Over 1 million tech questions and answers.

'Serious' security flaw in OpenSSH puts private keys at risk:ZDnet

Q: 'Serious' security flaw in OpenSSH puts private keys at risk:ZDnet

A security vulnerability found in a widely-used open-source software has been described as "the most serious bug."
A major vulnerability has been found and fixed in OpenSSH, an open-source remote connectivity tool using the Secure Shell protocol. The flaw was the result of an "experimental" feature that allows users to resume connections
According to a mailing list disclosing the flaw, a malicious server can trick an affected client to leak client memory, including a client's private user keys.
The affected code is enabled by default in OpenSSH client versions 5.4 to 7.1. The matching server code was never shipped, the mailing list said.
The flaw doesn't have a catchy name like some other previous flaws, but disabling client-side roaming support fixes the issue.
The flaw, which is said to be years old, was found by Qualys' security advisory team.
Wolfgang Kandek, chief technology officer at Qualys, confirmed in an email that the company disclosed the bugs to the OpenSSH team on January 11, and commended the team for working "incredibly fast" to get a patch out three days later.

"Developers and admins are advised to regenerate and rotate keys to systems they touch, whether for hobby [or] weekend projects, or more sensitive servers -- including Github," he added.
Bottom line? Patch now, and patch fast.



Preferred Solution: 'Serious' security flaw in OpenSSH puts private keys at risk:ZDnet

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: 'Serious' security flaw in OpenSSH puts private keys at risk:ZDnet

HeartBleed 2.0?
*Frantically checks all administered servers*

Read other 5 answers

Security flaw puts iPhone users at risk of phishing attacks (Updated).

A flaw in Apple's implementation of SCEP makes it relatively trivial for a hacker to generate a malicious configuration profile that looks legitimate to users and funnels e-mail, Web, or VPN traffic to a malicious server.

-- Tom

Read other answers

IE flaw puts Windows XP SP2 at risk.Published: September 16, 2005, 7:08 AM PDTBy Dawn Kawamoto, Staff Writer, CNET News.com A flaw has been discovered in Internet Explorer that could enable a remote attack on systems running Windows XP with Service Pack 2, eEye Digital Security has warned.The flaw, which also affects systems running Windows XP, is found in the default installations of Microsoft's IE, according to an advisory released by the security company on Thursday."The flaw is not wormable but allows for the remote execution (of code) with some level of end-user intervention," said Mike Puterbaugh, eEye's senior director of product marketing. Complete article at CNET News

A:IE flaw puts Windows XP SP2 at risk

Another flaw in IE?
Noooooo, tell me it ain't so.

Read other 1 answers

Hello guys,

Every time I start IE 7, I get the message "Your security setting level puts your computer at risk"

I change the setting, yet I keep getting this message.

Does this mean I am infected with virus??

A:Ie: Your Security Setting Level Puts Your Computer At Risk

NO ,not infected. Well hopefully not as you are set too low.It's a built in nag warning from uncle MSFT. See if your settings are as this...http://msmvps.com/blogs/spywaresucks/archi.../20/506626.aspxEDIT: Sorry, Welcome to Bleeping Computer...

Read other 1 answers

Ever since I updated to IE8, I have been getting this error every time I log on:

Your security setting level puts your computer at risk.

but my security level is already at High. Is there a way to fix this? Clicking 'Fix security settings' does not do anything.

Read other answers

An unpatched, critical remote code execution flaw within WinRAR's SFX archive features has been disclosed by a researcher.WinRAR, available for Windows users, is an unzipping tool able to decompress .ZIP, .RAR and .7Z files, among others.However, a security flaw which reportedly allows for remote code execution has been discovered in WinRAR SFX version 5.21.Iranian researcher Mohammad Reza Espargham posted his findings on Full Disclosure. Granted a CVSS score of 7.4, the vulnerability could allow hackers to remotely execute system code and compromise victim machines, leading to control, surveillance and potentially data theft. A CVE score is yet to be issued.Source: http://www.zdnet.com/article/critical-winrar-vulnerability-places-500-million-users-at-risk/Well, SFX archives can already be used for non-legitimate purposes, but refusing to accept a vulnerability in it is something else.

