Free Republic 3rd Quarter Fundraising Target: $88,000 Receipts & Pledges to-date: $28,010
Woo hoo!! And the first 31% is in!! Thank you all very much!! God bless.

Keyword: vulnerability

Brevity: Headers | « Text »
  • Zero-day exploit can bypass rootless on Mac to modify the system without detection

    03/27/2016 12:18:07 AM PDT · by Swordmaker · 16 replies
    Digital Trends ^ | March 25, 2016 | By Justin Pot
    A zero-day exploit affecting Mac OS X allows attackers to execute arbitrary code on any binary. That’s not good, and it gets worse. The exploit bypasses System Identity Protection (SIP, sometimes called rootless), and is almost impossible to trace once implemented. Apple has been notified and a patch is on the way.“Our researchers recently uncovered a major flaw which allows for local privilege escalation and bypass of System Integrity Protection, Apple’s newest protection feature,” wrote SentinelOne in a blog post announcing the discovery. A talk given by Pedro Vilaça at SyScan360, a security conference in downtown Singapore this week, outlined...
  • DROWN Attack - New Server SSL Encryption Vulnerability Announced, 1/3 of Internet Is At Risk

    03/02/2016 1:10:04 PM PST · by dayglored · 27 replies
    DROWN Attack Website ^ | March 1, 2016 | (Various researchers)
    As described in this paper "DROWN: Breaking TLS using SSLv2" (PDF), it is possible to crack current TLS encryption using an old, obsolete, but nevertheless still deployed protocol, SSLv2. This is a server-side issue -- it is not something clients (normal users) can do anything about. Folks browsing the web have to rely on the system admins at their favorite websites, mail portals, banks, shops, etc. to fix this. It is estimated that a third of the public servers on the Internet are vulnerable to this attack. You can test the servers in a given domain using this tool from...
  • Zero-Day FFmpeg Vulnerability Lets Anyone Steal Files from Remote Machines

    01/14/2016 7:18:26 PM PST · by Utilizer · 19 replies
    Softpedia ^ | Jan 13, 2016 22:03 GMT | Marius Nestor
    A zero-day vulnerability in the FFmpeg open-source multimedia framework, which is currently used in numerous Linux kernel-based operating systems and software applications, also for the Mac OS X and Windows platforms, was unveiled recently. The vulnerability was discovered on January 12, 2016, by Russian programmer Maxim Andreev in the current stable builds of the FFmpeg software, and it would appear that it allows anyone who has the necessary skills to hack a computer to read local files on a remote machine and send them over the network using a specially crafted video file. The vulnerability is limited to reading local...
  • Surprise, Apple's OS X Comes Out as Most Vulnerable Software of 2015

    01/03/2016 5:58:53 PM PST · by Up Yours Marxists · 92 replies
    Hackread ^ | January 3, 2015 17:01 UTC | Ali Raza
    In a study conducted by CVE Details, the most vulnerable software of the previous year has been identified as Apple’s OS X and the tech-giant is also the company with most bugs. With 2016 coming, people in all sectors have been busy summarizing 2015 with reports and lists of who have been the winners and who have been the losers. The tech experts and security personnel have been at it too, with CVE Details producing a list of most vulnerable software of the past year. Many would have expected the list to be topped by Adobe Flash, for the software...
  • 'Devastating' flaw found in Windows' authentication system (Uh-oh, a major Kerberos vulnerability)

    12/15/2015 1:41:21 PM PST · by dayglored · 32 replies
    The Register ^ | Dec 15, 2015 | Kieren McCarthy
    Security researcher @dfirblog has discovered what he calls a devastating flaw in Windows' Kerberos authentication system. The flaw cannot be fixed and the only solution is to introduce and use Microsoft's Credential Guard program to prevent passwords from being stored in memory, according to his extensive blog post. The flaw results from how the third-party authentication system creates secret keys: by using the password associated with a disabled username (krbtgt). That password is rarely changed, making it possible to bypass the authentication system altogether and allow an attacker to grant themselves admin privileges, as well as create secret passwords for...
  • NEW Adobe Flash Zero-day Vulnerability / Exploit - Uninstall Flash Today From All Computers

