Over 1 million tech questions and answers.

IE browser flaw......FYI

Q: IE browser flaw......FYI


Sunday, Sept. 1, 2002
Security Flaw Found in Microsoft Web Browser
SAN FRANCISCO (Reuters) - Security researchers on Monday
said they have found serious flaws in Microsoft Corp.'s
Internet Explorer browser and in PGP, a widely used data
scrambling program, that could expose credit card and other
sensitive information of Internet users.
The Internet Explorer (IE) problem has been around for at
least five years and could allow an attacker to intercept
personal data when a user is making a purchase or providing
information for e-commerce purposes, said Mike Benham, an
independent security researcher based in San Francisco.
"If you ever typed in credit card information to an SSL
site there's a chance that somebody intercepted it," he added.
Internet Explorer fails to check the validity of digital
certificates used to prove the identity of Web sites, allowing
for an "undetected, man in the middle attack," he said.
Digital certificates are typically issued by trusted
certificate authorities, such as VeriSign Inc., and used by Web
sites in conjunction with the Secure Sockets Layer (SSL)
protocol for encryption and authentication.
Anyone with a valid digital certificate for any Web site
can generate a valid certificate for any other Web site,
according to Benham.
"I would consider this to be incredibly severe," he added.
Cryptography expert Bruce Schneier agreed.
"This is one of the worst cryptographic vulnerabilities
I've seen in a long time," said Schneier, co-founder and chief
technology officer at Counterpane Internet Security, a
Cupertino, California-based network monitoring firm.
"What this means is that all the cryptographic protections
of SSL don't work if you're a Microsoft IE user," Schneier

Microsoft is investigating the IE flaw, said Scott Culp,
manager of the Microsoft Security Response Center. Certain
mitigating factors diminish the risk to users, he added.
For example, an attacker would have to create a fake Web
site and redirect people from a legitimate Web site to the fake
one, according to Culp.
"We're not, by any means, dismissing the report," he said.
"What we are saying is that based on the preliminary
investigation so far, it's obvious there would be some daunting
challenges with the scenario that's been described."
Benham and Schneier disagreed, noting that people fake Web
sites all the time and there are publicly available tools that
allow attackers to redirect Web surfers.
An attacker wouldn't even need to create a fake Web site,
but could merely intercept the data from a legitimate Web site
without the victim knowing, Benham said.
Benham wrote a program that demonstrates how easy it is to
intercept SSL connections and decrypt them.
"The reason SSL exists is to defend against these types of
attacks," he said. "If these types of attacks were so hard,
nobody would have to use SSL."
Schneier released information Monday about a separate flaw
in the PGP (Pretty Good Privacy) program that is freely
available and used to encrypt messages sent over the Internet.
Schneier and Jonathan Katz of the University of Maryland at
College Park found a way an attacker could intercept a PGP
encrypted message, modify it without decrypting it, dupe the
user into sending it back, and retrieve the original message.
"It's beautiful mathematically, but in terms of
seriousness, it's not that serious," Schneier said.

Help - Site Help Map - Advertise with Us - Add Site - What's New - What's Cool

Copyright © 2000 Netscape. All rights reserved. Terms of Service | Privacy Policy

Read other answers
Preferred Solution: IE browser flaw......FYI

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)




Read other answers
A:Microsoft's new browser haunted by old flaw

Did anyone really think that flaws weren't going to be found. Historically that has always been the case. It will continue to happen with IE7. It will happen with Vista. And on and on. They are just things made by people. So shouldn't be surprised they aren't perfect. I expect them not to be.

Read other 3 answers



Read other answers

The problem has to do with the way the Firefox and Mozilla browsers handle International Domain Names, or IDNs. IDNs are domain names that use local language characters. The fix disables support for such Web addresses.

Mozilla expects to fix the vulnerability in beta 2 of Firefox 1.5, the next release of the open-source Web browser. Beta 2 is due Oct. 5 and the final release of 1.5 is expected by year's end

Instructions to manually disable IDN: Type "about:config" in the address bar, hit Enter; type "network.enableIDN" in the filter toolbar, hit Enter; right-click the "network.enableIDN" item and select Toggle to change value to false.