Read other answers

An add-on that Microsoft silently slipped into Mozilla's Firefox last February leaves the browser open to attack, Microsoft's security engineers acknowledged earlier this week...This week, Microsoft did not revisit the origin of the .NET add-on, but simply told Firefox users that they should uninstall the component if they weren't able to deploy the patches provided in the MS09-054 update.the code in that add-on has a serious code execution vulnerability that exposes Firefox users to the ?browse and you?re owned? attacks that are typically used in drive-by malware downloads.Mozilla added the addon to their default blocklist.Sources:http://www.computerworld.com/s/article/913...x_users_at_riskhttp://blogs.zdnet.com/security/?p=4614&am...g=trunk;contenthttps://www.mozilla.com/en-US/blocklist/

A:Sneaky Microsoft plug-in puts Firefox users at risk

To add to what AA posted:Mozilla now has a site you can check your plugins for security updates. Just click and it is pretty darn fast. http://www.mozilla.com/en-US/plugincheck/And This:To protect users who may not have installed Microsoft's patch, Mozilla is automatically blocking two add-ons: the Microsoft .Net Framework Assistant and a related plugin called the Windows Presentation Foundation. The open-source browser started blocking the software late Friday night."Because of the difficulties some users have had entirely removing the add-on, and because of the severity of the risk it represents if not disabled, we contacted Microsoft today to indicate that we were looking to disable the extension and plugin for all users via our blocklisting mechanism," wrote Mozilla Vice President of Engineering Mike Shaver in a blog posting. "Microsoft agreed with the plan, and we put the blocklist entry live immediately."Buggy plugins are a growing problem, as cyber criminals have increasingly leveraged flaws in products such as Adobe Flash Player and QuickTime to launch browser-based attacks. Earlier this week, Mozilla launched a Plugin Check site where Firefox users can see if their plugins are up-to-date.

Read other 23 answers

An add-on that Microsoft silently slipped into Mozilla's Firefox last February leaves the browser open to attack, Microsoft's security engineers acknowledged earlier this week.

Sneaky Microsoft plug-in puts Firefox users at risk

A:Sneaky Microsoft plug-in puts Firefox users at risk.

Originally Posted by JMH

An add-on that Microsoft silently slipped into Mozilla's Firefox last February leaves the browser open to attack, Microsoft's security engineers acknowledged earlier this week.

Sneaky Microsoft plug-in puts Firefox users at risk

This is the sneaky, under-handed, back-door burglary conducted through a Microsoft Windows Update and referred to in the article shown as a link above;

Thankfully this vulnerability was picked up by Mozilla Firefox, and disabled by them through an automatic notification. It cannot be disabled or removed through the normal Firefox methods, and must be extracted through the Registry system, shown as a link below.

This despicable action by Microsoft, has severely dented my faith and trust in what they now present as 'Updates', and any future Windows updates mentioning Firefox will be thoroughly researched before any installation is considered.

Instructions for the removal of this nasty piece of Microsoft 'business', are here;

How to remove the .NET Framework Assistant for Firefox


Read other 4 answers

A vulnerability in fully patched versions of Internet Explorer allows attackers to steal login credentials and inject malicious content into users' browsing sessions. Microsoft officials said they're working on a fix for the bug, which works successfully on IE 11 running on both Windows 7 and 8.1.
The vulnerability is known as a universal cross-site scripting (XSS) bug. It allows attackers to bypass the same origin policy, a crucially important principle in Web application models that prevents one site from accessing or modifying browser cookies or other content set by any other site. A proof-of-concept exploit published in the past few days shows how websites can violate this rule when people use supported versions Internet Explorer running the latest patches to visit maliciously crafted pages.
To demonstrate the attack, the demo injects the words "Hacked by Deusen" into the website of the Daily Mail. But it also could have stolen HTML-based data the news site, or any other website, stores on visitors' computers. That means it would be trivial for attackers to use it to steal authentication cookies many websites use to grant access to user accounts once a visitor has entered a user name and password. Once in possession of the cookie, an attacker could access the same restricted areas normally available only to the victim, including those with credit card data, browsing histories, and other confidential data. Phishers could also exploit the bug to trick people into div... Read more