    10/15/2015 11:34:56 AM PDT · by dayglored · 63 replies
    (vanity, multiple sources) ^ | Oct 15, 2015 | (vanity, multiple sources)
    Yet another bad new Zero-Day (already exploited) Adobe Flash vulnerability. Time to uninstall Flash from all your computers and keep it off for good! To remove Flash from Windows: Close your browser In Control Panel -> Programs and Features, remove/uninstall all Adobe Flash or Shockwave items. Restart your browser Go to Add-ons/Plugins and confirm there are no Shockwave or Flash plugins. To remove Flash from OS X (10.6 and later): Download and run this Flash uninstaller: To remove Flash from Linux: Close your browser Use "apt-get remove", "yum erase", or find the flashplayer .so (e.g. in /usr/lib[64]/mozilla/plugins or ~/.mozilla/plugins)...
  • Patch! Microsoft emits emergency fix for THIRD Hacking Team hole (Critical Windows Vulnerability)

    07/20/2015 1:58:13 PM PDT · by dayglored · 16 replies
    The Register ^ | July 20, 2015 | Chris Williams
    Microsoft has, in the past couple of minutes, released a security update for all supported versions of Windows to fix a critical remote-code execution vulnerability. Details of the vulnerability were found and reported to Microsoft by security researchers poring over internal memos leaked online from spyware-maker Hacking Team. This follows an elevation-of-privilege hole in Windows, and a remote-code execution vuln in Internet Explorer 11, that were also uncovered from the Hacking Team files, and patched last week by Microsoft. This latest security flaw (MS15-078) lies within the Windows Adobe Type Manager Library, and can be exploited by attackers to hijack...
  • Dont Let the Grinch Steal Christmas (Linux Vulnerability)

    12/18/2014 2:47:48 PM PST · by zeugma · 20 replies
    AlertLogic Blog ^ | December 16, 2014 | Stephen Coty
    Dont Let the Grinch Steal Christmas December 16, 2014 Posted by: Stephen Coty, Chief Security EvangelistLeave a comment Blog Contributions by Tyler Borland, Sr. Security Researcher and Stephen Coty, Chief Security Evangelist, Alert Logic Since we are in the thick of the holiday season, we are analyzing which operating systems support the needs of e-commerce and brick and mortar retail shops. Due to the lower cost of ownership and efficiencies such as a non-resource heavy operating system that allow for applications to run more smoothly, we found that Linux is dominating when it comes to e-commerce site deployment. According...
  • New zero day vulnerability identified in all versions of IE

    04/27/2014 4:26:55 PM PDT · by dayglored · 95 replies
    Cnet ^ | Apr 27, 2014 | Steven Musil
    A new zero day vulnerability that resides in all versions of Internet Explorer has been spotted in the wild, Microsoft confirmed late Saturday. The vulnerability, which could allow remote code execution, is being used in "limited, targeted attacks," according to an advisory issued by Microsoft. While all versions of the web browser, IE 6 through 11, are affected by the vulnerability, attacks are currently targeting IE versions 9, 10 and 11, according to security firm Fire Eye, which first reported the flaw Friday. The attack leverages a previously unknown "use after free" vulnerability -- data corruption that occurs after memory...
  • Major security flaw threatens Linux users

    03/05/2014 10:20:50 AM PST · by ShadowAce · 56 replies
    Network World ^ | 4 March 2014 | Jon Gold
    A source code mistake in the GnuTLS library an open-source software building block used in a large number of different Linux distributions to handle secure Internet connections could prove a serious threat to the privacy of Linux users, as developers rush to patch the vulnerability. Nikos Mavrogiannopolous, the developer of GnuTLS, announced Monday in a mailing list message that he had implemented a fix to the source code that closes the loophole. The flaw would have enabled an attacker to spoof GnuTLS system for verifying certificates, exposing supposedly secure connections to stealthy eavesdropping. By creating a specific type...
  • Backdoor in mission-critical systems (Grid,etc controllers)

    04/26/2012 11:19:35 AM PDT · by dickmc · 5 replies
    Risks Digest ^ | April 25, 2012 | C Y Cripps
    Article regarding alarming major Ruggedcom (Siemens) controller BACKDOOR vulnerability. These controllers are used widely in the electric grid, military, and transportation systems!
  • A simple HTML tag will crash 64-bit Windows 7

    12/21/2011 10:18:07 AM PST · by ShadowAce · 55 replies
    The Register ^ | John Leyden
    An unpatched critical flaw in 64-bit Windows 7 leaves computers vulnerable to a full 'blue screen of death' system crash. The memory corruption bug in x64 Win 7 could also allow malicious kernel-level code to be injected into machines, security alert biz Secunia warns. Fortunately the 32-bit version of Windows 7 is immune to the flaw, which has been pinned down to the win32k.sys operating system file - which contains the kernel portion of the Windows user interface and related infrastructure.Proof-of-concept code showing how to crash vulnerable Win 7 boxes has been leaked: the simple HTML script, when opened in...
  • Whitehats pierce giant hole in Microsoft security shield

