Over 1 million tech questions and answers.

Internet Flaw

Q: Internet Flaw

Alright, let the rant begin:
 
A month back, Comcast backstabbed us and gave us <1 Mbps, when we were paying for 40+ Mbps. After three different routers and three different tech support guys came over, we "solved" the problem. Only not really.
It seems everywhere else the internet is fine. On this computer though (HP Pavilion p7-1534 PC, running Windows 8) it's anything but fine. The problem is that the connection randomly drops and says "Limited" in the Networks panel. I can reconnect immediately, but I play Wizard101 and once you lose connection for the slightest second, you have to restart the entire program (Which takes close to a minute). It has also been bothering other users of this computer.
 
Another odd thing is that, when I try to check the "Connect Automatically" box, and we lose connection again, the box NEVER stays checked. Even weirder, ALL of the other networks in my area have the "Connect Automatically" box checked. I think this may be part of the problem.
 
I am an avid hater of Windows 8 because nothing seems to work, including this. The internet was working fine until Comcast backstabbed us, but now I think it is just the computer.
 
Any ideas how to solve this? I am getting REALLY tired of it.
Thanks in advance for any help.
 
One more thing: We have no bandwidth problems, it just randomly dorps. My parents are considering buying a booster, would that solve the problem?

RELEVANCY SCORE 200
Preferred Solution: Internet Flaw

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Internet Flaw

 
 
It seems everywhere else the internet is fine. On this computer though (HP Pavilion p7-1534 PC, running Windows 8) it's anything but fine. The problem is that the connection randomly drops and says "Limited" in the Networks panel. I can reconnect immediately, but I play Wizard101 and once you lose connection for the slightest second, you have to restart the entire program (Which takes close to a minute). It has also been bothering other users of this computer.
 
Any ideas how to solve this? I am getting REALLY tired of it.
Thanks in advance for any help.
 
One more thing: We have no bandwidth problems, it just randomly dorps. My parents are considering buying a booster, would that solve the problem?
 

Try replacing the network cable for that computer if that doesn't resolve the issue. Then next thing you can do is to try to do a system restore/ or update your Ethernet adapter drivers.

Read other 4 answers
RELEVANCY SCORE 49.6

About this flaw mentioned in the following articles:

New Web Attack Exploits Unpatched IE Flaw
Robert McMillan, IDG News Service
Dec 9, 2008 8:20 am
http://www.pcworld.com/article/155190/new_web_attack_exploits_unpatched_ie_flaw.html

Microsoft Security Advisory (961051)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
Published: December 10, 2008 | Updated: December 13, 2008
http://www.microsoft.com/technet/security/advisory/961051.mspx

Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer. Our investigation so far has shown that these attacks are only against Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008.Click to expand...

Question:
I am using IE7 and Windows Vista, does the security update KB958215 fix the above IE7 zero day flaw on Windows Vista?

Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB958215)
http://go.microsoft.com/fwlink/?LinkId=133437

Thanks.
 

A:Internet Explorer 7 zero-day flaw

Read other 13 answers
RELEVANCY SCORE 49.6

Computer industry heavyweights are hustling to fix a flaw in the foundation of the Internet that would let hackers control traffic on the World Wide Web..."It's a very fundamental issue with how the entire addressing scheme of the Internet works," Securosis analyst Rich Mogul said in a media conference call."You'd have the Internet, but it wouldn't be the Internet you expect. (Hackers) would control everything."breitbart.com

Read other answers
RELEVANCY SCORE 49.2

sorry for the caps, now im a firefox users, but i found this out on yahoo, Even thou im not a IE user,i thought you guys should be warned..
http://tech.yahoo.com/blogs/null/111811

Read other answers
RELEVANCY SCORE 49.2

Overview:It has been discovered that an adware purveyor has leveraged two security flaws (one of which was previously undetected, a "zero day") in Microsoft's Internet Explorer browser to surreptitiously install a toolbar on victims' computers that triggers pop-up adsAdditionally, as a public service to the network security community, eEye Digital Security has developed utilities to assist with the remediation of the flaws these attacks are leveraging. To download these tools please visit:http://www.eeye.com/html/research/alerts/AL20040610.html

Read other answers
RELEVANCY SCORE 49.2

A flaw that was discovered in Internet Explorer 6 months ago was determined to be more critical that originally thought. http://www.security.ithub.com/article/Unpa...d/166164_1.aspxTo keep yourself safe from this security flaw, disable active scripting for untrusted sites.