A:Serious bug in fully patched Internet Explorer puts user credentials at risk

The article doesn't make any sense.  It starts of by talking about a vulnerability in Internet Explorer, then talks about websites doing something with cookies, and then the exploit is "proven" by hacking some website.

Just realized the quoted text is not the whole article.  Reading the Ars Technica article from the link now...

Read other 5 answers

A change in some early versions of Google's Chrome browser is attracting the attention of security researchers who say it can make it harder for end users to know when they're visiting a malicious site trying to push malware or phish login credentials.


A:Address bar tweak in early Chrome beta puts even savvy users at risk

Seems to be going the Microsoft route of adding "features" and making the software "intelligent"... (see hidden extensions for known file types and autorun, for example)
Hell, why not just do away with the address bar and force people to enter their desired destination through Google... lol

Read other 1 answers

Several critical vulnerabilities in the protocol implementation used to synchronize clock settings over the Internet are putting countless servers at risk of remote hijacks until they install a security patch, an advisory issued by the federal government warned.
The remote-code execution bugs reside in versions of the network time protocol prior to 4.2.8, according to an advisory issued Friday by the Industrial Control Systems Cyber Emergency Response Team. In many cases, the vulnerabilities can be exploited remotely by hackers with only a low level of skill.
"Exploitation of these vulnerabilities could allow an attacker to execute arbitrary code with the privileges of the [network time protocol daemon] process," the advisory warned. Exploit code that targets the vulnerabilities is publicly available. It's not clear exactly what privileges NTP processes get on the typical server, but a handful of knowledgeable people said they believed it usually involved unfettered root access. Even if the rights are limited, it's not uncommon for hackers to combine exploits with privilege elevation attacks, which increase the system resources a targeted app has the ability to control.


Attack code exploiting critical bugs in net time sync puts servers at risk

Read other answers

PowerPoint flaw hits Mac and Windows
Second major Microsoft vulnerability in two weeks

Experts warn of 'severe risk' email worm
Win32.Warezov.at spreading in the wild

Stration worm masquerades as security patch
Users must resist the temptation of opening unsolicited attachments
Golf sites fall into malware sand trap
Spyware, adware and Trojan authors tap Ryder Cup zeitgeist

Read other answers

Hi all 
I have one question regarding the distribution of updates for open SSH server feature. 
How the Microsoft is distributing the update for this feature ? In the microsoft windows there is still older version when I'm compare the current distributed open SSH server version.
Thank you for any info. 

Read other answers

hi sorry i did a search but didnt see anything...I think i have somehow messed up my keyboard layout but cant figure it out. I have an Acer Aspire M and the enter key put in a forward slash every time. the backspace key only works when you hold it down. the arrow buttons (left and right ) give me square brackets most of the other keys work fine.... i have looked and looked and looked but cant find how to fix it......i did plug in a keyboard and it worked fine....the laptop is only about 8 months old (its a touch screen)\
thanks for any help\
see what i mean about the slashes\

A:window laptop keys have changed enter key puts in a slash

Check the Keyboard Language Settings, it's down by the Clock. Press "ENG" and a language prefs panel pops up. I'll bet you have it set for a UK keyboard, or other country. You can do this with the mouse so no key presses are rquired - But if you have to, press the Enter key which is associated with the Num Lock Keypad, it should be shown with alternate colours, you press the FN key to get to them,

Read other 4 answers

Read more: 360 Total Security Anti-virus first impressions: Refreshingly subtle but thorough | ZDNet

While this is not a formal review, I have to admit that I like 360. It's subtle. It's quiet. It seems to do what it claims. I don't have any complaints about false positives or resource hogging and it doesn't seem to get in the way of actually working like some anti-malware programs do. I hate having to acknowledge every single thing I ever click on. It's the uber security settings on some of these things that cause people to bypass security altogether.

