Feb 15th: New year new bugs
Moderator: Thanas
- Stormbringer
- King of Democracy
- Posts: 22678
- Joined: 2002-07-15 11:22pm
Feb 15th: New year new bugs
Yet another E-mail Virus/Worm MyDoom
New NASTY variant of CoolWWWSearch
Realy fucking bad bug in MSIE (Patch is here)
Another really bad bug in MSIE
E-mail virus going around: W32.Beagle.A@mm
AIM Hack
New NASTY variant of CoolWWWSearch
Realy fucking bad bug in MSIE (Patch is here)
Another really bad bug in MSIE
E-mail virus going around: W32.Beagle.A@mm
AIM Hack
Last edited by Stormbringer on 2004-02-11 04:05pm, edited 1 time in total.
-
- Jedi Master
- Posts: 1063
- Joined: 2002-08-13 04:52am
A new IE exploit based on the leaked windows code has been found.
- Daltonator
- Reclusive Wanker
- Posts: 383
- Joined: 2003-03-23 03:10pm
- Location: Zelda fanboy heaven
- Contact:
Looks like there is a new expliot based on that acursed Windows Compiled HTML help out again.
It uses javascripting to execute, so just loading the page is enough to get infected.
Ran into this one in the wild, and infected some people who did have the latest windows updates. However it is fairly simple to remove.
Simple look and see if the process 'nosc32.exe' is running, if so kill it. If that doesnt work, reboot into safemode and kill it. (Taskmanager->Process->select 'nosc32.exe'->click 'end process'). It hooks into HKLM\Software\Microsoft\Windows\CurrentVersion\Run to get autostarted at boot, and might do HKCU as well.
To completely remove it, delete the following files after killing the process
"c:\windows\system32\nosc32.exe" (or where ever you system32 directory is).
Clear your internet temp files to get rid of the rest of the junk which it used to infect your system.
Following files: nosc32.exe, loi.exe, LOI.CHM, f-tri.html (Orig. page), loi.html, 7449-Booger.swf(the bait)
The virus spams irc channels to watch a flash move, the page then loads worm while the the flash movie is playing and starts spamming irc channels.
:edit:
And its finally been noticed:
Vulnerability in Internet Explorer ITS Protocol Handler
It uses javascripting to execute, so just loading the page is enough to get infected.
Ran into this one in the wild, and infected some people who did have the latest windows updates. However it is fairly simple to remove.
Simple look and see if the process 'nosc32.exe' is running, if so kill it. If that doesnt work, reboot into safemode and kill it. (Taskmanager->Process->select 'nosc32.exe'->click 'end process'). It hooks into HKLM\Software\Microsoft\Windows\CurrentVersion\Run to get autostarted at boot, and might do HKCU as well.
To completely remove it, delete the following files after killing the process
"c:\windows\system32\nosc32.exe" (or where ever you system32 directory is).
Clear your internet temp files to get rid of the rest of the junk which it used to infect your system.
Following files: nosc32.exe, loi.exe, LOI.CHM, f-tri.html (Orig. page), loi.html, 7449-Booger.swf(the bait)
The virus spams irc channels to watch a flash move, the page then loads worm while the the flash movie is playing and starts spamming irc channels.
:edit:
And its finally been noticed:
Vulnerability in Internet Explorer ITS Protocol Handler
Currently, there is no complete solution for this vulnerability. Until a patch is available, consider the workarounds listed below.
Disable ITS protocol handlers
Disabling ITS protocol handlers appears to prevent exploitation of this vulnerability. Delete or rename the following registry keys:
Disabling these protocol handlers will significantly reduce the functionality of the Windows Help system and may have other unintended consequences. Plan to undo these changes after patches have been tested and installed.Code: Select all
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\{ms-its,ms-itss,its,mk}
Follow good Internet security practices
These recommended security practices will help to reduce exposure to attacks and mitigate the impact of cross-domain vulnerabilities.
- Disable Active scripting and ActiveX controls
NOTE: Disabling Active scripting and ActiveX controls will not prevent the exploitation of this vulnerability.
Disabling Active scripting and ActiveX controls in the Internet and Local Machine Zones may stop certain types of attacks and will prevent exploitation of different cross-domain vulnerabilities. Disable Active scripting and ActiveX controls in any zones used to read HTML email.