Read other answers
RELEVANCY SCORE 48.8

I just read this article on IE having a major security issue and I have to say it makes me very concerned. They say to use Firefox, Chrome, or Opera. Are these really secure?Which is the best one?Here is the article: http://tech.yahoo.com/blogs/null/111811Thanks

A:Major flaw revealed in Internet Explorer

IE has always been targeted by hackers and malware programmers because it has the lion's share of the browser market and will cause the most disruption (just as they like it) This makes vulnerabilities look worse than they are.

I think there is a general move to recommend alternative browsers such as Firefox or Opera because of this and there is certainly no big reason to stick with IE other than familiarity.

My advice is to try FF or Opera (or Chrome, though this is still in the early stages) and see what you think. The basic features are similar in style and use so it isn't a big step.

Of course, If (or some people would say, when) FF overtakes IE and the malware developers switch their attention to another browser they may decide to offer advice the other way

Read other 4 answers
RELEVANCY SCORE 47.6

Researchers at computer giant HP have published exploit code that can be used to attack a weakness in Internet Explorer, after Microsoft refused to issue a patch.In a blog post, Dustin Childs, HP senior security content developer, said the move to publish the flaw was not out of "spite or malice," but was in accordance with its own disclosure policy.
 
The bug allows an attacker to bypass Address Space Layout Randomization (ASLR), which acts as one of the many lines of defense in the popular browser. But the flaw only affects 32-bit systems, which the HP researchers said still affects millions of systems, even if many systems nowadays are 64-bit.
 

Article

A:Exploit code released for unpatched Internet Explorer flaw

John...I always err on the side of providing folks with more info rather than less. So good for HP and their policy.

Read other 1 answers
RELEVANCY SCORE 47.2

A couple of weeks ago I installed Windows 8 (fresh install from scratch, not an update) on my computer. I do a lot of web browsing and over the last couple of weeks I've been using Windows 8, I could swear the web browsing wasn't as fast at it used to be on Windows 7.
I then noticed I was having major issues bringing up my router's control panel (ASUS RT-N56U) so thinking it was my router I upgraded the firmware. Turned out, the Avast Anti-Virus I was running has issues with Windows 8. I removed AVAST and turned on Windows Defender (which in Windows 8 is also an anti-virus program now referred to MSE - Miscrosoft Security Essentials). MSE has gotten fairly good reviews so I decided to use it, for maximum compatibility with Windows 8.

However, although the router control panel would now come up okay, browsing still seemed to not be quite as fast as it used to be. I sat down at the old 5-year old Dell Desktop next to me that is running Windows 7, both computers were connected to the router via Gigabit Ethernet. I tested network speeds with Speedtest.net to make sure they were both getting the same Internet speeds (which they were.) I found a couple 'heavy' web pages to test:

www.epicurious.com (home page)
sports.yahoo.com (home page)

The browsing was MUCH faster on the Windows 7 machine!! So I decided to do more of a controlled test.

The Samsung Notebook is a Series 6 Core i5 with 6GB RAM and 64GB SSD running Win 8 Pro 64-bit. Windows Experience sco... Read more

A:Windows 8 Flaw? Slow Web Browsing Chrome, Firefox, IE, Internet Problem?

Read other 6 answers
RELEVANCY SCORE 46.8

Microsoft has issued an emergency update to patch a critical vulnerability that affects all supported versions of Internet Explorer. If you haven't already installed the fix, it's recommended that you do so ASAP as hackers are said to be actively...

Read more
 

A:Microsoft rolls out emergency fix for critical flaw affecting all versions of Internet Explorer

Do NOT install the recommended updates. M$ has secretly hidden an nVIDIA driver there. None of the recommended updates' details say ANYTHING about any of them being a display driver or driver for that matter. After a restart, it even went as far as turning DSR on GLOBALLY (2.00x) and after trying to uninstall the driver and everything with it (physx, 3D etc) the end result was nothing named nVIDIA was in add/remove or Revo Uninstaller.

I did a Clean Custom Install (driver and PhysX only) of the same driver and the proper entries are installed and showing in add/remove.