    04/18/2011 11:56:11 AM PDT · by ShadowAce · 9 replies
    The Register ^ | 18 April 2011 | Dan Goodin
    In late December, Microsoft researchers responding to publicly posted attack code that exploited a vulnerability in the FTP service of IIS told users it wasn't much of a threat because the worst it probably could do was crash the application. Thanks at least in part to security mitigations added to recent operating systems, attackers targeting the heap-overrun flaw had no way to control data that got overwritten in memory, IIS Security Program Manager Nazim Lala blogged. It was another victory for Microsoft's defense-in-depth approach to code development, which aims to make exploitation harder by adding multiple security layers. However, it...
  • How many names and emails wre stolen recently from CC companies?(vanity)

    04/04/2011 4:50:54 PM PDT · by dynachrome · 31 replies
    me ^ | 4-4-11 | The young and studly Dynachrome
    I have received notification of email breaches from Kroger, Best Buy and Home Depot so far. They seem legit as they are not asking for any info, just notifying me of probable phishing scams based on these breaches. so how many credit cards got info stolen recently?
  • Warning: E-mail virus spreading (DHS investigating?)

    09/09/2010 1:57:15 PM PDT · by Rutles4Ever · 35 replies
    Twitter ^ | 09/09/2010 | Jason Ryan
    "Here You Have" Virus Email spreading. DHS US-CERT Computer Emergency Readiness Team looking into issue. will issue bulletin.
  • Unpatched kernel-level vuln affects all Windows versions

    08/07/2010 9:16:32 AM PDT · by dayglored · 20 replies · 2+ views
    The Register (Brit Tech) | Aug 6, 2010 | Dan Goodlin
    Researchers have identified a kernel-level vulnerability in Windows that allows attackers to gain escalated privileges and may also allow them to remotely execute malicious code. All versions of the Microsoft OS are affected, including the heavily fortified Windows 7. The buffer overflow, which was originally reported here, can be exploited to escalate privileges or crash vulnerable machines, IT research company Vupen said. The flaw may also allow attackers to execute arbitrary code with kernel privileges. The bug resides in the CreateDIBPalette() function of a device driver known as Win32k.sys. It is exploited by pasting a large number of color values...
  • Obama's Nuclear Poser Review

    04/07/2010 3:34:56 AM PDT · by Scanian · 3 replies · 218+ views
    The American Thinker ^ | April 07, 2010 | Pamela Geller
    Barack Obama announced Monday what the New York Times called a "new strategy," his Nuclear Posture Review: he is narrowing the conditions under which the U.S. would use nuclear weapons. For the first time since the U.S. became a nuclear power, the President of the United States has explicitly vowed that we will not use nukes even against countries that use chemical or biological weapons against us, or take us down with a massive cyberattack -- as long as those states are obeying the provisions of the Nuclear Nonproliferation Treaty. He also overruled his own Secretary of Defense and said...
  • New poll: Now, signs of real vulnerability for California's Democratic Sen. Barbara Boxer

    02/15/2010 5:14:59 PM PST · by Nachum · 38 replies · 1,621+ views
    l.a. times ^ | 2/15/10 | staff
    So, is California's brittle Democratic Sen. Barbara Boxer about to become the next Harry Reid? Which is to say, embattled at home. As Reid worked the wallets of San Francisco on Presidents' Day to raise money for his endangered seat in Nevada, some stunning new Rasmussen Reports poll out today makes a compelling point: For the second straight month the three-term senator is unable to break the 50% mark against any potential Republican opponents, the historical measuring mark of vulnerability for an incumbent nine months before an election.
  • Flying the fiendish skies

    12/27/2009 3:41:55 AM PST · by Scanian · 18 replies · 1,009+ views
    NY Post ^ | December 27, 2009 | Editorial
    Islamist terrors Christmas present to America a deadly fireball over Detroit International Airport failed to materialize late Friday morning, but not for lack of ingenuity or dedication on the terrorists part. The incendiary device carried aboard Northwest Airlines Flight 253 by a Nigerian national identified by authorities as Abdul Farouk Abdulmutallab didnt work as designed thus sparing 278 passengers and 11 crew members gruesome deaths. But he did manage to carry inflammable chemicals aboard the aircraft and come perilously close to igniting them. Just how Abdulmutallab came to be on the aircraft is a compelling mystery....
  • Officers Warned of Flaw in U.S. Drones in 2004 (Predator vulnerability discussed 12/17)

