Over 1 million tech questions and answers.

Widows Security Flaw

Q: Widows Security Flaw

Microsoft Admits Flaw in Windows Software
By TED BRIDIS
AP Technology Writer
WASHINGTON

Microsoft Corp. acknowledged a critical vulnerability Wednesday in nearly all versions of its flagship Windows operating system software, the first such design flaw to affect its latest Windows Server 2003 software.

Microsoft said the vulnerability could allow hackers to seize control of a victim's Windows computer over the Internet, stealing data, deleting files or eavesdropping on e-mails. The company urged customers to immediately apply a free software repairing patch available from Microsoft's Web site.

The disclosure was unusually embarrassing for Microsoft because it demonstrated the first such serious flaw in the company's powerful new computer server software, billed as its safest ever.

The software is aimed at large corporate customers and was the first product sold under a high-profile "Trustworthy Computing" initiative organized last year by Microsoft founder Bill Gates.

At the product's launch in late April, Microsoft Chief Executive Steve Ballmer declared the new version of Windows to be a "breakthrough in terms of what it means, in terms of its built-in security and reliability."

The flaw, discovered by researchers in western Poland, also affected Windows versions popular among home users.

"This is one of the worst Windows vulnerabilities ever," said Marc Maiffret, an executive at eEye Digital Security Inc. of Aliso Viejo, Calif., whose researchers discovered similarly dangerous flaws in at least three earlier versions of Windows.

Microsoft said corporate firewalls commonly block the type of data connections that hackers outside a company would need for these attacks. The flaw affects Windows technology used to share data files across computer networks.

Maiffret said that inside vulnerable corporations, "until they have this patch installed, it will be Swiss cheese _ anybody can walk in and out of their servers."

Microsoft spent hundreds of millions of dollars on security improvements for its latest Windows software and included new technology to defend against a category of hacker attacks known as "buffer overflows," which can trick software into accepting dangerous commands.

But four Polish researchers, known as the "Last Stage of Delirium Research Group," said they discovered how to bypass the additional protections Microsoft added, just three months after the software went on sale.

The head of Microsoft's security response center, Kevin Kean, said improving Windows software is an ongoing process. "We continue to try to make it better and when we find a situation where techniques we've built into the system are not perfect, we go out and fix them," Kean said.

Microsoft also acknowledged a separate design flaw affecting only Windows XP, but it was deemed less serious because hackers would have to already have broken into a corporate network to attack victims. The company also released a patch for it.

Although the Polish researchers created a tool to demonstrate the more serious vulnerability and break into victim computers, they promised not to release blueprints for such software onto the Internet.

"We're fully aware of the potential impact," group member Tomasz Ostwald said in a telephone interview. "We don't plan to publish this code at the moment. It's too dangerous."

Ostwald said the group, which other experts said was highly regarded in the security community, expected to disclose additional details during technical presentations at upcoming security seminars.

Some experts said they expected hackers to begin using this new vulnerability to break into computers within months. Even without detailed blueprints from researchers, hackers typically break apart the patches Microsoft provides for clues about how to exploit a new flaw.

"We could see it in a week or a year or not at all, but I expect we would see something in a three-month time frame," said Russ Cooper of Herndon, Va.,-based TruSecure Corp.

Internet Security Systems Inc. said the Windows flaw "poses an enormous threat" and raised its alert level to its second notch, reflecting "increased vigilance." The Atlanta-based company operates an early warning network for the technology industry, the Information Technology Information Sharing and Analysis Center.

The announcement came one day after the Department of Homeland Security announced that it awarded a five-year, $90-million contract for Microsoft to supply all its most important desktop and server software for about 140,000 computers inside the new federal agency.

RELEVANCY SCORE 200
Preferred Solution: Widows Security Flaw

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Widows Security Flaw

Go to Windows Update and get the fix.

Read other 2 answers
RELEVANCY SCORE 54.4

Lately ...
Many things I try to do, I get a popup notice that this contains a security flaw .. Do I want to continue ???

Is this because I've installed XP SP3 ??
 

A:Security Flaw

Read other 8 answers
RELEVANCY SCORE 54

Serious security flaw found in IE [bbc]

As many as 10,000 websites have been compromised since last week to take advantage of the security flaw, said antivirus software maker Trend Micro. Click to expand...

I don't want to go on a rant here but the IE team at Microsoft has caused so many problems for so many people, from users to web developers.

Anybody who is currently a user of IE really should take a look at alternate browsers (Firefox, Opera, Safari).
 