I have not had a single graphics driver appear in Windows Update until today. Something really freaking fishy is going on. I am running Windows 8.1.
 

Read other 7 answers
RELEVANCY SCORE 46

A couple of weeks ago I installed Windows 8 (fresh install from scratch, not an update) on my computer. I do a lot of web browsing and over the last couple of weeks I've been using Windows 8, I could swear the web browsing wasn't as fast at it used to be on Windows 7.
I then noticed I was having major issues bringing up my router's control panel (ASUS RT-N56U) so thinking it was my router I upgraded the firmware. Turned out, the Avast Anti-Virus I was running has issues with Windows 8. I removed AVAST and turned on Windows Defender (which in Windows 8 is also an anti-virus program now referred to MSE - Miscrosoft Security Essentials). MSE has gotten fairly good reviews so I decided to use it, for maximum compatibility with Windows 8.

However, although the router control panel would now come up okay, browsing still seemed to not be quite as fast as it used to be. I sat down at the old 5-year old Dell Desktop next to me that is running Windows 7, both computers were connected to the router via Gigabit Ethernet. I tested network speeds with Speedtest.net to make sure they were both getting the same Internet speeds (which they were.) I found a couple 'heavy' web pages to test:

Epicurious.com: Recipes, Menus, Cooking Articles & Food Guides (home page)
sports.yahoo.com (home page)

The browsing was MUCH faster on the Windows 7 machine!! So I decided to do more of a controlled test.

The Samsung Notebook is a Series 6 Core i5 with 6GB RAM and 64GB SSD running... Read more

Read other answers
RELEVANCY SCORE 36.4

Zero day IE7 security flaw:

http://threatpost.com/en_us/blogs/new-zero-day-flaw-discovered-ie7-112209
 

Read other answers
RELEVANCY SCORE 36.4

Microsoft Corp., a worldwide leader in operating systems and Internet technologies, announced that it has found a major flaw in Windows XP operating system that is related to the JPEG image format.

An attacker could infiltrate the user's computer by tricking the user into opening a specially coded JPEG file. Microsoft has released a patch and a specialized tool that will scan for the aforementioned vulnerability. The software giant stated that this flaw does not affect users with Windows XP Service Pack 2.

The flaw affects Windows XP, Windows 2003 Server Edition, and later versions of Microsoft Office. Some users with older Microsoft operating systems may also be affected only if they are running specialized image editing software such as Digital Image Pro and Visio 2002.

Here is a link to a plethora of information on this flaw.
 

A:Another Flaw With MS?

Deke said:

The software giant stated that this flaw does not affect users with Windows XP Service Pack 2. Click to expand...

So the moral is - get SP2 !
 

Read other 1 answers
RELEVANCY SCORE 36.4

I found it in my startup through msconfig. I have no idea what it is.
Loads from the c:\docume~1\admini~1\applic~1\find01~1\dvd flaw.exe

A:Dvd Flaw.exe What Is It?

to BC easye35Googling on this name came up empty. The single flaw.exe was reckognized as malware. If you do CTRL ALT DEL do you see it running under processes?Please downloadProcessExplorer and see where it is refering to by selecting the process and post it here

Read other 4 answers
RELEVANCY SCORE 36.4

A German mathematician called Martin von Gagern found a bug in GnuTLS , an open-source library that implements TLS...http://www.malwarecity.com/blog/devil-in-t...etails-287.html

Read other answers
RELEVANCY SCORE 36

Lately ...
Many things I try to do, I get a popup notice that this contains a security flaw .. Do I want to continue ???

Is this because I've installed XP SP3 ??
 

A:Security Flaw

Read other 8 answers
RELEVANCY SCORE 36

Found this today.

"New Windows zero-day flaw bypasses UAC"
http://www.informationweek.com/shar...ZW0ACXQE1GHPCKHWATMY32JVN?articleID=228400132
 

A:New Zero-Day Flaw Bypasses UAC

good read
 

Read other 1 answers
RELEVANCY SCORE 36

Here's another beauty - JavaVM is at it again
Flaw in Microsoft VM JDBC Classes Could Allow Code Execution (Q329077)
http://www.microsoft.com/technet/security/bulletin/MS02-052.asp

------
Just noticed it's been rolled into the security post at the top - mod should delete this one.
 