    12/18/2009 11:57:45 AM PST · by markomalley · 9 replies · 409+ views
    Wall Street Journal ^ | 12/18/2009 | YOCHI J. DREAZEN, AUGUST COLE and SIOBHAN GORMAN
    Senior U.S. military officers working for the Joint Chiefs of Staff discussed the danger of Russia and China intercepting and doctoring video from drone aircraft in 2004, but the Pentagon didn't begin securing the signals until this year, according to people familiar with the matter. The disclosure came after The Wall Street Journal reported insurgents in Iraq had intercepted video feeds from drones, downloading unencrypted communications from the unmanned planes. Shiite fighters in Iraq used software programs such as SkyGrabber -- available for as little as $25.95 on the Internet -- to regularly capture drone video feeds, said a person...
  • DNSSEC under attack?

    11/30/2009 1:11:45 PM PST · by ShadowAce · 5 replies · 317+ views
    Internet News ^ | 25 November 2009 | Sean Michael Kerner
    From the 'Mission Accomplished?' files: For more than a year now I've heard lots of people in the Internet industry proclaiming DNSSEC (DNS Security Extensions) as the long-term solution to DNS cache poisoning vulnerabilities. That may not necessarily be the case. A new vulnerability is now out that attacks DNS servers WITH DNSSSEC installed. In the summer of 2008, security researcher Dan Kaminsky made the whole world aware of potential security issues with DNS, which could have undermined the integrity of the Internet itself. DNSSEC is supposed to be answer, with most of the world's major Internet registries moving to...
  • Disclosure of information vulnerability in Safari web browser

    01/14/2009 10:07:27 AM PST · by smokingfrog · 245+ views ^ | Jan. 14, 2009 | Brian Mastenbrook
    Note: The original version of this page contained a simple workaround for this issue which I believed would protect users against this problem. I have since discovered (on 13 January 2009) that changing the default RSS feed reader application in Safari does not correctly disassociate Safari from all RSS feed URLs. The workaround section of this post has been updated with additional information. I regret that what initially appeared to be a simple workaround is now substantially more complicated and requires the installation of third-party software to perform. I have discovered that Apple's Safari browser is vulnerable to an attack...
  • Euthanasia Video, Turning the Tide, Incredibly Well Received

    09/11/2007 4:10:59 AM PDT · by monomaniac · 1 replies · 289+ views ^ | September 10, 2007
    Euthanasia Video, Turning the Tide, Incredibly Well Received September 10, 2007 ( - Turning the Tide, the powerful DVD on euthanasia and assisted suicide, has been incredibly well received. The Euthanasia Prevention Coalition has sold more than 700 copies of Turning the Tide since its release in April and Turning the Tide has received positive reviews from people across Canada and the US.Turning the Tide is produced by the Euthanasia Prevention Coalition and Salt and Light media foundation.Turning the Tide was designed to change the way secular society perceives the issues of euthanasia and assisted suicide. Secular society views the...
  • Critical vulnerabilities announced for all Adobe Flash platforms, including Linux and Solaris

    07/16/2007 9:22:01 AM PDT · by ShadowAce · 19 replies · 918+ views
    DaniWeb ^ | 13 July 2007 | Davey Winder,
    No less than three critical vulnerabilities have been identified by Adobe affecting upon users of Flash Player and earlier, and earlier, and and earlier. The cross-platform problem refers to an input validation error that could, potentially, lead to arbitrary code execution via content delivered from a remote location using web browser, email client, or pretty much any application that includes or references the Flash Player. Furthermore, a separate issue regarding an insufficient validation of the HTTP Referrer has also been identified in Flash Player and earlier which could result in a cross-site request forgery attack. Although...
  • Java flaw poses widespread security threat