Disabling Active scripting and ActiveX controls in the Local Machine Zone will prevent malicious code that requires Active scripting and ActiveX controls from running. Changing these settings may reduce the functionality of scripts, applets, Windows components, or other applications. See Microsoft Knowledge Base Article 833633 for detailed information about security settings for the Local Machine Zone. Note that Service Pack 2 for Windows XP includes these changes.- Do not follow unsolicited links
Do not click on unsolicited URLs received in email, instant messages, web forums, or Internet relay chat (IRC) channels.- Maintain updated anti-virus software
Anti-virus software with updated virus definitions may identify and prevent some exploit attempts. Variations of exploits or attack vectors may not be detected. Do not rely solely on anti-virus software to defend against this vulnerability. More information about viruses and anti-virus vendors is available on the US-CERT Computer Virus Resources page.
"Okay, I'll have the truth with a side order of clarity." ~ Dr. Daniel Jackson.
"Reality has a well-known liberal bias." ~ Stephen Colbert
"One Drive, One Partition, the One True Path" ~ ars technica forums - warrens - on hhd partitioning schemes.
"Reality has a well-known liberal bias." ~ Stephen Colbert
"One Drive, One Partition, the One True Path" ~ ars technica forums - warrens - on hhd partitioning schemes.
New worm alert 1 May 2004:
Anyone who has not applied patch as listed in MS Security Bulletin MS04-011 should do so ASAP -- just hit Windows Update.
Details on the Sasser worm may be found here at SANS
Anyone who has not applied patch as listed in MS Security Bulletin MS04-011 should do so ASAP -- just hit Windows Update.
Details on the Sasser worm may be found here at SANS
- Faram
- Bastard Operator from Hell
- Posts: 5270
- Joined: 2002-07-04 07:39am
- Location: Fighting Polarbears
New critical update @windowsupdate
This time it's an update of an old patch
Info at Microsoft
No reboot to apply this one for once
This time it's an update of an old patch
Info at Microsoft
No reboot to apply this one for once
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]
"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus
Fear is the mother of all gods.
Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus
Fear is the mother of all gods.
Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
- Admiral Valdemar
- Outside Context Problem
- Posts: 31572
- Joined: 2002-07-04 07:17pm
- Location: UK
- Crayz9000
- Sith Apprentice
- Posts: 7329
- Joined: 2002-07-03 06:39pm
- Location: Improbably superpositioned
- Contact:
Another VERY BAD Internet Explorer hole has been discovered -- actually, two. Only one of them is fixed by WinXP Service Pack 2.
The only known solution right now is to disable Active Scripting for all but the websites that you trust.
The Secunia advisory can be read if you want more information.
The only known solution right now is to disable Active Scripting for all but the websites that you trust.
The Secunia advisory can be read if you want more information.
A Tribute to Stupidity: The Robert Scott Anderson Archive (currently offline)
John Hansen - Slightly Insane Bounty Hunter - ASVS Vets' Assoc. Class of 2000
HAB Cryptanalyst | WG - Intergalactic Alliance and Spoof Author | BotM | Cybertron | SCEF
John Hansen - Slightly Insane Bounty Hunter - ASVS Vets' Assoc. Class of 2000
HAB Cryptanalyst | WG - Intergalactic Alliance and Spoof Author | BotM | Cybertron | SCEF
- Crayz9000
- Sith Apprentice
- Posts: 7329
- Joined: 2002-07-03 06:39pm
- Location: Improbably superpositioned
- Contact:
CERT is now recommending that IE users switch to non-affected browsers like Opera or Mozilla because of the js.scob.trojan virus that's now spreading across the Internet. I'm pretty sure this is related to the above hole.
CERT recommends that Explorer users consider other browsers that are not affected by the attack, such as Mozilla, Mozilla Firefox, Netscape and Opera. Mac, Linux and other non-Windows operating systems are immune from this attack. For people who continue to use the Internet Explorer, CERT and Microsoft recommend setting the browser's security settings to "high," but that can impair some browsing functions.
A Tribute to Stupidity: The Robert Scott Anderson Archive (currently offline)
John Hansen - Slightly Insane Bounty Hunter - ASVS Vets' Assoc. Class of 2000
HAB Cryptanalyst | WG - Intergalactic Alliance and Spoof Author | BotM | Cybertron | SCEF
John Hansen - Slightly Insane Bounty Hunter - ASVS Vets' Assoc. Class of 2000
HAB Cryptanalyst | WG - Intergalactic Alliance and Spoof Author | BotM | Cybertron | SCEF
- Faram
- Bastard Operator from Hell
- Posts: 5270
- Joined: 2002-07-04 07:39am
- Location: Fighting Polarbears
There is a new BHO (Browser Helper Object) that steals the passwords used in a SSL connection from internet explorer.