A:JavaVM flaw

That's ok, the additional heads-up can't hurt. They really should provide another download link for the patch other than the update site, as not everyone can get there; it's not on any of their other download sites yet that I can see.
 

Read other 1 answers
RELEVANCY SCORE 36

I think I've found a major flaw in the audio systems for Windows 7. I'm not sure if it could just be my computer, but it's quite annoying, since I change audio ports a lot for recording.

What happens is if I change my Sound out -> Headphones/Speakers port to the other one like lets say from Headphone port (front) to the Speakers port (back) all my sounds will completely cut out, and Windows will begin to lag until I restart my computer. In iTunes, if I try to play a song at this point, iTunes will either lock up or refuse to play the song.

I am running Windows 7 Home Premium 64-bit.
My sound card is a Realtek HD Integrated Audio Chipset.

A:Major Flaw? (Win 7)

Do you have the latest drivers for your sound card?

Read other 5 answers
RELEVANCY SCORE 36

Microsoft is investigating a new flaw in the Windows operating system but didn't provide details on their Security Response Center Blog....we?re looking into new public proof of concept code around a possible vulnerability in Microsoft Windows. So far we?re not aware of any attacks attempting to use vulnerability or any customer impact, but we wanted to let everyone know we?re investigating.What we know at the moment is that the vulnerability can be attacked through Internet Explorer and requires user interaction on the page before the attack can occur...blogs.technet.com

A:Another Windows Flaw

Astronaut: Houston we have a problem...

Houston: What is it?

Astronaut: We can't tell you.

Houston: Why not?

Astronaut: Because it hasn't occured yet...

Houston: Then how do you know it will happen?

Astronaut: We saw some code laying around...

Houston: So.. we always have sloppy work

Astronaut: Correct, however, this is leading to an "unknown" problem...

laymans terms of what Microsoft is doing.

Read other 1 answers
RELEVANCY SCORE 36

MyNetscape

Sunday, Sept. 1, 2002
Security Flaw Found in Microsoft Web Browser
SAN FRANCISCO (Reuters) - Security researchers on Monday
said they have found serious flaws in Microsoft Corp.'s
Internet Explorer browser and in PGP, a widely used data
scrambling program, that could expose credit card and other
sensitive information of Internet users.
The Internet Explorer (IE) problem has been around for at
least five years and could allow an attacker to intercept
personal data when a user is making a purchase or providing
information for e-commerce purposes, said Mike Benham, an
independent security researcher based in San Francisco.
"If you ever typed in credit card information to an SSL
site there's a chance that somebody intercepted it," he added.
Internet Explorer fails to check the validity of digital
certificates used to prove the identity of Web sites, allowing
for an "undetected, man in the middle attack," he said.
Digital certificates are typically issued by trusted
certificate authorities, such as VeriSign Inc., and used by Web
sites in conjunction with the Secure Sockets Layer (SSL)
protocol for encryption and authentication.
Anyone with a valid digital certificate for any Web site
can generate a valid certificate for any other Web site,
according to Benham.
"I would consider this to be incredibly severe," he added.
Cryptography expert Bruce Schneier agreed.
"This is one of the worst cryptographic vulnerabilities
... Read more

Read other answers
RELEVANCY SCORE 36

See: http://www.eweek.com/article2/0,1895,1850357,00.asp
'Killbit' Workaround for Zero-Day IE Flaw Available <-- DO NOT USE!!!!!!!!!

Note: Use Microsoft pre-patch workaround instead!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

The utility sets the "killbit" for Msddds.dll (Microsoft DDS Library Shape Control), the COM object that can cause browser crashes—and remote code execution—via specially crafted Web pages.

Once the "killbit" is set to prevent the use of Msdds.dll as an ActiveX, all applications that use the COM object utility will break.

Microsoft has already issued an advisory confirming the severity of the flaw and providing pre-patch workaround to help block known attack vectors. See advisory here:
http://www.microsoft.com/technet/security/advisory/906267.mspx

-- Tom
 

Read other answers
RELEVANCY SCORE 35.6

I'm using this mobo

http://www.giga-byte.com/MotherBoard/Products/Products_8S648FXP-RZ.htm#

It currently runs a Pentium 4 3.2Ghtz Prescott socket 478,
and 1 GB (2 X 512) PC 3200 OCZ brand memory.