    07/13/2007 10:15:13 AM PDT · by ShadowAce · 13 replies · 860+ views
    CNet News ^ | 13 July 2007 | Liam Tung
    Google's security team has discovered vulnerabilities in the Sun Java Runtime Environment that threaten the security of all platforms, browsers and even mobile devices. "This is as bad as it gets," said Chris Gatford, a security expert from penetration testing firm Pure Hacking. "It's a pretty significant weakness, which will have a considerable impact if the exploit codes come to fruition quickly. It could affect a lot of organizations and users," Gatford told ZDNet Australia. Australia's Computer Emergency Response Team analyst, Robert Lowe, warned that anyone using the Java Runtime Environment or Java Development Kit is at risk. "Delivery of...
  • Attacks exploit Windows DNS server flaw

    04/16/2007 8:54:40 AM PDT · by ShadowAce · 11 replies · 991+ views
    The Register ^ | 13 April 2007 | Dan Goodin
    Attackers are targeting a flaw in the DNS service for Windows server OSes that could hijack the computers that run them, Microsoft warns. The software behemoth advises admins to employ workarounds pending completion of its investigation. The vulnerability affects Windows 2000 Server, Service Pack 4 and SP 1 and SP2 versions of Windows Server 2003, according to this Microsoft advisory. DNS functionality exposed over port 53 is not at risk. Nor are Windows 2000 Professional, Windows XP and Windows Vista. An attack can be carried out by executing a stack-based buffer overrun in the DNS Server's remote procedure call (RPC)...
  • Yahoo Patches IM Vulnerability

    04/06/2007 11:28:58 AM PDT · by bedolido · 483+ views ^ | 4-5-2007 | Brian Prince
    Yahoo has patched a buffer overflow vulnerability in its instant-messaging tool that would have enabled attackers to potentially execute code on a compromised machine.
  • Remote Exploit Discovered for OpenBSD

    03/15/2007 10:23:10 AM PDT · by zeugma · 9 replies · 510+ views
    Core Security ^ | 2007-03-13 | Core Security labs
    Core Security is reporting a remote buffer exploit for the OpenBSD operating system. This is also being reported on /. Title: OpenBSD's IPv6 mbufs remote kernel buffer overflow Class: Buffer Overflow Remotely Exploitable: Yes Locally Exploitable: No Advisory URL: Vulnerability Description The OpenBSD kernel contains a memory corruption vulnerability in the code that handles IPv6 packets. Exploitation of this vulnerability can result in: 1) Remote execution of arbitrary code at the kernel level on the vulnerable systems (complete system compromise), or; 2) Remote denial of service attacks against vulnerable systems (system crash due to a kernel panic)...
  • Rudy Giuliani's Vulnerabilities

    02/13/2007 12:21:51 PM PST · by Third Order · 14 replies · 583+ views
    The Smoking Gun ^ | Feb 12, 2007 | Smoking Gun
    FEBRUARY 12--As he campaigns for the Republican presidential nomination, Rudolph Giuliani will have to contend with political and personal baggage unknown to prospective supporters whose knowledge of the former New York mayor is limited to his post-September 11 exploits. So, in a bid to educate the electorate, we're offering excerpts from a remarkable "vulnerability study" that was commissioned by Giuliani's campaign prior to his successful 1993 City Hall run. The confidential 450-page report, authored by Giuliani's research director and another aide, was the campaign's attempt to identify possible lines of attack against Giuliani and prepare the candidate and his staff...
  • Smoking Gun publishes 1993 Giuliani campaign memo; cites "Wierdness Factor" among other weaknesses.

    02/13/2007 12:01:22 PM PST · by OldGuard1 · 61 replies · 1,363+ views
    The Smoking Gun ^ | Feb 12, 2007 | The Smoking Gun
    FEBRUARY 12--As he campaigns for the Republican presidential nomination, Rudolph Giuliani will have to contend with political and personal baggage unknown to prospective supporters whose knowledge of the former New York mayor is limited to his post-September 11 exploits. So, in a bid to educate the electorate, we're offering excerpts from a remarkable "vulnerability study" that was commissioned by Giuliani's campaign prior to his successful 1993 City Hall run. The confidential 450-page report, authored by Giuliani's research director and another aide, was the campaign's attempt to identify possible lines of attack against Giuliani and prepare the candidate and his staff...
  • Another good reason to stop using telnet (Major hack against Solaris)

    02/12/2007 10:35:07 PM PST · by zeugma · 22 replies · 549+ views
    SANS ^ | 2007-02-12 | donald smith
    There is a major zero day bug announced in solaris 10 and 11 with the telnet and login combination. It has been verified. In my opinion NOBODY be should running telnet open to the internet. Versions of Solaris 9 and lower do not appear to have this vulnerability. The issue: The telnet daemon passes switches directly to the login process which looks for a switch that allows root to login to any account without a password. If your telnet daemon is running as root it allows unauthenticated remote logins. Telnet should be disabled. Since 1994 the team has recommended...
  • Firefox Popup Blocker Allows Reading Arbitrary Local Files