A:Serious security flaw found in IE

Read other 16 answers
RELEVANCY SCORE 54

Adobe patches flaw in graphics tools
CNET News.com

A security flaw in Adobe Systems' popular graphics design software could allow an unauthorized user to change certain program files, the software maker said Thursday. The problem affects Adobe Creative Suite 2, Adobe Photoshop CS2 and Adobe Illustrator CS2 and occurs when the applications are run in shared, multiuser installations, according to an Adobe security advisory.

"If exploited, this vulnerability could allow a hostile user to replace these program files with malicious or harmful code that could read, write, or destroy sensitive data if subsequently run by a privileged user," Adobe said. The company rates the issue "important" and has updates http://www.adobe.com/support/techdocs/332644.html available to correct the security problem. It recommends that customers using CS2 products on shared systems, running either Microsoft Windows or Mac OS, apply these updates.
 

Read other answers
RELEVANCY SCORE 54

http://blogs.pcmag.com/securitywatch/2009/07/new_critical_zero-day_vulnerab.php
 

A:FireFox 3.5 Zero day security flaw

Nobody's perfect...
IE7 user
 

Read other 2 answers
RELEVANCY SCORE 54

Read more about it here http://www.eweek.com/category2/0,1874,1252525,00.asp
 

A:sticky:WMF Security Flaw

This is already a sticky thread on the forum:

http://forums.techguy.org/security/431419-m-wmf-patch.html
 

Read other 1 answers
RELEVANCY SCORE 54

In an advisory released Wednesday July 10, Thor Larholm, a security researcher and partner at risk-assessment company PivX Solutions, warned that HTML objects embedded in Web pages and e-mails could carry code that allows an attacker to check out victims' cookie files, read their documents, and execute programs on their computer.

The bug, known as a cross-domain scripting flaw, was discovered on June 25, and information about it has been posted on several security lists since then. Larholm also informed Microsoft of the bug the day it was discovered.

To repair the current problem, Larholm recommended that users disable ActiveX in the security settings for Internet Explorer, or run IE and Outlook in "Restricted" mode, at least until Microsoft releases a patch.

Microsoft said a patch will be available soon.

http://news.com.com/2100-1001-942980.html?tag=fd_top

DS
 

Read other answers
RELEVANCY SCORE 54

Read More Info About It Here

http://www.eweek.com/category2/0,1874,1252525,00.asp
 

Read other answers
RELEVANCY SCORE 54

This might be worth keeping an eye open
http://news.bbc.co.uk/2/hi/technology/7784908.stm
 

A:Serious security flaw found in IE

The same article has already been noted in another section: "Web & Email"

But thanks anyway.
 

Read other 3 answers
RELEVANCY SCORE 54

On my old XP laptop I was able to come back from "sleep/stand by" and had to re-enter my log in information. I set up my new laptop, an HP X16-1044nr 64 bit Vista to do the same. What I found was that if I left an internet website page open and it went into stand-by, hitting any key; the system doesn’t produce the security log in window. Thus leaving my system vulnerable for anyone to use should I forget and leave a page open. I now make sure I close every window but that’s disturbing. Thanks in advance.
 

Read other answers
RELEVANCY SCORE 54

http://news.yahoo.com/s/pcworld/120756

A:Security Flaw in Firefox

ok. i havn't added any trusted sites to my list but am i still at risk? and how can this be patched?

Read other 19 answers
RELEVANCY SCORE 53.2

Computer will not let me download, windows security pops up and says it is harmful, pop up windows come up instead of what i clicked on

Read other answers
RELEVANCY SCORE 53.2

FROM: http://www.usatoday.com/tech/products/2006-12-26-vista-flaw_x.htm?csp=27
NEW YORK — Windows Vista, the new computer operating system that Microsoft is touting as its most secure ever, contains a programming flaw that might let hackers gain full control of vulnerable computers.
Microsoft and independent security researchers, however, tried to play down the risk from the flaw, which was posted on a Russian site recently and is apparently the first affecting the new Vista system released to larger businesses in late November.

The software company said it was investigating the threat but found so far that a hacker must already have access to the vulnerable computer in order to execute an attack.

That could occur if someone is actually sitting in front of the PC or otherwise gets the computer's owner to install rogue software, said Mikko Hypponen, chief research officer for Finnish security research company F-Secure.

"The bottom line is you couldn't use a vulnerability like this to write a worm or hack a Vista system remotely," Hypponen said Tuesday. "It only has historical significance in that it's the first reported vulnerability that also affects Vista. It's a non-event in other ways."

Attackers with low-level access privileges on a vulnerable machine could theoretically use the flaw to bump up their status, ultimately gaining systemwide control, Hypponen said.