If you make the manual change as above, there is no need to download from http://www.mozilla.org. See Cnet.news for the story: Mozilla offers temporary fix for Firefox flaw.

-- Tom

Read other answers

Chrome suffers first security flaw.

On Wednesday, researchers announced a flaw in how the Google Chrome browser behaves with undefined handlers. An exploit provided as a demonstration crashes the new browser.

And on Tuesday, mere hours after Chrome was released, researcher Aviv Raff concocted a proof-of-concept demo to show how the Google browser could be made vulnerable to a carpet-bombing flaw and thus open a window for ill-intentioned hackers.

-- Tom

A:Google's Chrome browser suffers first security flaw

Read other 7 answers

By James Walker
5 Feb, 2016
"A major security flaw has been found in Avast's SecureZone browser, also known as Avastium, that allows an attacker to remotely read any file on the user's computer, over the Internet. Antivirus firm Avast quickly patched the embarrassing bug.


Avastium is based on Chromium, the open-source browser engine originally developed by Google for Chrome but now available for everyone. Avast modified a key security feature in Chromium, removing the protection it offers and exposing the user's filesystem to the Internet."
Major security flaw found in antivirus firm's 'secure' browser

A:Major security flaw found in Avast's Secure Browser

These "Secure browsers" Who can tell how much safer are them from other browsers outhere?, I think you should always use a browser because you know a bit about it and it works for you good and safe, not because it's named "any AV Secure Browser".

Read other 3 answers

I found it in my startup through msconfig. I have no idea what it is.
Loads from the c:\docume~1\admini~1\applic~1\find01~1\dvd flaw.exe

A:Dvd Flaw.exe What Is It?

to BC easye35Googling on this name came up empty. The single flaw.exe was reckognized as malware. If you do CTRL ALT DEL do you see it running under processes?Please downloadProcessExplorer and see where it is refering to by selecting the process and post it here

Read other 4 answers

Microsoft Corp., a worldwide leader in operating systems and Internet technologies, announced that it has found a major flaw in Windows XP operating system that is related to the JPEG image format.

An attacker could infiltrate the user's computer by tricking the user into opening a specially coded JPEG file. Microsoft has released a patch and a specialized tool that will scan for the aforementioned vulnerability. The software giant stated that this flaw does not affect users with Windows XP Service Pack 2.

The flaw affects Windows XP, Windows 2003 Server Edition, and later versions of Microsoft Office. Some users with older Microsoft operating systems may also be affected only if they are running specialized image editing software such as Digital Image Pro and Visio 2002.

Here is a link to a plethora of information on this flaw.

A:Another Flaw With MS?

Deke said:

The software giant stated that this flaw does not affect users with Windows XP Service Pack 2. Click to expand...

So the moral is - get SP2 !

Read other 1 answers

A German mathematician called Martin von Gagern found a bug in GnuTLS , an open-source library that implements TLS...http://www.malwarecity.com/blog/devil-in-t...etails-287.html

Read other answers

Zero day IE7 security flaw:


Read other answers

Found this today.

"New Windows zero-day flaw bypasses UAC"

A:New Zero-Day Flaw Bypasses UAC

good read

Read other 1 answers

Lately ...
Many things I try to do, I get a popup notice that this contains a security flaw .. Do I want to continue ???

Is this because I've installed XP SP3 ??

A:Security Flaw

Read other 8 answers

Here's another beauty - JavaVM is at it again
Flaw in Microsoft VM JDBC Classes Could Allow Code Execution (Q329077)

Just noticed it's been rolled into the security post at the top - mod should delete this one.

A:JavaVM flaw

That's ok, the additional heads-up can't hurt. They really should provide another download link for the patch other than the update site, as not everyone can get there; it's not on any of their other download sites yet that I can see.

Read other 1 answers

I think I've found a major flaw in the audio systems for Windows 7. I'm not sure if it could just be my computer, but it's quite annoying, since I change audio ports a lot for recording.

What happens is if I change my Sound out -> Headphones/Speakers port to the other one like lets say from Headphone port (front) to the Speakers port (back) all my sounds will completely cut out, and Windows will begin to lag until I restart my computer. In iTunes, if I try to play a song at this point, iTunes will either lock up or refuse to play the song.