    02/06/2007 6:04:30 PM PST · by zeugma · 18 replies · 1,160+ views
    securiteam ^ | 2/5/2007 | securiteam
    Firefox Popup Blocker Allows Reading Arbitrary Local Files There is an interesting vulnerability in the default behavior of Firefox built-in popup blocker. This vulnerability, coupled with an additional trick, allows the attacker to read arbitrary user-accessible files on the system, and thus steal some fairly sensitive information Vulnerable Systems: * Firefox version For security reasons, Firefox does not allow Internet-originating websites to access the file:// namespace. When the user chooses to manually allow a blocked popup however, normal URL permission checks are bypassed. The attacker may fool the browser to parse a chosen HTML document stored on the local...
  • Browser crashers warm to data fuzzing

    04/13/2006 10:37:32 AM PDT · by ShadowAce · 21 replies · 853+ views
    The Register ^ | 13 April 2006 | Robert Lemos
    Last month, security researcher HD Moore decided to write a simple program that would mangle the code found in web pages and gauge the effect such data would have on the major browsers. The result: hundreds of crashes and the discovery of several dozen flaws. The technique - called packet, or data, fuzzing - is frequently used to find flaws in network applications. Moore and others are now turning the tool on browsers to startling results. In a few weeks, the researcher had found hundreds of ways to crash Internet Explorer and, to a lesser extent, other browsers. In another...
  • Mac OS X File Association Meta Data Shell Script Execution - Another security hole found in OSX

    02/22/2006 7:42:43 AM PST · by Axlrose · 9 replies · 361+ views
    Secunia ^ | 2/22/06 | Secunia
    Michael Lehn has discovered a vulnerability in Mac OS X, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the processing of file association meta data in ZIP archives (stored in the "__MACOSX" folder) and mail messages (defined via the AppleDouble MIME format). This can be exploited to trick users into executing a malicious shell script renamed to a safe file extension stored in a ZIP archive or in a mail attachment. This can also be exploited automatically via the Safari browser when visiting a malicious web site.
  • Smoot Hawley, Chinese Style

    02/08/2006 9:39:34 AM PST · by Paul Ross · 13 replies · 456+ views
    The Discovery Institute ^ | May 20, 2005 | George Gilder
    Smoot Hawley, Chinese Style By: George Gilder May 20, 2005 Original Article In his insightful new book, The World Is Flat, Tom Friedman of The New York Times, though generally disdainful of anything conservative, somehow brings himself to cite an exemplary Heritage Foundation study of U.S. companies with facilities in China. These firms are not an unhealthy set of "Benedict Arnolds," as they were quaintly dubbed by Sen. John Kerry during the last presidential campaign. They are the heart of the U.S. economy and the spearhead of global economic growth. As Friedman explains, these manufacturing outsourcers together generate...
  • Windows PCs face huge virus threat

    01/02/2006 3:54:03 PM PST · by Swordmaker · 204 replies · 7,105+ views
    Financial Times via Drudge ^ | January 2 2006 18:18 | By Kevin Allison in San Francisco
    Computer security experts were grappling with the threat of a newweakness in Microsofts Windows operating system that could put hundreds of millions of PCs at risk of infection by spyware or viruses. The news marks the latest security setback for Microsoft, the worlds biggest software company, whose Windows operating system is a favourite target for hackers. The potential [security threat] is huge, said Mikko Hyppnen, chief research officer at F-Secure, an antivirus company. Its probably bigger than for any other vulnerability weve seen. Any version of Windows is vulnerable right now. The flaw, which allows hackers to infect computers using...
  • Worm hole found in Windows 2000

    08/04/2005 6:09:10 AM PDT · by ShadowAce · 56 replies · 1,518+ views
    CNet ^ | 3 August 2005 | Dawn Kawamoto
    A serious flaw has been discovered in a core component of Windows 2000, with no possible work-around until it gets fixed, a security company said. The vulnerability in Microsoft's operating system could enable remote intruders to enter a PC via its Internet Protocol address, Marc Maiffret, chief hacking officer at eEye Digital Security, said on Wednesday. As no action on the part of the computer user is required, the flaw could easily be exploited to create a worm attack, he noted. What may be particularly problematic with this unpatched security hole is that a work-around is unlikely, he said. "You...
  • Windows flaw reaches beyond XP [Remote crash attack.]