The flaw affects older Windows systems, too, and Hypponen said v... Read more

A:First Security Flaw in Vista found

It was only a matter of time.
 

Read other 3 answers
RELEVANCY SCORE 53.2

Hi,

I have reason to believe that the current version of Opera 22.0.1471.50 has a remote code execution flaw. The attacker was able to get in and rename my documents folder to 'public documents'. Also on a day before that, the attacker was able to change the ACL's on a file.
 

A:Opera 22.0.1471.50 security flaw

Read other 6 answers
RELEVANCY SCORE 53.2

Hi Guys
With the amount of Vundo going around i thought i might start a poll - there are a few things i would like to see in relation to Windows Service Packs
David
 

A:Vundo Poll! Is there a Security Flaw?????

Read other 7 answers
RELEVANCY SCORE 53.2

Just recieved THIS notification and thought you Netscape users might want to know.

Kilowatt
 

A:Netscape security flaw exposed

kilowatt1,

Thanks for the news. Glad I am ok with Netscape 4.x
 

Read other 1 answers
RELEVANCY SCORE 53.2

On 12/22/2004, an update for Winamp was published to fix a critical security flaw. Go to http://www.winamp.com and download Winamp 5.08c to fix the problems.

This fix is required for ALL versions of Winamp prior to 5.08c. To determine your version, open Winamp, click Help > About Winamp and check the version number at the bottom of the resulting screen.
 

Read other answers
RELEVANCY SCORE 53.2

Hi, I have just bought on Ebay a Lenovo Thinkpad X201, and run the Intel tool to check if it was vulnerable to the recent discovered security flaw on Intel ME (Critical Firmware Update - Intel-SA-00086) as described on the link bellow: https://www.intel.com/content/www/us/en/support/articles/000025619/software.html The result was that my X201 is vulnerable! So, this is a huge security problem and I need a way to resolve it. I have already run all Windows 10 updates + Lenovo Companion app and it says no more updates are available. I have also search on Lenovo drivers and even on Lenovo dedicated page to this security issue on the link bellow but my model (X201) is not listed: https://support.lenovo.com/pt/en/product_security/len-17297 My question is if anyone knows a solution for this security issue on X201? Any help or advice is really appreciated. Note: On Intel check tool, it says my Intel ME driver current version is 6.1.10.1052 Thanks!

A:X201 - How to fix Intel ME Security Flaw

I think the reason its not on the Lenovo list is your processor is not affected.  Based on the intel link you provided it affects 6th, 7th and 8th generation intel chips.  I do not believe the X201 has those chips. 





TP 25 Retro, W510 850 EVO, A30pRetired 385D, A20p, A21p

Read other 1 answers
RELEVANCY SCORE 53.2

MS flaw highlights e-security laziness
By electricnews.net
Posted: 01/08/2003 at 13:35 GMT

In an unprecedented move, the US Department of Homeland Security has issued a second warning over a Windows flaw that leaves computers vulnerable to attack.

The newly formed US federal government department said in its warning that a critical flaw in certain versions of the Windows operating system, if left unpatched, could leave computers open to dangerous cyber-attacks, some of which have the potential to allow the attacker to take control of a vulnerable system.

The warning comes two weeks after Microsoft issued its own bulletin notifying computer users of the problem and about a week after the Department of Homeland Security issued its first warning urging people and companies to fix their systems.

Essentially, the bug can allow malicious attackers to seize control of users' machines to steal files, read e-mails and launch wide-scale attacks that could damage the Internet as a whole. Microsoft has issued patches on its Web site to let administrators repair systems, but analysts have said that there is still a large proportion of computers plugged in to the Net that remain susceptible to attack.

This is said to be partly because Microsoft issues patches so frequently that they are increasingly being ignored. Last year the software giant issued about 70 patches, and about 30 have been made available this year.

The United States government is said to be especially worr... Read more

A:MS flaw highlights e-security laziness

Perhaps micro$oft should concentrate on a better system this time rather than pumping one out every other year , but then again we'll keep on buyin them won't we ?
 

Read other 3 answers
RELEVANCY SCORE 53.2

Pertains to RealPlayer 8, RealOne Player, RealOne Player v2 for Windows, RealPlayer 10 Beta (English only) or RealPlayer Enterprise. Flaw discovered April 06, 2004.