I am running Windows 7 Home Premium 64-bit.
My sound card is a Realtek HD Integrated Audio Chipset.

A:Major Flaw? (Win 7)

Do you have the latest drivers for your sound card?

Read other 5 answers

Alright, let the rant begin:
A month back, Comcast backstabbed us and gave us <1 Mbps, when we were paying for 40+ Mbps. After three different routers and three different tech support guys came over, we "solved" the problem. Only not really.
It seems everywhere else the internet is fine. On this computer though (HP Pavilion p7-1534 PC, running Windows 8) it's anything but fine. The problem is that the connection randomly drops and says "Limited" in the Networks panel. I can reconnect immediately, but I play Wizard101 and once you lose connection for the slightest second, you have to restart the entire program (Which takes close to a minute). It has also been bothering other users of this computer.
Another odd thing is that, when I try to check the "Connect Automatically" box, and we lose connection again, the box NEVER stays checked. Even weirder, ALL of the other networks in my area have the "Connect Automatically" box checked. I think this may be part of the problem.
I am an avid hater of Windows 8 because nothing seems to work, including this. The internet was working fine until Comcast backstabbed us, but now I think it is just the computer.
Any ideas how to solve this? I am getting REALLY tired of it.
Thanks in advance for any help.
One more thing: We have no bandwidth problems, it just randomly dorps. My parents are considering buying a booster, would that solve the problem?

A:Internet Flaw

It seems everywhere else the internet is fine. On this computer though (HP Pavilion p7-1534 PC, running Windows 8) it's anything but fine. The problem is that the connection randomly drops and says "Limited" in the Networks panel. I can reconnect immediately, but I play Wizard101 and once you lose connection for the slightest second, you have to restart the entire program (Which takes close to a minute). It has also been bothering other users of this computer.
Any ideas how to solve this? I am getting REALLY tired of it.
Thanks in advance for any help.
One more thing: We have no bandwidth problems, it just randomly dorps. My parents are considering buying a booster, would that solve the problem?

Try replacing the network cable for that computer if that doesn't resolve the issue. Then next thing you can do is to try to do a system restore/ or update your Ethernet adapter drivers.

Read other 4 answers

Microsoft is investigating a new flaw in the Windows operating system but didn't provide details on their Security Response Center Blog....we?re looking into new public proof of concept code around a possible vulnerability in Microsoft Windows. So far we?re not aware of any attacks attempting to use vulnerability or any customer impact, but we wanted to let everyone know we?re investigating.What we know at the moment is that the vulnerability can be attacked through Internet Explorer and requires user interaction on the page before the attack can occur...blogs.technet.com

A:Another Windows Flaw

Astronaut: Houston we have a problem...

Houston: What is it?

Astronaut: We can't tell you.

Houston: Why not?

Astronaut: Because it hasn't occured yet...

Houston: Then how do you know it will happen?

Astronaut: We saw some code laying around...

Houston: So.. we always have sloppy work

Astronaut: Correct, however, this is leading to an "unknown" problem...

laymans terms of what Microsoft is doing.

Read other 1 answers

See: http://www.eweek.com/article2/0,1895,1850357,00.asp
'Killbit' Workaround for Zero-Day IE Flaw Available <-- DO NOT USE!!!!!!!!!

Note: Use Microsoft pre-patch workaround instead!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

The utility sets the "killbit" for Msddds.dll (Microsoft DDS Library Shape Control), the COM object that can cause browser crashes—and remote code execution—via specially crafted Web pages.

Once the "killbit" is set to prevent the use of Msdds.dll as an ActiveX, all applications that use the COM object utility will break.

Microsoft has already issued an advisory confirming the severity of the flaw and providing pre-patch workaround to help block known attack vectors. See advisory here:

-- Tom

Read other answers


A:Security Flaw in Firefox

ok. i havn't added any trusted sites to my list but am i still at risk? and how can this be patched?