It originally had a Geforce FX5700LE but I went online and bought a 7800GS AGP to upgrade it.

To my dissapointment, I cannot succesfully install the video card because the close proximity of the memory slots makes it impossible to seat the card in the AGP slot ( as you can see in the picture), and the large size of the 7800GS.

I'm so sad now, I have to get a new mobo

edit: The picture is actually false, the securing clips on my mobo extend to the middle portion of the AGP slot and that's the problem.
 

Read other answers
RELEVANCY SCORE 35.6

Adobe patches flaw in graphics tools
CNET News.com

A security flaw in Adobe Systems' popular graphics design software could allow an unauthorized user to change certain program files, the software maker said Thursday. The problem affects Adobe Creative Suite 2, Adobe Photoshop CS2 and Adobe Illustrator CS2 and occurs when the applications are run in shared, multiuser installations, according to an Adobe security advisory.

"If exploited, this vulnerability could allow a hostile user to replace these program files with malicious or harmful code that could read, write, or destroy sensitive data if subsequently run by a privileged user," Adobe said. The company rates the issue "important" and has updates http://www.adobe.com/support/techdocs/332644.html available to correct the security problem. It recommends that customers using CS2 products on shared systems, running either Microsoft Windows or Mac OS, apply these updates.
 

Read other answers
RELEVANCY SCORE 35.6

Secure USB Flaw Exposed.

USBs go under the microscope as vulnerability discovered in Sandisk secure USB leads to recall of other vendor's products

-- Tom
 

Read other answers
RELEVANCY SCORE 35.6

From the Business Insider:

Flaw in Micosoft's strategy.

Microsoft's strategy for Windows 10 hinges on what it calls "Universal Windows Apps",
or "it runs the same on every platform".

Issues:

1) developers have no real reason to build Universal Windows Apps.
2) legacy apps run just fine, so why reinvent just for mobile devices?
3) lack of win/10 adoption (so far)
4) lack of Windows Phone market share
5) existing successful mobile apps were never deployed on desktops, so migration is not an incitement.
6) the Universal App has restrictive APIs
7) the coup de gras; many successful applications are agnostic to the Windows PC.

See the original article for details here.
 

Read other answers
RELEVANCY SCORE 35.6

Came across this article while searching for something totally unrelated.

For password manager users, have a read.

Part of article:




it is revealed that this password manager is at risk of a nasty phishing vulnerability. The author, Sean Cassidy, has published details about what he has dubbed 'LostPass'.
"I have discovered a phishing attack against LastPass that allows an attacker to steal a LastPass user's email, password, and even two-factor auth code, giving full access to all passwords and documents stored in LastPass. I call this attack LostPass. The code is available via Github. LostPass works because LastPass displays messages in the browser that attackers can fake. Users can't tell the difference between a fake LostPass message and the real thing because there is no difference. It's pixel-for-pixel the same notification and login screen", says Sean Cassidy, CTO, Praesidio.

Cassidy further explains, "a few months ago, LastPass displayed a message on my browser that my session had expired and I needed to log in again. I hadn't used LastPass in a few hours, and hadn't done anything that would have caused me to be logged out. When I went to click the notification, I realized something: it was displaying this in the browser viewport. An attacker could have drawn this notification".Click to expand...

Full article:
LastPass has serious flaw called 'LostPass' -- your passwords and more are at ri... Read more

A:LastPass flaw article

Never been fond of LastPass, however such exploits are actually... rather expected, for web-based applications.
As I said, never being intrigued by LastPass, I have been using KeePass. It sure also must have its weaknesses, but the fact that it's offline is a plus and it adds to the overall security for storing passwords.

Anyway, if this is security flaw is as serious as the author suggests, then I'm pretty sure the LastPass developers are bound to prepare and push out patches to address it sooner or later, if they haven't done it already. They were pretty frantic about a "breach" in their servers in their past, even though it didn't result in the compromise of any users' credentials.
This case however, seems to be of much more critical nature, since, as described in the author, it is quite possible for the phishing attack to be carried out successfully.
 

Read other 15 answers
RELEVANCY SCORE 35.6

This is a minor quirk I've lived with for years on my XO PC but it's become worse in Win 10.