Details and work around here: http://service.real.com/help/faq/security/040406_r3t/en/
 

Read other answers
RELEVANCY SCORE 52.8

I download books and listen on my VW car radio and my Mp3 player. With XP it was not a problem you just went to options on the OVERDRIVE console and click on upgradeand you were down loading and enjoying. My Avertec died and I went got a HP that had windows 7. It worked at first but would not work with Firefox or Google Cromebrowser. I went to my local library the reference librarian Andy K, and I fixed it.Step 1 open Windows Media Player.Step 2 Go Microsoft Internet Explorer as the browserStep 3 Go to http://drmlicense.one.microsoft.com/Indivsite/en/indivit.aspStep 4 follow steps once or twice it should be successful.Why does Microsoft make it this way G-D only knows.If you have books that you have read and you want to delete before their expiration you may do so in the Document File or Media File. That you have downloaded on the Overdrive Console.E mail with questions

A:Widows Media Security Upgrade 2.5.0.1

The suggestion I got did nothing. My OverDrive Media Consol would not update by click file and then upgrade. So, I went on the internet in search of a 2.5.0.1 upgrade. No such creature. But the website

http://drmlicense.one.microsoft.com/Indivsite/en/indivit.asp

was given to me to update my software. But the button was shadowed and I was unable to click on it to download. Well I finally found answer.

What you need to know and pass on to others having this problem is to go to http://drmlicense.one.microsoft.com/Indivsite/en/indivit.asp
as stated above.. Look at the toolbar and you will see a "broken or torn page" icon. Click on the broken page icon on the tool bar and the ?upgrade? button will appear. Now you can upgrade!

I hope I have helped you,

Read other 2 answers
RELEVANCY SCORE 52.8

Latest SP2 Flaw Bypasses IE Security Zone
By Larry Seltzer
August 21, 2004

Security researchers have discovered another vulnerability in Windows XP Service Pack 2, but it doesn't appear to be an immediate threat.
The researcher who uncovered the drag-and-drop flaw in Windows XP SP2 earlier in the week has reported that a new vulnerability exposes a hole in the lockdown of Internet Explorer's My Computer security zone.

The lockdown of the My Computer zone is one of the major security enhancements in SP2. Web pages in Internet Explorer run in one of several security "zones," each of which has different security rules. Prior to SP2, the My Computer zone—designed for Web pages stored on the computer itself—had extremely permissive rules. In order to take advantage of them, malware attacks frequently exploited vulnerabilities to get their Web-based pages to execute. Microsoft tightened the rules in SP2 to make it a less inviting target.

In the new attack, the use of an unconventional value in the "Content-Location:" field of an MHTML (MIME HTML) file causes the browser to execute the file in the Local Intranet zone, even though it is run from the local computer. This allows scripting operations that are not permitted in the local zone. MHTML files are a variant HTML format in which accessory files, such as images, can be stored as part of the file itself.

While this example does demonstrate a weakness in the local computer lockdown by ... Read more

Read other answers
RELEVANCY SCORE 52.8

New Security Flaw Found In IE, Best Fire Up FireFox

Jan 03

If you?re using Internet Explorer to read this it might be an idea to shut it down now and open up trusty old FireFox instead. Microsoft has today issued an alert to notify users of a critical security flaw in IE.7.0 that could allow hackers to take control of your computer and steal passwords. The company is apparently preparing an emergency patch to fix it but in the meantime simply requests that users remain ?vigilant? against the threat.Microsoft advisors actually ask that you don?t switch because they are trying to get it resolved as soon as possible. Of course it couldn?t be seen to recommend else?s software, but this doesn?t show much consideration for people?s security concerns. Trend Micro security advisor Rick Ferguson is free from such restraint: ?In this case, hackers found the hole before Microsoft did, this is never a good thing. What we?ve seen from the exploit so far is it stealing game passwords, but it?s inevitable that it will be adapted by criminals; it?s just a question of modifying the payload the trojan installs. If users can find an alternative browser, then that?s good mitigation against the threat.? Alternative browsers FireFox, Opera, Chrome and Safari are not vulnerable to the flaw, so if you know what?s good for you best jump on one of these to be safe (most are better than IE anyway). - Paul Lester [BBC] security Internet Explorer Microsoft



New Security Flaw Foun... Read more

A:New Security Flaw Found In IE, Best Fire Up FireFox

I wonder how IE8 fits into this.

Read other 6 answers
RELEVANCY SCORE 52.8

The problem has to do with the way the Firefox and Mozilla browsers handle International Domain Names, or IDNs. IDNs are domain names that use local language characters. The fix disables support for such Web addresses.

Mozilla expects to fix the vulnerability in beta 2 of Firefox 1.5, the next release of the open-source Web browser. Beta 2 is due Oct. 5 and the final release of 1.5 is expected by year's end

Instructions to manually disable IDN: Type "about:config" in the address bar, hit Enter; type "network.enableIDN" in the filter toolbar, hit Enter; right-click the "network.enableIDN" item and select Toggle to change value to false.