Read other 19 answers

9 March 2007A serious flaw was found in opensource encryption software GNU Privacy Guard (GPG).It allows a cybercriminal to launch a phishing attack. The flaw allows to insert text in trusted e-mail. Ivan Arce from Core Security, who discovered the vulnerability says attacker can insert malware or lead user to malicious website. Arce decided to inform of the flaw because it was patched two weeks ago.It affects email clients like Kmail, Evolution, Sylpheed, Mutt and GNUMail, so its users should install patches as soon as possible.Source:http://www.arcabit.com/infobase.html?show=...ion&id=1154

Read other answers

Came across this article while searching for something totally unrelated.

For password manager users, have a read.

Part of article:

it is revealed that this password manager is at risk of a nasty phishing vulnerability. The author, Sean Cassidy, has published details about what he has dubbed 'LostPass'.
"I have discovered a phishing attack against LastPass that allows an attacker to steal a LastPass user's email, password, and even two-factor auth code, giving full access to all passwords and documents stored in LastPass. I call this attack LostPass. The code is available via Github. LostPass works because LastPass displays messages in the browser that attackers can fake. Users can't tell the difference between a fake LostPass message and the real thing because there is no difference. It's pixel-for-pixel the same notification and login screen", says Sean Cassidy, CTO, Praesidio.

Cassidy further explains, "a few months ago, LastPass displayed a message on my browser that my session had expired and I needed to log in again. I hadn't used LastPass in a few hours, and hadn't done anything that would have caused me to be logged out. When I went to click the notification, I realized something: it was displaying this in the browser viewport. An attacker could have drawn this notification".Click to expand...

Full article:
LastPass has serious flaw called 'LostPass' -- your passwords and more are at ri... Read more

A:LastPass flaw article

Never been fond of LastPass, however such exploits are actually... rather expected, for web-based applications.
As I said, never being intrigued by LastPass, I have been using KeePass. It sure also must have its weaknesses, but the fact that it's offline is a plus and it adds to the overall security for storing passwords.

Anyway, if this is security flaw is as serious as the author suggests, then I'm pretty sure the LastPass developers are bound to prepare and push out patches to address it sooner or later, if they haven't done it already. They were pretty frantic about a "breach" in their servers in their past, even though it didn't result in the compromise of any users' credentials.
This case however, seems to be of much more critical nature, since, as described in the author, it is quite possible for the phishing attack to be carried out successfully.

Read other 15 answers

A critical flaw that can be easily dealt with. >f

Firefox has a password flaw
The Internet browser Firefox 2 has a problem with its "password manager" that could allow a hacker to obtain usernames and passwords from Firefox users, Newsfactor.com reports.

The Mozilla Foundation, which maintains Firefox's code, has acknowledged the problem. It has an extensive discussion going on here about what it calls "bug #360 493."

According to Newsfactor, the same problem could affect Internet Explorer as well.

Newsfactor also reports that "neither Mozilla nor Microsoft has released a patch for the problem, but users can avoid (the) attacks simply by disabling their browsers' autosave features for usernames and passwords. In Firefox, the feature is found in the 'Options' window under the 'Tools' menu.

"Mozilla has indicated that it plans a fix in Firefox version or"


A:Firefox password flaw

Read other 10 answers


A:FireFox 3.5 Zero day security flaw

Nobody's perfect...
IE7 user

Read other 2 answers

...Called XSS fragmentation, the vulnerability consists of multiple chunks, or fragments, of JavaScript malware that can slip by a filter or firewall because individually they don't constitute a security risk. But when they are combined after hitting the site, they can then be dangerous.XSS fragmentation is rare, but a potentially powerful vulnerability that could be used against community-based sites such as MySpace or Web-based mail systems...MySpace in particular is vulnerable because it takes user-supplied content and stores it without adequate filtering...darkreading.com

Read other answers

Intel chip flaw--but what of it?.

"This is the scariest, stealthiest, and most dangerous exploit I've seen come around since the legendary Blue Pill!," writes Jamey Heary in a Network World blog. He is a consulting systems engineer for Cisco Systems.
Click to expand...