I'll have to provide you with an update after a few months of working with 360 before I can give a definitive blessing, but preliminary tests have been positive.Click to expand...


Read other answers

Here's another reason to upgrade that old Windows XP PC: Microsoft has now stopped providing antivirus signatures for the out-of-support operating system.Even after support for the venerable OS ended in April last year, Microsoft continued to provide its malicious software removal tool and updates to Microsoft Security Essentials - that is, until yesterday.It has not been possible to download Microsoft Security Essentials for Windows XP since the end of support, but PCs with it already installed have been receiving anti-malware signature updates for the last 16 months. Because the malicious software removal tool is connected with the company's anti-malware engine and signatures, that has also remained working.Windows XP security just got worse again

A:"Windows XP security just got worse again", via ZDNet

Yes, indeed. All the companies that still run Windows XP, especially if they have a peer-to-peer network, should definitely upgrade.

Read other 12 answers

Cyberattacks are on the rise and they range from phishing and scams on social media to high-profile assaults against companies. For the average consumer, knowing where to turn and how to keep your digital identity safe can be a minefield of solutions. But what do you truly need to know? In a recent Google research paper, security professionals were asked what the top five ways to stay safe online are, and these are the tips they offered.Top 5 security practices in staying safe online: From the expertsSimple and easy, yet often forgotten practices by a lot of users. These 5 practices only should be able to keep a user out of quite a lot of trouble when it comes to online account security.

Read other answers

Adobe's long-time favorite plugin is no longer welcome on the web, says Facebook's new chief security officer.In tweets posted over the weekend, Alex Stamos, who joined the social networking giant from Yahoo last week, said the popular web plugin used for videos and games had to go."It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day," he said in one tweet. He followed up in another tweet, adding: "Even if 18 months from now, one set date is the only way to disentangle the dependencies and upgrade the whole ecosystem at once."It's time to kill Flash, says Facebook's new security chiefWith three 0-days for Flash Player under a week/a week and a half, I think a lot of users will start agreeing with what Stamos said and hopefully many will jump in the bandwagon and uninstall Adobe Flash Player or disable it in all their web browsers.

Read other answers

Google has patched 43 security problems, many of them deemed critical, in the latest update to the Chrome browser.On Wednesday, Google pushed Chrome 44 for Windows, Mac and Linux to the stable channel and for public release. As part of the Chrome 44.0.2403.89 update, 43 bugs have been fixed, with many of the bugs submitted by external researchers.Google patches 43 security flaws in latest Chrome updateGoogle Chrome 44 update log:http://googlechromereleases.blogspot.ca/2015/07/stable-channel-update_21.htmlBug Bounty programs are an amazing thing when it comes to help software maker to make their products more secure

A:"Google patches 43 security flaws in latest Chrome update", via ZDNet

Just noticed some subtle changes in the Chrome interface (the loading icon) in addition to the bugfixes.

Read other 5 answers

New User so bare with me!

I crashed my Harddrive after downloading a exe file that shut my system down. I was unable to log onto windows and was forced to re-load it. Instead of doing a format I decided to buy a new Harddrive, load windows, and upgrade everything, then add the other HD as a slave, pull my files and be on my way. Well, that didn't work. So I was forced to use a program to pull off the data I had still on it. I found a very useful program that pulled everything off my old HD without any problems, and even kept the file structure and file names in tact.