If you make the manual change as above, there is no need to download from http://www.mozilla.org. See Cnet.news for the story: Mozilla offers temporary fix for Firefox flaw.

-- Tom
 

Read other answers
RELEVANCY SCORE 52.8

...in Internet Ex-PLODE-r
 
http://blog.chron.com/techblog/2014/04/first-security-flaw-microsoft-wont-fix-in-windows-xp-has-been-found/?cmpid=rrhoustontx

As Microsoft’s creaky and obsolete operating system neared the end of its support life, the company warned that security flaws found after the April 8 deadline would not be patched. Now, a vulnerability has been discovered in all versions of Internet Explorer – including those that work on WinXP.
 
Though there’s no fix at the moment for any version of Windows, there soon will be – except for XP.
 
The flaw affects IE 6 through 11. Versions 6-8 work on Windows XP, but like XP, those versions of Microsoft’s browser no longer get security updates. That means, if you are using IE on XP, you’re vulnerable, with no hope in sight.
 
The obvious workaround is, of course, to use a browser other than Internet Explorer. That’s fine for consumers, but too many businesses still use XP and browser-based apps designed specifically for IE. Those companies that have been slow to dump XP are particularly at risk.
 

A:First XP security flaw Microsoft won’t fix (for free) has been found...

Related topic: New hole in Internet Explorer already under attack to hijack PCs

Read other 1 answers
RELEVANCY SCORE 52.8

New Security Flaw Found In IE, Best Fire Up FireFox

Jan 03

If you?re using Internet Explorer to read this it might be an idea to shut it down now and open up trusty old FireFox instead. Microsoft has today issued an alert to notify users of a critical security flaw in IE.7.0 that could allow hackers to take control of your computer and steal passwords. The company is apparently preparing an emergency patch to fix it but in the meantime simply requests that users remain ?vigilant? against the threat.Microsoft advisors actually ask that you don?t switch because they are trying to get it resolved as soon as possible. Of course it couldn?t be seen to recommend else?s software, but this doesn?t show much consideration for people?s security concerns. Trend Micro security advisor Rick Ferguson is free from such restraint: ?In this case, hackers found the hole before Microsoft did, this is never a good thing. What we?ve seen from the exploit so far is it stealing game passwords, but it?s inevitable that it will be adapted by criminals; it?s just a question of modifying the payload the trojan installs. If users can find an alternative browser, then that?s good mitigation against the threat.? Alternative browsers FireFox, Opera, Chrome and Safari are not vulnerable to the flaw, so if you know what?s good for you best jump on one of these to be safe (most are better than IE anyway). - Paul Lester [BBC] security Internet Explorer Microsoft
New Security Flaw Found In I... Read more

A:New Security Flaw Found In IE, Best Fire Up FireFox

Thanks Norm,

Have not had a security notification from M$ yet on any "out of band" hotfix yet - If I see one will post it here for information

Read other 9 answers
RELEVANCY SCORE 52.8

A security flaw in the PayPal web site is being actively exploited by fraudsters to steal credit card numbers and other personal information belonging to PayPal users. The issue was reported to Netcraft today via our anti-phishing toolbar.The scam works quite convincingly, by tricking users into accessing a URL hosted on the genuine PayPal web site. The URL uses SSL to encrypt information transmitted to and from the site, and a valid 256-bit SSL certificate is presented to confirm that the site does indeed belong to PayPal; however, some of the content on the page has been modified by the fraudsters via a cross-site scripting technique (XSS). http://news.netcraft.com/archives/2006/06/...tity_theft.html

A:Paypal Security Flaw Allows Identity Theft

Well that's no good. I just used Paypal the other day to donate $20 dollar to this site and now you tell me this. So do you recommend closing my paypal account or can they only access my information when I'm actually using it?

Read other 3 answers
RELEVANCY SCORE 52.8

Hi all

On the Hotel "Wired" Network where I logged in I got a whole load of "Device Install" messages

But What are THESE !!!!!!!!! They look like computers attached to the Network
I've got Firewall enabled with MSE turned on but looks like I'm picking up other users Media streamers.
What's going on here --and should I worry about this.

Shame if security is compromised as I'm rather liking W8.

Running W8 32 bit version.


Cheers
jimbo

A:Seems a Huge Flaw with security in W8 -- could be a show stopper

I'm not so much sure that that's a problem on your end, as it is on their end!
I'd say it's just looking for a media-extender driver or something that Microsoft hasn't fully furnished for Windows 8 yet. I wouldn't be concerned that you can see others' computers, but I'd be concerned if they can see yours.