-- Tom

Read other answers

A lot of members in here seem to be praising 360 IS and TS. But 360 suffers from a huge flaw. This flaw has been around for over 6 months and 360 seems to be refusing to address it. With every new version this huge problem is not corrected. I have about 6 emails with 360 support and they are aware of this issue. What is the issue you may ask? 360 products do not work in a standard user account. You can install and run 360 IS or TS in an Admin account perfectly fine. Log out and login in under a standard account and the account is unprotected. You can try all day long to force it to start and it will not work. So think again before recommending and praising 360. Never mind that TS comes with features that are completely and totally unnecessary to any security product. Avast is a far superior free security solution and Eset is a top notch paid product. No reason to start an argument either. I can copy and paste the emails from 360 support. Anyone can duplicate this flaw also.

Another thing. 360 China version and this new 360 TS version are completely different. AVC and AV Test.org are testing 360 China. Not 360 TS Free.

A:Huge Flaw (Qihoo 360 )

Interesting post, would be great if you could post those emails to and from support (obviously blanking any personal info). Obviously this is a pretty serious claim. If anybody on the forums can verify this, please give me a PM

Read other 54 answers

Latest update on Adobe Reader Flaw

Users are being advised to update their systems after the emergence of a new rash of attacks targeting a previously-patched flaw in Adobe Acrobat.
The attacks use specially-crafted PDF files to exploit a vulnerability in the Java component of Adobe Acrobat Reader to perform malware installations on targeted systems.
Users can protect against the attacks by updating Adobe Acrobat and Reader to the latest versions. Users running version 9 of either product are not vulnerable to the attack.
Full info Here ...
Attackers gun for Adobe flaw - vnunet.com

Read other answers

Not sure if this the best place for this but sure needs to be looked into!

A:Devastating flaw in Windows

You left off the quote marks around "devastating", and the question mark at the end of the sentence. Then there's this comment on the article:
"There is nothing new in that blog post. All the author has done is gather information from other sources (linked at the bottom of his post) and put it together in a nice article. It's El Reg that's tossing around words like "devastating". In fact, dfirblog goes into great detail about how the attack works and - more to the point - how to detect it on your network. 

Changing KEBTGT's password is trivial using the provided script, which, incidentally, was published in February. Honestly: Should we be that surprised to find that a Bad Guy that's gained access to a network can do Bad Things? 
C'mon, kids. Read the articles before crying foul. We're supposed to be better than that."


Read other 5 answers

Read More Info About It Here


Read other answers

Microsoft Admits Flaw in Windows Software
AP Technology Writer

Microsoft Corp. acknowledged a critical vulnerability Wednesday in nearly all versions of its flagship Windows operating system software, the first such design flaw to affect its latest Windows Server 2003 software.

Microsoft said the vulnerability could allow hackers to seize control of a victim's Windows computer over the Internet, stealing data, deleting files or eavesdropping on e-mails. The company urged customers to immediately apply a free software repairing patch available from Microsoft's Web site.

The disclosure was unusually embarrassing for Microsoft because it demonstrated the first such serious flaw in the company's powerful new computer server software, billed as its safest ever.

The software is aimed at large corporate customers and was the first product sold under a high-profile "Trustworthy Computing" initiative organized last year by Microsoft founder Bill Gates.

At the product's launch in late April, Microsoft Chief Executive Steve Ballmer declared the new version of Windows to be a "breakthrough in terms of what it means, in terms of its built-in security and reliability."

The flaw, discovered by researchers in western Poland, also affected Windows versions popular among home users.

"This is one of the worst Windows vulnerabilities ever," said Marc Maiffret, an executive at eEye Digital Security Inc. of Aliso ... Read more

A:Widows Security Flaw

Go to Windows Update and get the fix.

Read other 2 answers

In an advisory released Wednesday July 10, Thor Larholm, a security researcher and partner at risk-assessment company PivX Solutions, warned that HTML objects embedded in Web pages and e-mails could carry code that allows an attacker to check out victims' cookie files, read their documents, and execute programs on their computer.

The bug, known as a cross-domain scripting flaw, was discovered on June 25, and information about it has been posted on several security lists since then. Larholm also informed Microsoft of the bug the day it was discovered.

To repair the current problem, Larholm recommended that users disable ActiveX in the security settings for Internet Explorer, or run IE and Outlook in "Restricted" mode, at least until Microsoft releases a patch.

Microsoft said a patch will be available soon.