My Ilyama Prolite E2403WS 24" monitor is set to its recommended resolution of 1920 x 1200, and naturally that's supposed to be located at (0,0). But in XP it was always at (-4,-4) and its size was 1928 x 1208. In Win 10 it's at (-8,-8) and size is 1936 x 1216.

Any thoughts on the undelying cause please? And - although I'm very doubtful after my research - a possible cure?

--
Terry, East Grinstead, UK

Read other answers
RELEVANCY SCORE 35.6

Don't know if this belongs here or not.
IE Flaw 'extremely critical'

This one goes to 11
By Nick Farrell: Martes 29 Noviembre 2005, 08:32

AN UNPATCHED vulnerability on Internet Explorer is so bad that security expert Secunia has had to add a new category of danger to its rating system.
Instead of being just critical, Secunia says that the unpatched hole is now 'extremely critical' which means that Microsoft were extremely stupid to sit on it for six months.

To be fair to Vole, even Secunia just thought the flaw would only create a denial of service vulnerability when they discovered it in March. DoS vulnerabilities are pretty much ten a penny. However the flaw is caused when IE fails to correctly initialize the JavaScript "Window()" function, when used in conjunction with a event. This means that Internet Explorer encounters an exception when trying to call a dereferenced 32-bit address located in ECX.

However, now S. Pearson, of computerterrorism.com, has worked out that if a Javascript prompt box was of the right size and form to allow the insertion of custom shellcode a remote attacker can execute arbitrary code embedded into an otherwise normal looking Web page.

You can have a look at it in action at www. computerterrorism.com].

There is more on the turning of the screw, here. µ

http://www.theinquirer.net/?article=27992
For more, click here.
 

Read other answers
RELEVANCY SCORE 35.6

http://news.yahoo.com/s/pcworld/120756

A:Security Flaw in Firefox

ok. i havn't added any trusted sites to my list but am i still at risk? and how can this be patched?

Read other 19 answers
RELEVANCY SCORE 35.6

A lot of members in here seem to be praising 360 IS and TS. But 360 suffers from a huge flaw. This flaw has been around for over 6 months and 360 seems to be refusing to address it. With every new version this huge problem is not corrected. I have about 6 emails with 360 support and they are aware of this issue. What is the issue you may ask? 360 products do not work in a standard user account. You can install and run 360 IS or TS in an Admin account perfectly fine. Log out and login in under a standard account and the account is unprotected. You can try all day long to force it to start and it will not work. So think again before recommending and praising 360. Never mind that TS comes with features that are completely and totally unnecessary to any security product. Avast is a far superior free security solution and Eset is a top notch paid product. No reason to start an argument either. I can copy and paste the emails from 360 support. Anyone can duplicate this flaw also.

Another thing. 360 China version and this new 360 TS version are completely different. AVC and AV Test.org are testing 360 China. Not 360 TS Free.
 

A:Huge Flaw (Qihoo 360 )

Interesting post, would be great if you could post those emails to and from support (obviously blanking any personal info). Obviously this is a pretty serious claim. If anybody on the forums can verify this, please give me a PM
 

Read other 54 answers
RELEVANCY SCORE 35.6

Intel chip flaw--but what of it?.

...
"This is the scariest, stealthiest, and most dangerous exploit I've seen come around since the legendary Blue Pill!," writes Jamey Heary in a Network World blog. He is a consulting systems engineer for Cisco Systems.
Click to expand...

-- Tom
 

Read other answers
RELEVANCY SCORE 35.6

Not sure if this the best place for this but sure needs to be looked into!
 
http://community.spiceworks.com/topic/1343923-devastating-flaw-found-in-windows-authentication-system?utm_campaign=digest&utm_medium=email&utm_source=digest&utme=topic+featured

A:Devastating flaw in Windows

You left off the quote marks around "devastating", and the question mark at the end of the sentence. Then there's this comment on the article:
 
"There is nothing new in that blog post. All the author has done is gather information from other sources (linked at the bottom of his post) and put it together in a nice article. It's El Reg that's tossing around words like "devastating". In fact, dfirblog goes into great detail about how the attack works and - more to the point - how to detect it on your network. 

Changing KEBTGT's password is trivial using the provided script, which, incidentally, was published in February. Honestly: Should we be that surprised to find that a Bad Guy that's gained access to a network can do Bad Things? 
C'mon, kids. Read the articles before crying foul. We're supposed to be better than that."
 