This stuff is bad and a full analysis of the attack can be found here:
Long URL to a PDF
To be safe, don't use IE when doing transactions, get some other browser and use that one.
This stuff is bad and a full analysis of the attack can be found here:
Long URL to a PDF
To be safe, don't use IE when doing transactions, get some other browser and use that one.
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]
"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus
Fear is the mother of all gods.
Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus
Fear is the mother of all gods.
Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
- Faram
- Bastard Operator from Hell
- Posts: 5270
- Joined: 2002-07-04 07:39am
- Location: Fighting Polarbears
The fix is just in:Crayz9000 wrote:Another VERY BAD Internet Explorer hole has been discovered -- actually, two. Only one of them is fixed by WinXP Service Pack 2.
The only known solution right now is to disable Active Scripting for all but the websites that you trust.
The Secunia advisory can be read if you want more information.
Frigging long link @ MS
The dokumentation:
http://support.microsoft.com/?kbid=870669
This update ain't in Windowsupdate yet but I think it will be there really soon.
--***--- EDIT ---***---
The Fix is availeble at www.windowsupdate.com suggest that you all go there and get it.
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]
"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus
Fear is the mother of all gods.
Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus
Fear is the mother of all gods.
Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
- Faram
- Bastard Operator from Hell
- Posts: 5270
- Joined: 2002-07-04 07:39am
- Location: Fighting Polarbears
A shitload of updated appeared from MS at 20040713 but I haven't checked for updates du to vacation.
Anyways those you need can be found at windowsupdate or D/L the stuff from here:
Microsoft.com
This is the Juli update info
Anyways those you need can be found at windowsupdate or D/L the stuff from here:
Microsoft.com
This is the Juli update info
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]
"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus
Fear is the mother of all gods.
Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus
Fear is the mother of all gods.
Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
- Faram
- Bastard Operator from Hell
- Posts: 5270
- Joined: 2002-07-04 07:39am
- Location: Fighting Polarbears
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]
"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus
Fear is the mother of all gods.
Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus
Fear is the mother of all gods.
Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
- Crayz9000
- Sith Apprentice
- Posts: 7329
- Joined: 2002-07-03 06:39pm
- Location: Improbably superpositioned
- Contact:
El Reg reports that a yet-unnamed worm similar to Download.Ject is spreading via AIM and ICQ, with the message apparently being "My personal home page http://XXXXXXX.X-XXXXXX.XXX/" The page it links to is filled with exploits and malware goodness.
This is only a concern if your default browser is Internet Explorer, and then again, you shouldn't really be dumb enough to open links from complete strangers in IM anyway.
This is only a concern if your default browser is Internet Explorer, and then again, you shouldn't really be dumb enough to open links from complete strangers in IM anyway.
A Tribute to Stupidity: The Robert Scott Anderson Archive (currently offline)
John Hansen - Slightly Insane Bounty Hunter - ASVS Vets' Assoc. Class of 2000
HAB Cryptanalyst | WG - Intergalactic Alliance and Spoof Author | BotM | Cybertron | SCEF
John Hansen - Slightly Insane Bounty Hunter - ASVS Vets' Assoc. Class of 2000
HAB Cryptanalyst | WG - Intergalactic Alliance and Spoof Author | BotM | Cybertron | SCEF
- Einhander Sn0m4n
- Insane Railgunner
- Posts: 18630
- Joined: 2002-10-01 05:51am
- Location: Louisiana... or Dagobah. You know, where Yoda lives.
Sounds like yet another variant of CWS to me. And I though lop.com and xupiter were bad?! Ha!Crayz9000 wrote:El Reg reports that a yet-unnamed worm similar to Download.Ject is spreading via AIM and ICQ, with the message apparently being "My personal home page http://XXXXXXX.X-XXXXXX.XXX/" The page it links to is filled with exploits and malware goodness.
This is only a concern if your default browser is Internet Explorer, and then again, you shouldn't really be dumb enough to open links from complete strangers in IM anyway.
- Jade Falcon
- Jedi Council Member
- Posts: 1705
- Joined: 2004-07-27 06:22pm
- Location: Jade Falcon HQ, Ayr, Scotland, UK
- Contact:
I've set ICQ and AIM that I only receive messages from people I know anyway, believe me, I learned through ICQ that if you don't, you'd never have time in the day to do anything else than dismiss spam messages.