Read other 9 answers
RELEVANCY SCORE 52.8

Experts Spot Security Flaw In Windows Vista Software
Skip directly to the full story.

By ANICK JESDANUN The Associated Press

Published: Dec 27, 2006

NEW YORK - Windows Vista, the new computer operating system that Microsoft Corp. is touting as its most secure, contains a programming flaw that might let hackers gain full control of vulnerable computers.

Microsoft and independent security researchers tried to play down the risk from the flaw, which was posted on a Russian site recently and is apparently the first affecting the Vista system released to larger businesses in late November.

The software company said it is investigating the threat but has found that a hacker must already have access to the vulnerable computer to execute an attack.

That could happen if someone is sitting in front of the PC or otherwise gets the computer's owner to install rogue software, said Mikko Hypponen, chief research officer for Finnish security research company F-Secure Corp.

"The bottom line is you couldn't use a vulnerability like this to write a worm or hack a Vista system remotely," Hypponen said Tuesday. "It only has historical significance in that it's the first reported vulnerability that also affects Vista. It's a nonevent in other ways."

Attackers with low-level access privileges on a vulnerable machine could theoretically use the flaw to bump up their status, ultimately gaining systemwide control, Hypponen said.

The flaw affects ol... Read more

A:Experts Spot Security Flaw In Vista

Yep, been reported here several times.
 

Read other 2 answers
RELEVANCY SCORE 52.8

I have local zip files, and using the built-in compressed folders utility (not WinZip, etc), I open them and drag something out, and get this warning message, "This Page Has An Unspecified Security Flaw", which says Internet Explorer at the top which is unusual because I do not ever use IE, and it is neither running nor my default browser. I googled, and the only promising solution was to go to Internet Options in IE or the control panel, go to Security, Local Intranet, and uncheck the Automatic checkbox but leave the 3 "Include" checkboxes checked. But there IS NO automatic checkbox for me, there are only the Include checkboxes. Adding my local computer to the list of intranet sites, or to the trusted sites, under every computer name or "localhost" or ip imaginable also did not work. Please help I HATE warning messages

Note: I have IE 6, because I never use IE. Also note that I believe this started when I went to Internet Options, Programs, Reset Web Settings in an unrelated in-vain effort to stop firefox from breaking my html icons

Please help me remove the zip warning message
 

A:This Page Has An Unspecified Security Flaw when extracting from zip

SOLVED: this occurred, apparently, only for zips I had downloaded from the internet.

SOLUTION: gpedit.msc, user configuration, attachment manager, enable Do Not Preserve Zone Extensions. May also need to reset security zone settings in Internet Options to medium or low
 

Read other 1 answers
RELEVANCY SCORE 52.8

This guy writes about security issues.

Windows Secure Boot: Insecure by design and mostly likely cant be fixed | Network World

Read other answers
RELEVANCY SCORE 52.8

Yo. I know this sounds silly, but there was this moron in chat last night with one of those malicious boot programs. He suddenly decided to pick on me, sending me IM bombs and stuff. That's no big deal, but supposedly he sent me a virus with this program. I didn't accept the file, but he said I didn't have to because I was "already infected". I think he's just bluffing, but to make sure, I'd like to know if anybody has information on this so called "virus" ..

He said Norton wasn't going to save me, no biggy since I don't USE Norton. >=D but honestly, my anti-virus is fully updated and did not find any malicious files. I even booted in safe mode and went through my system folders searching for suspicious files, but I didn't find any. Still, better safe than sorry, eh? Man I feel like an idiot, but I'm just curious to know if this is even possible. Maybe a security flaw in yahoo messenger? Any information would be most helpful. =D And just FYI I have Win 2k pro.
 

A:Yahoo messenger virus through a security flaw?

Hi..just to double check..run an online virus scan..
http://housecall.trendmicro.com/
http://www.ravantivirus.com/scan/
 

Read other 2 answers
RELEVANCY SCORE 52

When my CA Security is startng up its keeps saying it can't find C:\temp\_is29\, my main drive is D.
It does install but I believe this file maybe something to do with it connecting to look for updates. but am not sure. I believe a recent Windows XP update may have deleted it as it did capf.msi, this one I have fixed but don't know how to fix this one its driving me nuts. I don't know if its Widows problem or CA I cannot find a forum in CA can anyone suggest anything in simple language please. Windows Installer keeps popping up and is trying to configure CA and says it can't find the network source it will allow me to update manually or at leasts it says it uptodate

A:Lost File Widows Iinstaller/ Ca Security

Have you tried uninstalling CA Security from your computer and then reinstalling?