Read other answers

From the Business Insider:

Flaw in Micosoft's strategy.

Microsoft's strategy for Windows 10 hinges on what it calls "Universal Windows Apps",
or "it runs the same on every platform".


1) developers have no real reason to build Universal Windows Apps.
2) legacy apps run just fine, so why reinvent just for mobile devices?
3) lack of win/10 adoption (so far)
4) lack of Windows Phone market share
5) existing successful mobile apps were never deployed on desktops, so migration is not an incitement.
6) the Universal App has restrictive APIs
7) the coup de gras; many successful applications are agnostic to the Windows PC.

See the original article for details here.

Read other answers

Secure USB Flaw Exposed.

USBs go under the microscope as vulnerability discovered in Sandisk secure USB leads to recall of other vendor's products

-- Tom

Read other answers

MS have reported an increase in attacks using this exploit and have reminded users about the 'Fix It' which is available to disable the protocol involved; http://www.networkworld.com/news/20...rs-work-around-to-windows.html?source=nww_rss

It is possible that there will be a patch for this on 13th July (for those with SP3!) but I've applied the Fix It today, rather than attempt the manual Registry amendment.

Read other answers

Serious security flaw found in IE [bbc]

As many as 10,000 websites have been compromised since last week to take advantage of the security flaw, said antivirus software maker Trend Micro. Click to expand...

I don't want to go on a rant here but the IE team at Microsoft has caused so many problems for so many people, from users to web developers.

Anybody who is currently a user of IE really should take a look at alternate browsers (Firefox, Opera, Safari).

A:Serious security flaw found in IE

Read other 16 answers

This might be worth keeping an eye open

A:Serious security flaw found in IE

The same article has already been noted in another section: "Web & Email"

But thanks anyway.

Read other 3 answers

About this flaw mentioned in the following articles:

New Web Attack Exploits Unpatched IE Flaw
Robert McMillan, IDG News Service
Dec 9, 2008 8:20 am

Microsoft Security Advisory (961051)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
Published: December 10, 2008 | Updated: December 13, 2008

Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer. Our investigation so far has shown that these attacks are only against Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008.Click to expand...

I am using IE7 and Windows Vista, does the security update KB958215 fix the above IE7 zero day flaw on Windows Vista?

Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB958215)


A:Internet Explorer 7 zero-day flaw

Read other 13 answers

Adobe Scrambling To Fix Another Serious PDF Flaw dated August 9, 2010.

This issue effects Adobe Reader client for Windows, Mac and UNIX based systems.
Adobe is rushing to develop a patch for a vulnerability in Acrobat Reader revealed at the Black Hat security conference. The update–expected the week of August 16–will be the third time this year that Adobe has been forced to fix flaws outside of its regularly scheduled quarterly update pattern.

-- Tom

A:Adobe Scrambling To Fix Another Serious PDF Flaw

You know, I just don't get these kinds of issues in software developed my major software vendors. I mean there are tools available to help detect programming issues at compile time and run-time memory issues. Insure++ is one example of this kind of tool.

When I read things like this:
A Secunia advisory related to the Adobe flaw explains &#8220;The vulnerability is caused due to an integer overflow error in CoolType.dll when parsing the &#8220;maxCompositePoints&#8221; field value in the &#8220;maxp&#8221; (Maximum Profile) table of a TrueType font. This can be exploited to corrupt memory via a PDF file containing a specially crafted TrueType font.&#8221;Click to expand...

things like doing bounds checking on data coming into the product from an external source are things that should be second nature, at this point. I mean it's not like the Adobe Reader hasn't had security related issues in the past.

Or maybe tools, like Insure++ and others, ARE being used and we're just hearing about code that hasn't been touched or looked at for a while suddenly being exploited.

When will it ever end!!!!!! LOL


Read other 1 answers

This is a minor quirk I've lived with for years on my XO PC but it's become worse in Win 10.

My Ilyama Prolite E2403WS 24" monitor is set to its recommended resolution of 1920 x 1200, and naturally that's supposed to be located at (0,0). But in XP it was always at (-4,-4) and its size was 1928 x 1208. In Win 10 it's at (-8,-8) and size is 1936 x 1216.