    07/18/2005 4:38:07 PM PDT · by familyop · 23 replies · 1,278+ views
    CNET by way of ZDNet ^ | 18JUL05 | Joris Evers
    A security flaw that could let an attacker remotely crash computers running Windows exists in several versions of the operating system, not just Windows XP. Windows 2000, Windows XP and Windows Server 2003 are vulnerable to a denial-of-service attack that exploits a problem in the Remote Desktop Protocol, Microsoft said in an advisory on Saturday. RDP is a protocol that enables remote access to Windows systems. Because of a flaw in the way Windows handles remote desktop requests, an attacker could crash a PC by sending a malformed remote request, Microsoft said. The advisory was released after the security researcher...

    07/15/2005 1:28:05 PM PDT · by Robert Drobot · 34 replies · 1,290+ views
    CNEWS ^ | 15 July 2005 | Joe McDonald
    BEIJING (AP) - A Chinese general said Beijing might respond with nuclear weapons if the United States attacked China in a conflict over Taiwan, news reports said Friday. While the general has no policy-making role in China, his comments could add to tensions with Washington at a time of U.S. worries about China's military buildup and the proposed takeover of the oil company Unocal Corp. by a Chinese state-run company. "If the Americans draw their missiles and position-guided ammunition into the target zone on China's territory, I think we will have to respond with nuclear weapons," Maj.-Gen. Zhu Chenghu, a...
  • IT'S THE TERRORISM - (suicide bombings inevitably coming to the United States!)

    07/13/2005 4:09:29 PM PDT · by CHARLITE · 15 replies · 911+ views
    Save for the 9/11 attacks that leveled the World Trade Center, the United States has not had to confront the reality of suicide bombings. But for how much longer? If Americans fail to halt the partisan ankle-biting that has come to characterize most discussions of the War on Terror, and instead present a united front to the world, they will soon find out. That Saddam Hussein's Iraq was a key element in the worldwide terrorist network of which Osama bin Laden and al Qaeda were the kingpins is largely now beyond dispute. Stephen F. Hayes and Thomas Joscelyn, writing in...
  • Islamic Jihadists Send Us a Reminder - (to be taken with the utmost seriousness; this IS war!)

    07/09/2005 6:23:12 PM PDT · by CHARLITE · 10 replies · 593+ views
    If anyone still thinks that the worldwide Islamic Jihad is going to go away simply because we have had some success in Afghanistan and are paving the way for a democratic government in Iraq, the attack in London as the G-8 meeting was to convene should dispel such notions. Most revealing was the G-8 agenda, devoted to so-called global warming and forgiving African debt, two examples of wishful thinking based on neither scientific, nor economic evidence either would accomplish anything. More to the point, the Islamic Jihadists took the opportunity to remind us who and what the real enemy is....
  • Will we Segway into oblivion? - (eye opening report on misuse of Homeland Security funds)

    04/14/2005 6:59:08 PM PDT · by CHARLITE · 37 replies · 939+ views
    Tax Day is a good time to take a hard look at the way government spends your tax dollars - if you have the stomach for it. Since Sept. 11, 2001, Congress has poured nearly $6 billion into homeland security, and this year's $1.7 billion appropriation represents a 306 percent increase over last year's. But Congress has also ignored the 9/11 Commission's recommendation to use this colossal sum primarily to protect the nation's most vulnerable and strategic targets - including Washington. Instead, hundreds of millions of dollars have been squandered on political pork, according to House Homeland Security Committee Chairman...
  • Symantec (Norton) details flaws in its antivirus software

    03/30/2005 9:50:57 AM PST · by holymoly · 36 replies · 1,623+ views
    Symantec has reported glitches in its antivirus software that could allow hackers to launch denial-of-service attacks on computers running the applications. In a notice posted on its Web site this week, Symantec detailed two similar vulnerabilities found in its Norton AntiVirus software, which is sold on its own or bundled in Norton Internet Security and Norton System Works. The flaws, which could lead to computers crashing or slowing severely if attacked, are limited to versions of the software released for 2004 and 2005. The Information-Technology Promotion Agency of Japan, a government-affiliated tech watchdog group, identified the first instance of the...
  • Phishers (misnomer) target Microsoft security initiative

