one third of the sold seats are actually used. There are a number of companies charging so much to support different open source packages that they are actually more expensive than their proprietary competition. We all know who these companies are.

There are a number of ways to make money writing software; unfortunately, many of… Read the rest

Read More...

Month of undisclosed 0-day bugs and Chet Chat 24

By admin on Wednesday, September 1st, 2010 | No Comments

MOAUB logo

As summer comes to an end there is nothing better than some security researchers who see fit to disclose a new zero day vulnerability every day for a month. That is in fact what the guys over at Abysssec have decided to do to ensure that the criminals (and pen testers) have plenty of ways to compromise our computers.

The good news is that it would appear that the vulnerabilities being disclosed are already patched. All that is new is detailed analysis of the flaws and proof of concept exploits to attack users who have not patched their software. The bad news is that almost no one has a fully patched environment and these disclosures are so detailed that we can expect a flurry of new malware to take advantage of these flaws.

The first two flaws are in cpanel and Adobe Flash… Read the rest

Read More...

Update Firmware On Your HDTV, Camera, Smartphone, PC

By admin on Tuesday, August 31st, 2010 | No Comments

PC World - These days, most of your electronics have miniature computers built-in: Home-theater gear, handheld devices, phones, and even appliances now have embedded smarts in the form of a microprocessor, memory, and software. And just like computer software, firmware–the software that runs on your gadgets–needs periodic updating.

Believe it or not, many new gadgets aren’t 100 percent complete when you buy them. Though a spiffy electronic toy may perform its basic functions, some of its promised features may be absent or incomplete. And to keep up with ever-changing kinds of content, your devices may require software enhancements to give old hardware new features.

To avoid antagonizing customers who might spend hundreds of dollars on a cool piece of hardware only to find a few months later that it no longer worked, manufacturers design much of their gear to allow updates. You won’t be able

Read the rest

Read More...

Old Apple QuickTime code puts IE users in harm’s way

By admin on Monday, August 30th, 2010 | No Comments

Computerworld - Apple’s failure to clean up old code in QuickTime leaves people running Internet Explorer (IE) vulnerable to drive-by attacks, a Spanish security researcher said today.

Ruben Santamarta, a researcher at Madrid-based Wintercore who revealed a bug in IE8 last month, today outlined the QuickTime plug-in vulnerability.

Hackers only need to dupe users into visiting a malicious site hosting exploit code, said Santamarta, who added that his attack code works when someone browses with IE on a machine running Windows XP, Vista or Windows 7 that has QuickTime 7.x or the older QuickTime 6.x installed.

Santamarta’s exploit works because Apple didn’t tidy up QuickTime’s code after developers dropped the “_Marshaled_pUnk” function.

“Although this functionality was removed in newer versions, the parameter is still present,” Santamarta wrote in his advisory. “Why? I guess someone forgot to clean up the code.”

His

Read the rest

Read More...
« Older Entries