 

Read other 5 answers
RELEVANCY SCORE 35.6

http://blogs.pcmag.com/securitywatch/2009/07/new_critical_zero-day_vulnerab.php
 

A:FireFox 3.5 Zero day security flaw

Nobody's perfect...
IE7 user
 

Read other 2 answers
RELEVANCY SCORE 35.6

On my old XP laptop I was able to come back from "sleep/stand by" and had to re-enter my log in information. I set up my new laptop, an HP X16-1044nr 64 bit Vista to do the same. What I found was that if I left an internet website page open and it went into stand-by, hitting any key; the system doesn’t produce the security log in window. Thus leaving my system vulnerable for anyone to use should I forget and leave a page open. I now make sure I close every window but that’s disturbing. Thanks in advance.
 

Read other answers
RELEVANCY SCORE 35.6

...Called XSS fragmentation, the vulnerability consists of multiple chunks, or fragments, of JavaScript malware that can slip by a filter or firewall because individually they don't constitute a security risk. But when they are combined after hitting the site, they can then be dangerous.XSS fragmentation is rare, but a potentially powerful vulnerability that could be used against community-based sites such as MySpace or Web-based mail systems...MySpace in particular is vulnerable because it takes user-supplied content and stores it without adequate filtering...darkreading.com

Read other answers
RELEVANCY SCORE 35.6

Microsoft Admits Flaw in Windows Software
By TED BRIDIS
AP Technology Writer
WASHINGTON

Microsoft Corp. acknowledged a critical vulnerability Wednesday in nearly all versions of its flagship Windows operating system software, the first such design flaw to affect its latest Windows Server 2003 software.

Microsoft said the vulnerability could allow hackers to seize control of a victim's Windows computer over the Internet, stealing data, deleting files or eavesdropping on e-mails. The company urged customers to immediately apply a free software repairing patch available from Microsoft's Web site.

The disclosure was unusually embarrassing for Microsoft because it demonstrated the first such serious flaw in the company's powerful new computer server software, billed as its safest ever.

The software is aimed at large corporate customers and was the first product sold under a high-profile "Trustworthy Computing" initiative organized last year by Microsoft founder Bill Gates.

At the product's launch in late April, Microsoft Chief Executive Steve Ballmer declared the new version of Windows to be a "breakthrough in terms of what it means, in terms of its built-in security and reliability."

The flaw, discovered by researchers in western Poland, also affected Windows versions popular among home users.

"This is one of the worst Windows vulnerabilities ever," said Marc Maiffret, an executive at eEye Digital Security Inc. of Aliso ... Read more

A:Widows Security Flaw

Go to Windows Update and get the fix.
 

Read other 2 answers
RELEVANCY SCORE 35.6

A critical flaw that can be easily dealt with. >f
---------------------------------------------------------------------------------------------

Firefox has a password flaw
The Internet browser Firefox 2 has a problem with its "password manager" that could allow a hacker to obtain usernames and passwords from Firefox users, Newsfactor.com reports.

The Mozilla Foundation, which maintains Firefox's code, has acknowledged the problem. It has an extensive discussion going on here about what it calls "bug #360 493."

According to Newsfactor, the same problem could affect Internet Explorer as well.

Newsfactor also reports that "neither Mozilla nor Microsoft has released a patch for the problem, but users can avoid (the) attacks simply by disabling their browsers' autosave features for usernames and passwords. In Firefox, the feature is found in the 'Options' window under the 'Tools' menu.

"Mozilla has indicated that it plans a fix in Firefox version 2.0.0.1 or 2.0.0.2."

http://blogs.usatoday.com/ondeadline/2006/11/firefox_has_a_p.html
 

A:Firefox password flaw

Read other 10 answers
RELEVANCY SCORE 35.6

In an advisory released Wednesday July 10, Thor Larholm, a security researcher and partner at risk-assessment company PivX Solutions, warned that HTML objects embedded in Web pages and e-mails could carry code that allows an attacker to check out victims' cookie files, read their documents, and execute programs on their computer.

The bug, known as a cross-domain scripting flaw, was discovered on June 25, and information about it has been posted on several security lists since then. Larholm also informed Microsoft of the bug the day it was discovered.