Any thoughts on the undelying cause please? And - although I'm very doubtful after my research - a possible cure?

Terry, East Grinstead, UK

Read other answers

Foxit Fix for &#8220;Jailbreak&#8221; PDF Flaw.

According to an advisory Foxit issued last week, Foxit Reader version &#8220;fixes the crash issue caused by the new iPhone/iPad jailbreak program which can be exploited to inject arbitrary code into a system and execute it there.&#8221; If you use Foxit, you grab the update from within the application (&#8220;Help,&#8221; then &#8220;Check for Updates Now&#8221 or from this link.

-- Tom

Read other answers

Don't know if this belongs here or not.
IE Flaw 'extremely critical'

This one goes to 11
By Nick Farrell: Martes 29 Noviembre 2005, 08:32

AN UNPATCHED vulnerability on Internet Explorer is so bad that security expert Secunia has had to add a new category of danger to its rating system.
Instead of being just critical, Secunia says that the unpatched hole is now 'extremely critical' which means that Microsoft were extremely stupid to sit on it for six months.

To be fair to Vole, even Secunia just thought the flaw would only create a denial of service vulnerability when they discovered it in March. DoS vulnerabilities are pretty much ten a penny. However the flaw is caused when IE fails to correctly initialize the JavaScript "Window()" function, when used in conjunction with a event. This means that Internet Explorer encounters an exception when trying to call a dereferenced 32-bit address located in ECX.

However, now S. Pearson, of computerterrorism.com, has worked out that if a Javascript prompt box was of the right size and form to allow the insertion of custom shellcode a remote attacker can execute arbitrary code embedded into an otherwise normal looking Web page.

You can have a look at it in action at www. computerterrorism.com].

There is more on the turning of the screw, here. µ

For more, click here.

Read other answers

On my old XP laptop I was able to come back from "sleep/stand by" and had to re-enter my log in information. I set up my new laptop, an HP X16-1044nr 64 bit Vista to do the same. What I found was that if I left an internet website page open and it went into stand-by, hitting any key; the system doesn’t produce the security log in window. Thus leaving my system vulnerable for anyone to use should I forget and leave a page open. I now make sure I close every window but that’s disturbing. Thanks in advance.

Read other answers

Read more about it here http://www.eweek.com/category2/0,1874,1252525,00.asp

A:sticky:WMF Security Flaw

This is already a sticky thread on the forum:


Read other 1 answers

Adobe patches flaw in graphics tools
CNET News.com

A security flaw in Adobe Systems' popular graphics design software could allow an unauthorized user to change certain program files, the software maker said Thursday. The problem affects Adobe Creative Suite 2, Adobe Photoshop CS2 and Adobe Illustrator CS2 and occurs when the applications are run in shared, multiuser installations, according to an Adobe security advisory.

"If exploited, this vulnerability could allow a hostile user to replace these program files with malicious or harmful code that could read, write, or destroy sensitive data if subsequently run by a privileged user," Adobe said. The company rates the issue "important" and has updates http://www.adobe.com/support/techdocs/332644.html available to correct the security problem. It recommends that customers using CS2 products on shared systems, running either Microsoft Windows or Mac OS, apply these updates.

Read other answers

I'm using this mobo


It currently runs a Pentium 4 3.2Ghtz Prescott socket 478,
and 1 GB (2 X 512) PC 3200 OCZ brand memory.

It originally had a Geforce FX5700LE but I went online and bought a 7800GS AGP to upgrade it.

To my dissapointment, I cannot succesfully install the video card because the close proximity of the memory slots makes it impossible to seat the card in the AGP slot ( as you can see in the picture), and the large size of the 7800GS.

I'm so sad now, I have to get a new mobo

edit: The picture is actually false, the securing clips on my mobo extend to the middle portion of the AGP slot and that's the problem.

Read other answers

Computer industry heavyweights are hustling to fix a flaw in the foundation of the Internet that would let hackers control traffic on the World Wide Web..."It's a very fundamental issue with how the entire addressing scheme of the Internet works," Securosis analyst Rich Mogul said in a media conference call."You'd have the Internet, but it wouldn't be the Internet you expect. (Hackers) would control everything."breitbart.com

Read other answers