Well I guess I had set some files to be encrypted and so everything that was in a folder on my desktop is now locked out. after doing countless searches and tips from the internet, I have discovered that it has something to do with access to these files. I see nothing but "certificates, public and private keys" when searching for this fix. I was able to find my public cert's and keys, and move them into the proper folder, however when I try to open the files it still locks me out.

I think all I have found was the "public" keys and certs and that is not good enough to decrypt the files and see them. I think that all is not lost, but at this point I am. Is there a specific location, or anyway to find the private key to match this public key so that I can open these files once again? If I new which folder, or file that this key was in, I could probablt copy it out of the one folder i... Read more

A:Private and Public keys!?!?

Read other 16 answers

Oracle's October critical patch update includes security updates and patches for 154 vulnerabilities including a flaw which allows an attacker full control over a vulnerable system.The California-based company's October 2015 Critical Patch Update includes 154 fixes which patch holes in a wide range of products, including Oracle Database, Fusion Middleware, Hyperion, Enterprise Manager, Oracle Linux & Virtualization, Java and MySQL.Source: http://www.zdnet.com/article/oracles-critical-security-update-154-problems-fixed-in-latest-patch/Time to update your Java version (if you use it).JRE is now on Java 8 Update 65, and JDK is now on Java 8 Update 65 and Update 66.

Read other answers

A setup mistake has apparently left hundreds of thousands of home routers running the SSH (Secure Shell) remote access tool with identical private and public keys.
John Matherly used Shodan, a specialized search engine for querying Internet-connected devices, and found more than 250,000 devices that appear to be deployed by Telefónica de España sharing the same public SSH key.
Matherly, who founded Shodan, performed the search after someone posted a shorter version of a public key—called a fingerprint—for their device.
He was surprised to find more than 250,000 other devices, mostly in Spain, that shared the same public key fingerprint. It means the devices—which are likely home routers—also have the same private key, which could pose a security risk.
A different search found another 150,000 devices, mostly in China and Taiwan, that have the same problem.


Read other answers

Server at work is running Windows Server 2008. Old IT guy stopped backup of files to another location and never restarted before he left. Needless to say, we have no restore points, no individual file restore versions, no Shadow Copies, no backups. I had no idea it was this bad, new IT guy didn't either. Yikes. I know we have the Cryptowall 3.0, files HAVE to be retrieved. Our clients do not have other copies of the files given us. I caved and paid fee. Was given public key and private key and "decrypter". Decrypter stopped after 300 files, and then just kept looping, getting stuck on files but not unencrypting. Is there any software, or any solution I can utilize to unencrypt since I have the encryption keys? New server built, but useless without original client records.
Thanks in advance. Emergent situation. We've been down at work for 2 days. FRST can be obtained tomorrow, already left work for today (another night staying until 5am). Backup set to an external drive before I left.

A:Cryptowall 3.0 Have Private and Public Keys, need help

Greetings Marlittle and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter probl... Read more

Read other 12 answers


I have a question for a security junkie.

In a typical PKI model, a sender of a message may encrypt the message using a public key, and the recipient can decrypt the message using his private key.

My question is: Can a person decrypt the message using the public key? Apparently the answer is no, but I don't understand why this is. It seems to me that if you have the means to encrypt something, than you should be able to decrypt it with the same info.


Read other answers

I hope someone can help. What kinds of things would I find on my computer if my husband was somehow monitoring all of my Internet activity? I was searching through all kinds of things that looked suspicious to me...but also clueless. The computer was purchased used, if that matters. My husband has been reading me email from 2 accounts, and I have no clue how he got my password. I saw that the computer has something called an internal crypto device, and a private key service installed somewhere... I also notice that he's using firefox instead of IE, which is what we've always used. Is there something specific I should look for? Ill provide any other information I may have if needed..again, I'm not so computer savvy. :-)

A:Crypto Device & "private keys"..Am I being spied on?!

hello, you should run the Antivirus program. Look for a keylogger. Change your email password from a different computer. If needed post your AV scan log here.