To repair the current problem, Larholm recommended that users disable ActiveX in the security settings for Internet Explorer, or run IE and Outlook in "Restricted" mode, at least until Microsoft releases a patch.

Microsoft said a patch will be available soon.

http://news.com.com/2100-1001-942980.html?tag=fd_top

DS
 

Read other answers
RELEVANCY SCORE 35.6

Serious security flaw found in IE [bbc]

As many as 10,000 websites have been compromised since last week to take advantage of the security flaw, said antivirus software maker Trend Micro. Click to expand...

I don't want to go on a rant here but the IE team at Microsoft has caused so many problems for so many people, from users to web developers.

Anybody who is currently a user of IE really should take a look at alternate browsers (Firefox, Opera, Safari).
 

A:Serious security flaw found in IE

Read other 16 answers
RELEVANCY SCORE 35.6

9 March 2007A serious flaw was found in opensource encryption software GNU Privacy Guard (GPG).It allows a cybercriminal to launch a phishing attack. The flaw allows to insert text in trusted e-mail. Ivan Arce from Core Security, who discovered the vulnerability says attacker can insert malware or lead user to malicious website. Arce decided to inform of the flaw because it was patched two weeks ago.It affects email clients like Kmail, Evolution, Sylpheed, Mutt and GNUMail, so its users should install patches as soon as possible.Source:http://www.arcabit.com/infobase.html?show=...ion&id=1154

Read other answers
RELEVANCY SCORE 35.6

Read More Info About It Here

http://www.eweek.com/category2/0,1874,1252525,00.asp
 

Read other answers
RELEVANCY SCORE 35.6

This might be worth keeping an eye open
http://news.bbc.co.uk/2/hi/technology/7784908.stm
 

A:Serious security flaw found in IE

The same article has already been noted in another section: "Web & Email"

But thanks anyway.
 

Read other 3 answers
RELEVANCY SCORE 35.6

Adobe Scrambling To Fix Another Serious PDF Flaw dated August 9, 2010.

This issue effects Adobe Reader client for Windows, Mac and UNIX based systems.
...
Adobe is rushing to develop a patch for a vulnerability in Acrobat Reader revealed at the Black Hat security conference. The update–expected the week of August 16–will be the third time this year that Adobe has been forced to fix flaws outside of its regularly scheduled quarterly update pattern.

-- Tom
 

A:Adobe Scrambling To Fix Another Serious PDF Flaw

You know, I just don't get these kinds of issues in software developed my major software vendors. I mean there are tools available to help detect programming issues at compile time and run-time memory issues. Insure++ is one example of this kind of tool.

When I read things like this:
A Secunia advisory related to the Adobe flaw explains &#8220;The vulnerability is caused due to an integer overflow error in CoolType.dll when parsing the &#8220;maxCompositePoints&#8221; field value in the &#8220;maxp&#8221; (Maximum Profile) table of a TrueType font. This can be exploited to corrupt memory via a PDF file containing a specially crafted TrueType font.&#8221;Click to expand...

things like doing bounds checking on data coming into the product from an external source are things that should be second nature, at this point. I mean it's not like the Adobe Reader hasn't had security related issues in the past.

Or maybe tools, like Insure++ and others, ARE being used and we're just hearing about code that hasn't been touched or looked at for a while suddenly being exploited.

When will it ever end!!!!!! LOL

Peace...
 

Read other 1 answers
RELEVANCY SCORE 35.6

Foxit Fix for &#8220;Jailbreak&#8221; PDF Flaw.

According to an advisory Foxit issued last week, Foxit Reader version 4.1.1.0805 &#8220;fixes the crash issue caused by the new iPhone/iPad jailbreak program which can be exploited to inject arbitrary code into a system and execute it there.&#8221; If you use Foxit, you grab the update from within the application (&#8220;Help,&#8221; then &#8220;Check for Updates Now&#8221 or from this link.

-- Tom
 

Read other answers
RELEVANCY SCORE 35.6

Read more about it here http://www.eweek.com/category2/0,1874,1252525,00.asp
 

A:sticky:WMF Security Flaw

This is already a sticky thread on the forum:

http://forums.techguy.org/security/431419-m-wmf-patch.html
 

Read other 1 answers