Don't Move you're surrounded by Armed Bastards - Gene Hunt's attempt at Diplomacy
I will not make any deals with you. I've resigned. I will not be pushed, filed, stamped, indexed, briefed, debriefed or numbered. My life is my own - Number 6
The very existence of flame-throwers proves that some time, somewhere, someone said to themselves, You know, I want to set those people over there on fire, but I'm just not close enough to get the job done.
I will not make any deals with you. I've resigned. I will not be pushed, filed, stamped, indexed, briefed, debriefed or numbered. My life is my own - Number 6
The very existence of flame-throwers proves that some time, somewhere, someone said to themselves, You know, I want to set those people over there on fire, but I'm just not close enough to get the job done.
- Crayz9000
- Sith Apprentice
- Posts: 7329
- Joined: 2002-07-03 06:39pm
- Location: Improbably superpositioned
- Contact:
Guys, this really should be in another thread. This thread is for notices related to new Windows/MSIE bugs that are out.
A Tribute to Stupidity: The Robert Scott Anderson Archive (currently offline)
John Hansen - Slightly Insane Bounty Hunter - ASVS Vets' Assoc. Class of 2000
HAB Cryptanalyst | WG - Intergalactic Alliance and Spoof Author | BotM | Cybertron | SCEF
John Hansen - Slightly Insane Bounty Hunter - ASVS Vets' Assoc. Class of 2000
HAB Cryptanalyst | WG - Intergalactic Alliance and Spoof Author | BotM | Cybertron | SCEF
- Faram
- Bastard Operator from Hell
- Posts: 5270
- Joined: 2002-07-04 07:39am
- Location: Fighting Polarbears
A new critical bug.
Full info here:
Microsoft.com
Executive Summary:
Full info here:
Microsoft.com
Executive Summary:
This update resolves a newly-discovered, privately reported vulnerability. A buffer overrun vulnerability exists in the processing of JPEG image formats that could allow remote code execution on an affected system. The vulnerability is documented in this bulletin in its own section.
If a user is logged on with administrator privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
Microsoft recommends that customers apply the update immediately.
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]
"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus
Fear is the mother of all gods.
Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus
Fear is the mother of all gods.
Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
- Faram
- Bastard Operator from Hell
- Posts: 5270
- Joined: 2002-07-04 07:39am
- Location: Fighting Polarbears
True but it affects a shitload of other applications:phongn wrote:Said bug does not apply to XP SP2, BTW
Get some fixes from:
http://www.windowsupdate.com
http://www.officeupdate.com
Affected Software:
Microsoft Windows XP and Microsoft Windows XP Service Pack 1 – Download the update
Microsoft Windows XP 64-Bit Edition Service Pack 1 – Download the update
Microsoft Windows XP 64-Bit Edition Version 2003 – Download the update
Microsoft Windows Server™ 2003 – Download the update
Microsoft Windows Server 2003 64-Bit Edition – Download the update
Microsoft Office XP Service Pack 3 – Download the update
Microsoft Office XP Service Pack 2 – Download the administrative update
Microsoft Office XP Software:
Outlook® 2002
Word 2002
Excel 2002
PowerPoint® 2002
FrontPage® 2002
Publisher 2002
Microsoft Office 2003 – Download the update
Microsoft Office 2003 Software:
Outlook® 2003
Word 2003
Excel 2003
PowerPoint® 2003
FrontPage® 2003
Publisher 2003
InfoPath™ 2003
OneNote™ 2003
Microsoft Project 2002 Service Pack 1 (all versions) – Download the update
Microsoft Project 2003 (all versions) – Download the update
Microsoft Visio 2002 Service Pack 2 (all versions) – Download the update
Microsoft Visio 2003 (all versions) – Download the update
Microsoft Visual Studio .NET 2002 – Download the update
Microsoft Visual Studio .NET 2002 Software:
Visual Basic .NET Standard 2002
Visual C# .NET Standard 2002
Visual C++ .NET Standard 2002
Microsoft Visual Studio .NET 2003 – Download the update
Microsoft Visual Studio .NET 2003 Software:
Visual Basic .NET Standard 2003
Visual C# .NET Standard 2003
Visual C++ .NET Standard 2003
Visual J# .NET Standard 2003
The Microsoft .NET Framework version 1.0 SDK Service Pack 2 – Download the update
Microsoft Picture It!® 2002 (all versions) – Download the update
Microsoft Greetings 2002 – Download the update
Microsoft Picture It! version 7.0 (all versions) – Download the update
Microsoft Digital Image Pro version 7.0 – Download the update
Microsoft Picture It! version 9 (all versions, including Picture It! Library) – Download the update
Microsoft Digital Image Pro version 9 – Download the update
Microsoft Digital Image Suite version 9 – Download the update
Microsoft Producer for Microsoft Office PowerPoint (all versions) – Download the update
Microsoft Platform SDK Redistributable: GDI+ - Download the update
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]
"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus
Fear is the mother of all gods.
Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus
Fear is the mother of all gods.
Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
- Rogue 9
- Scrapping TIEs since 1997
- Posts: 18649
- Joined: 2003-11-12 01:10pm
- Location: Classified
- Contact:
Slashdot
New IM Worm On The Loose
Posted by CmdrTaco on Monday October 11, @07:28PM
from the head-for-the-hills dept.
elfarto writes "Techweb is reporting that a new worm that spreads via Microsoft's instant messaging client began badgering users Monday, several security firms said. Dubbed Funner, the worm propagates by sending itself to all the contacts listed in the user's copy of MSN Messenger, Microsoft's IM client. There is an analysis on Symantec Security Response Site; apparently the worm tries to download stuff from www.78p.com and adds entries to the hosts file pointing to more that 400 Chinese porn sites. The worm also sends itself to the whole contact list as funny.exe so it requires the user interaction to actually execute it. "
It's Rogue, not Rouge!
HAB | KotL | VRWC/ELC/CDA | TRotR | The Anti-Confederate | Sluggite | Gamer | Blogger | Staff Reporter | Student | Musician
HAB | KotL | VRWC/ELC/CDA | TRotR | The Anti-Confederate | Sluggite | Gamer | Blogger | Staff Reporter | Student | Musician
- Faram
- Bastard Operator from Hell
- Posts: 5270
- Joined: 2002-07-04 07:39am
- Location: Fighting Polarbears
Patchtime is here again!
7 New critcal updates! And 3 importaint
Don't have the time to get into details here, read the page. Run windowsupdate and patch.
That makes 10 in October! Yay owertime here I come!
7 New critcal updates! And 3 importaint
Don't have the time to get into details here, read the page. Run windowsupdate and patch.
That makes 10 in October! Yay owertime here I come!
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]
"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus
Fear is the mother of all gods.
Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus
Fear is the mother of all gods.
Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
- Crayz9000
- Sith Apprentice
- Posts: 7329
- Joined: 2002-07-03 06:39pm
- Location: Improbably superpositioned
- Contact:
OK, we have updates for every browser out there today.
First off, there are two CRITICAL vulnerabilities in Internet Explorer.
Opera also suffers from a similar vulnerability
And so does Safari
And Netscape 6.x-7.x
And Konqueror (all versions with tabbed browsing)
And Maxthon, aka MyIE2
And Avant 9.x and 10.x
First off, there are two CRITICAL vulnerabilities in Internet Explorer.
Then, there's a less critical Mozilla/Firefox/Camino bug that has to do with the tabbed browsing setup. It's been an annoyance for a while now since Mozilla doesn't control where your keyboard focus is.Description:
http-equiv has discovered two vulnerabilities in Internet Explorer, which can be exploited by malicious people to compromise a user's system, link to local resources, and bypass a security feature in Microsoft Windows XP SP2.
Solution:
Disable Active Scripting or use another product.
Opera also suffers from a similar vulnerability
And so does Safari
And Netscape 6.x-7.x
And Konqueror (all versions with tabbed browsing)
And Maxthon, aka MyIE2
And Avant 9.x and 10.x
Description:
Secunia Research has discovered two vulnerabilities in Mozilla, Mozilla Firefox, and Camino, which can be exploited by malicious web sites to obtain sensitive information and spoof dialog boxes.
The vulnerability has been confirmed in the following versions:
* Mozilla 1.7.2 and 1.7.3
* Mozilla Firefox 0.10.1
Other versions may also be vulnerable.
Solution:
Don't visit trusted web sites while visiting untrusted web sites or disable JavaScript.
A Tribute to Stupidity: The Robert Scott Anderson Archive (currently offline)
John Hansen - Slightly Insane Bounty Hunter - ASVS Vets' Assoc. Class of 2000
HAB Cryptanalyst | WG - Intergalactic Alliance and Spoof Author | BotM | Cybertron | SCEF
John Hansen - Slightly Insane Bounty Hunter - ASVS Vets' Assoc. Class of 2000
HAB Cryptanalyst | WG - Intergalactic Alliance and Spoof Author | BotM | Cybertron | SCEF