It should replace all files and do the trick

Have a great one

Read other 1 answers
RELEVANCY SCORE 52

Criminals are stepping up their attacks leveraging an unpatched flaw in Microsoft's Internet Explorer browser, using it to install fake antivirus products and malicious back doors on victim's computers.

Microsoft first warned of the bug on March 9, saying that it had been used in "targeted attacks." But now, according to researchers, the exploits are much more widespread. By late last week, security vendor AVG was getting reports of 30,000 attacks per day, according to Roger Thompson, AVG's chief research officer.



Source -
Security companies warn of uptick in attacks using new IE flaw | Security Central - InfoWorld

Read other answers
RELEVANCY SCORE 52

Critical vulnerability in NetUSB driver exposes millions of routers to hacking | PCWorld

Read other answers
RELEVANCY SCORE 52

Security flaw touches Windows Media Player, IEBy Dawn KawamotoStaff Writer, CNET News.comPublished: October 18, 2005, 7:23 AM PDTLast modified: October 18, 2005, 10:44 AM PDTupdate A "critical" flaw that affects both Microsoft's Windows Media Player and Internet Explorer has been uncovered, a security company reported late Monday. The security flaw, which is found in the default installations of Media Player and the IE browser, could let attackers launch a remote execution of code, according to an advisory posted by eEye Digital Security. Systems affected by the flaw include Windows XP with Service Pack 1 and Service Pack 2, Windows NT, Windows 2003 and Windows 2003 SP1, and all versions of Windows 2000.news.com

Read other answers
RELEVANCY SCORE 52

Adobe has issued an emergency patch for a previously undiscovered vulnerability in Flash Player, which the company says is being exploited in the wild.The company said Tuesday that the latest update of the popular browser plugin, version 18.0.0.194 for both Windows and Macs, fixes a security hole that could allow a hacker to take over an affected system."Adobe is aware of reports that CVE-2015-3113 is being actively exploited in the wild via limited, targeted attacks," the company said in a brief advisory.
 

Article

A:Adobe issues emergency fix for Flash zero-day security flaw

Adobe Flash Player Distribution DownloadAdobe Web Players All Downloads

Read other 7 answers
RELEVANCY SCORE 52

Adobe has acknowledged a "critical" security flaw in its Reader, Acrobat and Flash Player software.Adobe says the vulnerability potentially enables hackers to take control of affected computer systems.Users running Windows, Macintosh or Linux might all be open to attack.http://news.bbc.co.uk/2/hi/technology/10257411.stm

A:Adobe acknowledges critical security flaw in software

Thanks for the report Budapest. I will be watching for a new update to get. Adobe is like Windows; BIG. That's why so many bad guys jump on them because they can infect more computers that way. IMHO Windows is doing a better job but I don't git the same feeling from Adobe.

Read other 4 answers
RELEVANCY SCORE 52

Chrome suffers first security flaw.

On Wednesday, researchers announced a flaw in how the Google Chrome browser behaves with undefined handlers. An exploit provided as a demonstration crashes the new browser.

And on Tuesday, mere hours after Chrome was released, researcher Aviv Raff concocted a proof-of-concept demo to show how the Google browser could be made vulnerable to a carpet-bombing flaw and thus open a window for ill-intentioned hackers.

-- Tom
 

A:Google's Chrome browser suffers first security flaw

Read other 7 answers
RELEVANCY SCORE 51.6

Intel has major security flaws in the Management Engine. You need to read the Intel emergency memo from a few hours ago.
In the memo, Intel links a tool to check if your system is vunerable.
Right now neither Dell nor Intel has posted updated software to remedy this critical issue for the XPS 9560 or 9550. 
GET MOVING DELL!!!

A:URGENT - Intel Management Engine - critical security flaw

Lol, ok then.  Well if this is how you feel about security vulnerabilities that Intel has acknowledged and is committing to fix, then I can't wait to see your reaction to the other news that broke about Intel Management Engine last week, which they might NOT fix because "it's not a security vulnerability, it's a feature": thenextweb.com/.../

Read other 5 answers
RELEVANCY SCORE 51.6

When I am on a instant messaging program, I get a pop up message from IE that says "This page has an unspecified potential security flaw. Would you like to continue" and there is YES or NO option and when I click NO the message pop up again, I have to click NO twice to close it. What is the message and how do I stop it from popping up?
 

A:Pop Up message saying "This page has an unspecified potential security flaw....

Read other 15 answers
RELEVANCY SCORE 51.6

Kingston Technology is instructing customers to return certain models of its memory sticks, after the firm discovered a glitch in its DataTraveler Secure flash drives.