Read other 1 answers

I'm working on my sister's computer (Windows 7 Pro x64) for her (I'm not a professional IT tech in any sense of the word, she just asked for help because I've been able to fix stuff for her before), she has a very weird problem that I'm very concerned is
unfixable and would really, really appreciate any help with.

So, when she bought the computer a few years ago, she was told from someone at the store all about Windows 7 encryption service, and how easy and effective it was. She had some files on the computer she considered really important (she said it's for her art
which she does as a part-time job) that she didn't want to lose in case of hacking/whatever so she encrypted them. So far as she can remember, she never backed up the key (and, of course, no backups in general). 

A few days ago, she got a notification in the system tray talking about encryption and that she should backup the certificate. She said that she went through it and it ended up exporting a .pfx key file, which I have found on the computer. The problem is, immediately
after this happened, all of her encrypted files no longer gave her access. Going into certmgr.msc, I'm seeing that she has not one but three certificates for encryption, one dating from when she first set it up after buying, the others from a few days ago
when she had the problem/followed the menu. Unless I'm misunderstanding something, it looks like she set up a new certificate when she went through the system tray notifi... Read more

Read other answers

Hi, I hope someone can help me. I am attempting to help a lady that had her data encrypted my the cryptolocker ransom virus. She paid the ransom money, the machine sat for hours processing the payment. The computer was left on. the next day the processing payment window was gone. The display still showing the red cryptolocker screen that her important files have been encrypted. the files in fact were still encrypted. Cryptolocker did however leave behind a file called "your private key.bin". The countdown timer to the private key has expired. I feel that Microsoft Security Essentials Antivirus application had removed the cryptolocker virus before it could decrypt the encrypted files. Attempting to visit the web domain to redownload the virus stated "your IP address is restricted". I have the public and private key information from the registry entries for cryptolocker, also the "your private key.bin", as well as a list of encrypted files. Is there a way to decrypt the files using what was left behind by the crypolocker virus?
thanks for any and all help!!

A:Cryptolocker file decryption with public and private keys

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/512630 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers

Lately ...
Many things I try to do, I get a popup notice that this contains a security flaw .. Do I want to continue ???

Is this because I've installed XP SP3 ??

A:Security Flaw

Read other 8 answers

Serious security flaw found in IE [bbc]

As many as 10,000 websites have been compromised since last week to take advantage of the security flaw, said antivirus software maker Trend Micro. Click to expand...

I don't want to go on a rant here but the IE team at Microsoft has caused so many problems for so many people, from users to web developers.

Anybody who is currently a user of IE really should take a look at alternate browsers (Firefox, Opera, Safari).

A:Serious security flaw found in IE

Read other 16 answers


A:FireFox 3.5 Zero day security flaw

Nobody's perfect...
IE7 user

Read other 2 answers

This might be worth keeping an eye open

A:Serious security flaw found in IE

The same article has already been noted in another section: "Web & Email"

But thanks anyway.

Read other 3 answers

Read More Info About It Here


Read other answers

Read more about it here http://www.eweek.com/category2/0,1874,1252525,00.asp

A:sticky:WMF Security Flaw

This is already a sticky thread on the forum:


Read other 1 answers

Adobe patches flaw in graphics tools
CNET News.com

A security flaw in Adobe Systems' popular graphics design software could allow an unauthorized user to change certain program files, the software maker said Thursday. The problem affects Adobe Creative Suite 2, Adobe Photoshop CS2 and Adobe Illustrator CS2 and occurs when the applications are run in shared, multiuser installations, according to an Adobe security advisory.

"If exploited, this vulnerability could allow a hostile user to replace these program files with malicious or harmful code that could read, write, or destroy sensitive data if subsequently run by a privileged user," Adobe said. The company rates the issue "important" and has updates http://www.adobe.com/support/techdocs/332644.html available to correct the security problem. It recommends that customers using CS2 products on shared systems, running either Microsoft Windows or Mac OS, apply these updates.