    02/07/2005 11:01:51 AM PST · by holymoly · 1 replies · 447+ views
    ComputerWeekly ^ | Monday 7 February 2005 | Antony Savvas
    Phishers are taking advantage of Microsofts new software anti-piracy initiative by launching a wave of phishing e-mails in an attempt to get credit card numbers from Microsoft customers. The rogue e-mails also allow phishers to install spyware and adware on users machines. Last month Microsoft said it would not allow users in some countries install software updates online unless they could prove that their Microsoft software was legitimate. Security company Websense said it has received several reports of two new versions of spoofed e-mails that are being used to install spyware/adware onto end-user's machines and steal credit card details. The...
  • Proposition 200 and Mexico's War on Arizona

    02/04/2005 8:52:37 PM PST · by CHARLITE · 76 replies · 1,446+ views
    By far the most dramatic menace to this nations future and safety emanates from the cauldrons of Islamist extremism. But Americans are also in danger of losing their country on another front. A far larger incursion into the American homeland is being carried out via its southern border. Though an ongoing problem for many years, its instigators now apparently believe they are ready to take their attack to the next level. During a January 28 radio interview, Mexican Foreign Secretary Luis Ernesto Derbez has threatened the State of Arizona with legal action through the international courts in order to overturn...
  • Expert: Flaw still dogs Windows patch

    01/24/2005 5:32:12 PM PST · by holymoly · 30 replies · 769+ views
    C|Net News ^ | January 24, 2005 | Matt Hines
    Antivirus specialist GeCad Net is warning that it has found a problem with Microsoft's most recent software patch for Windows. The Bucharest, Romania-based security service provider said that a critical patch issued by Microsoft in its MS05-001 bulletin earlier this month fails to resolve all of the security issues surrounding the HTML Help ActiveX control in Windows. Microsoft distributed the fix, along with additional security updates, to address the threat of attackers placing and executing malicious programs such as spyware on affected computers. GeCad, which sold its antivirus software business to Microsoft in 2003, said that the patch has not...
  • Windows Media Player Vulnerability Info (MUST READ!!!)

    12/31/2004 3:14:06 AM PST · by goldstategop · 65 replies · 3,523+ views
    Spyware Warrior Blog ^ | 12/31/04 | Eric L. Howes
    Hi All: PC World has a pair of articles about a potentially dangerous new development on the spyware/adware front: WMA (Windows Media) files being used to install adware and spyware. See: Risk Your PCs Health for a Song?,aid,119016,00.asp Protect Yourself From Audio Adware,aid,119063,00.asp In short, the well-known copyright management/protection firm Overpeer has figured out how to install adware through Windows Media files. The technique exploits features of the Windows Media DRM functionality to launch special Internet Explorer windows that display popup ads and that also attempt to download and install adware/spyware. This happens when the user opens the...

    10/28/2004 9:06:22 PM PDT · by CHARLITE · 7 replies · 410+ views
    October 26, 2004 - There is one thing John Kerry is consistent on: his propensity for manipulating the truth. From Vietnam to the floor of the senate to the halls of the United Nations, Kerry has stretched and exaggerated to create the truth and has done so without compunction. His latest over the top invention is his two-hour meeting with the entire UN Security Council. The crafting of this tale should tarnish his image in the eyes of his supporters, if not we should consider their intelligence highly suspect. Throughout his campaign he has embraced the mantra Bush lied. Starting...
  • John F. Kerry's Worst Nightmare

    10/25/2004 12:09:49 AM PDT · by Seaplaner · 43 replies · 2,384+ views
    NewsMax ^ | Monday, Oct. 18, 2004 | Geoff Metcalf
    The growing conventional wisdom (in military circles) is that Kerry GOT a discharge but it was other than honorable. He subsequently got Clinton to sign the fix in 2001.
  • Call for Voter-System Research and Reform, Warning of Broad Vulnerability

    09/22/2004 3:33:25 AM PDT · by Teflonic · 144+ views
    AAAS ^ | 21 September 2004 | Peter Gwynne
    Experts Convened by AAAS Call for Voter-System Research and Reform, Warning of Broad Vulnerability A panel of top experts on election technology and administration warned Tuesday that the American system of voting is broadly vulnerable to error and abuse, and called for a crash-course of study and reform to make results more reliable and to promote better access by voters, especially those who have historically encountered serious impediments to exercising their right to vote. In findings released after a weekend conference convened by AAAS, the 18-member panel concluded that research into new voting technology and the behavior of voters, election...