Read other answers

In an advisory released Wednesday July 10, Thor Larholm, a security researcher and partner at risk-assessment company PivX Solutions, warned that HTML objects embedded in Web pages and e-mails could carry code that allows an attacker to check out victims' cookie files, read their documents, and execute programs on their computer.

The bug, known as a cross-domain scripting flaw, was discovered on June 25, and information about it has been posted on several security lists since then. Larholm also informed Microsoft of the bug the day it was discovered.

To repair the current problem, Larholm recommended that users disable ActiveX in the security settings for Internet Explorer, or run IE and Outlook in "Restricted" mode, at least until Microsoft releases a patch.

Microsoft said a patch will be available soon.



Read other answers

Microsoft Admits Flaw in Windows Software
AP Technology Writer

Microsoft Corp. acknowledged a critical vulnerability Wednesday in nearly all versions of its flagship Windows operating system software, the first such design flaw to affect its latest Windows Server 2003 software.

Microsoft said the vulnerability could allow hackers to seize control of a victim's Windows computer over the Internet, stealing data, deleting files or eavesdropping on e-mails. The company urged customers to immediately apply a free software repairing patch available from Microsoft's Web site.

The disclosure was unusually embarrassing for Microsoft because it demonstrated the first such serious flaw in the company's powerful new computer server software, billed as its safest ever.

The software is aimed at large corporate customers and was the first product sold under a high-profile "Trustworthy Computing" initiative organized last year by Microsoft founder Bill Gates.

At the product's launch in late April, Microsoft Chief Executive Steve Ballmer declared the new version of Windows to be a "breakthrough in terms of what it means, in terms of its built-in security and reliability."

The flaw, discovered by researchers in western Poland, also affected Windows versions popular among home users.

"This is one of the worst Windows vulnerabilities ever," said Marc Maiffret, an executive at eEye Digital Security Inc. of Aliso ... Read more

A:Widows Security Flaw

Go to Windows Update and get the fix.

Read other 2 answers


A:Security Flaw in Firefox

ok. i havn't added any trusted sites to my list but am i still at risk? and how can this be patched?

Read other 19 answers

On my old XP laptop I was able to come back from "sleep/stand by" and had to re-enter my log in information. I set up my new laptop, an HP X16-1044nr 64 bit Vista to do the same. What I found was that if I left an internet website page open and it went into stand-by, hitting any key; the system doesnít produce the security log in window. Thus leaving my system vulnerable for anyone to use should I forget and leave a page open. I now make sure I close every window but thatís disturbing. Thanks in advance.

Read other answers

Hi Guys
With the amount of Vundo going around i thought i might start a poll - there are a few things i would like to see in relation to Windows Service Packs

A:Vundo Poll! Is there a Security Flaw?????

Read other 7 answers

Hi, I have just bought on Ebay a Lenovo Thinkpad X201, and run the Intel tool to check if it was vulnerable to the recent discovered security flaw on Intel ME (Critical Firmware Update - Intel-SA-00086) as described on the link bellow: https://www.intel.com/content/www/us/en/support/articles/000025619/software.html The result was that my X201 is vulnerable! So, this is a huge security problem and I need a way to resolve it. I have already run all Windows 10 updates + Lenovo Companion app and it says no more updates are available. I have also search on Lenovo drivers and even on Lenovo dedicated page to this security issue on the link bellow but my model (X201) is not listed: https://support.lenovo.com/pt/en/product_security/len-17297 My question is if anyone knows a solution for this security issue on X201? Any help or advice is really appreciated. Note: On Intel check tool, it says my Intel ME driver current version is Thanks!

A:X201 - How to fix Intel ME Security Flaw

I think the reason its not on the Lenovo list is your processor is not affected.  Based on the intel link you provided it affects 6th, 7th and 8th generation intel chips.  I do not believe the X201 has those chips. 

TP 25 Retro, W510 850 EVO, A30pRetired 385D, A20p, A21p

Read other 1 answers

Pertains to RealPlayer 8, RealOne Player, RealOne Player v2 for Windows, RealPlayer 10 Beta (English only) or RealPlayer Enterprise. Flaw discovered April 06, 2004.

Details and work around here: http://service.real.com/help/faq/security/040406_r3t/en/

Read other answers

MS flaw highlights e-security laziness
By electricnews.net
Posted: 01/08/2003 at 13:35 GMT

In an unprecedented move, the US Department of Homeland Security has issued a second warning over a Windows flaw that leaves computers vulnerable to attack.

The newly formed US federal government department said in its warning that a critical flaw in certain versions of the Windows operating system, if left unpatched, could leave computers open to dangerous cyber-attacks, some of which have the potential to allow the attacker to take control of a vulnerable system.

The warning comes two weeks after Microsoft issued its own bulletin notifying computer users of the problem and about a week after the Department of Homeland Security issued its first warning urging people and companies to fix their systems.

Essentially, the bug can allow malicious attackers to seize control of users' machines to steal files, read e-mails and launch wide-scale attacks that could damage the Internet as a whole. Microsoft has issued patches on its Web site to let administrators repair systems, but analysts have said that there is still a large proportion of computers plugged in to the Net that remain susceptible to attack.

This is said to be partly because Microsoft issues patches so frequently that they are increasingly being ignored. Last year the software giant issued about 70 patches, and about 30 have been made available this year.

The United States government is said to be especially worr... Read more

A:MS flaw highlights e-security laziness

Perhaps micro$oft should concentrate on a better system this time rather than pumping one out every other year , but then again we'll keep on buyin them won't we ?

Read other 3 answers

FROM: http://www.usatoday.com/tech/products/2006-12-26-vista-flaw_x.htm?csp=27
NEW YORK ó Windows Vista, the new computer operating system that Microsoft is touting as its most secure ever, contains a programming flaw that might let hackers gain full control of vulnerable computers.
Microsoft and independent security researchers, however, tried to play down the risk from the flaw, which was posted on a Russian site recently and is apparently the first affecting the new Vista system released to larger businesses in late November.

The software company said it was investigating the threat but found so far that a hacker must already have access to the vulnerable computer in order to execute an attack.

That could occur if someone is actually sitting in front of the PC or otherwise gets the computer's owner to install rogue software, said Mikko Hypponen, chief research officer for Finnish security research company F-Secure.

"The bottom line is you couldn't use a vulnerability like this to write a worm or hack a Vista system remotely," Hypponen said Tuesday. "It only has historical significance in that it's the first reported vulnerability that also affects Vista. It's a non-event in other ways."

Attackers with low-level access privileges on a vulnerable machine could theoretically use the flaw to bump up their status, ultimately gaining systemwide control, Hypponen said.

The flaw affects older Windows systems, too, and Hypponen said v... Read more

A:First Security Flaw in Vista found

It was only a matter of time.

Read other 3 answers

On 12/22/2004, an update for Winamp was published to fix a critical security flaw. Go to http://www.winamp.com and download Winamp 5.08c to fix the problems.

This fix is required for ALL versions of Winamp prior to 5.08c. To determine your version, open Winamp, click Help > About Winamp and check the version number at the bottom of the resulting screen.

Read other answers


I have reason to believe that the current version of Opera 22.0.1471.50 has a remote code execution flaw. The attacker was able to get in and rename my documents folder to 'public documents'. Also on a day before that, the attacker was able to change the ACL's on a file.

A:Opera 22.0.1471.50 security flaw

Read other 6 answers

Just recieved THIS notification and thought you Netscape users might want to know.


A:Netscape security flaw exposed


Thanks for the news. Glad I am ok with Netscape 4.x

Read other 1 answers