The company said in a security notice that the models affected were “privacy” editions of the DataTraveler Secure, DataTraveler Elite and DataTraveler Blackbox.

Kingston said the security flaw could allow a wrongdoer to hack into the memory sticks. “A skilled person with the proper tools and physical access to the drives may be able to gain unauthorised access to data,” warned the vendor.

Kingston added that a number of its USB drives were not affected by the security flaw.

Customers whose drives could be exploited by the security loophole should return the product, where Kingston said it would apply a factory update.

Kingston had claimed that its Data Traveler Secure drive was the first of its kind to protect “100 percent of data on-the-fly via 256-bit hardware-based AES encrpytion.”

Source:Kingston coughs to security flaw in 'Secure' flash drive ? The Register

A:Kingston coughs to security flaw in ‘Secure’ flash driv

Thanks for this information! We have about 20 of them. Thankfully not the ones on the list.

Read other 3 answers
RELEVANCY SCORE 51.6

By James Walker
5 Feb, 2016
"A major security flaw has been found in Avast's SecureZone browser, also known as Avastium, that allows an attacker to remotely read any file on the user's computer, over the Internet. Antivirus firm Avast quickly patched the embarrassing bug.

...

Avastium is based on Chromium, the open-source browser engine originally developed by Google for Chrome but now available for everyone. Avast modified a key security feature in Chromium, removing the protection it offers and exposing the user's filesystem to the Internet."
Major security flaw found in antivirus firm's 'secure' browser
 

A:Major security flaw found in Avast's Secure Browser

These "Secure browsers" Who can tell how much safer are them from other browsers outhere?, I think you should always use a browser because you know a bit about it and it works for you good and safe, not because it's named "any AV Secure Browser".
 

Read other 3 answers
RELEVANCY SCORE 51.6

VPN users are facing a massive security flaw as websites can easily see their home IP-addresses through WebRTC. The vulnerability is limited to supporting browsers such as Firefox and Chrome, and appears to affect Windows users only. Luckily the security hole is relatively easy to fix.

The Snowden revelations have made it clear that online privacy is certainly not a given.

Just a few days ago we learned that the Canadian Government tracked visitors of dozens of popular file-sharing sites.

As these stories make headlines around the world interest in anonymity services such as VPNs has increased, as even regular Internet users don?t like the idea of being spied on.

Unfortunately, even the best VPN services can?t guarantee to be 100% secure. This week a very concerning security flaw revealed that it?s easy to see the real IP-addresses of many VPN users through a WebRTC feature.

With a few lines of code websites can make requests to STUN servers and log users? VPN IP-address and the ?hidden? home IP-address, as well as local network addresses.

The vulnerability affects WebRTC-supporting browsers including Firefox and Chrome and appears to be limited to Windows machines.

A demo published on GitHub by developer Daniel Roesler allows people to check if they are affected by the security flaw.

IP-address leak


The demo claims that browser plugins can?t block the vulnerability, but luckily this isn?t entirely true. There are several easy fixes available to ... Read more

A:Huge security flaw leaks vpn users real ip-addresses

The main issue is about DNS leaks not VPN. I am using a VPN from past 8 months and having no issue with it. The main problem is which VPN you choose, if you choose a good VPN then these types of issues not appear. I choose my VPN after reading this article from a review site. 5 Best VPN Software for Year 2015 Facilitating Ease of Use
 

Read other 1 answers
RELEVANCY SCORE 50.8

A security vulnerability found in a widely-used open-source software has been described as "the most serious bug."
A major vulnerability has been found and fixed in OpenSSH, an open-source remote connectivity tool using the Secure Shell protocol. The flaw was the result of an "experimental" feature that allows users to resume connections
According to a mailing list disclosing the flaw, a malicious server can trick an affected client to leak client memory, including a client's private user keys.
The affected code is enabled by default in OpenSSH client versions 5.4 to 7.1. The matching server code was never shipped, the mailing list said.
The flaw doesn't have a catchy name like some other previous flaws, but disabling client-side roaming support fixes the issue.
The flaw, which is said to be years old, was found by Qualys' security advisory team.
 
Wolfgang Kandek, chief technology officer at Qualys, confirmed in an email that the company disclosed the bugs to the OpenSSH team on January 11, and commended the team for working "incredibly fast" to get a patch out three days later.

"Developers and admins are advised to regenerate and rotate keys to systems they touch, whether for hobby [or] weekend projects, or more sensitive servers -- including Github," he added.
Bottom line? Patch now, and patch fast.

 
 

Article

A:'Serious' security flaw in OpenSSH puts private keys at risk:ZDnet

HeartBleed 2.0?
 
*Frantically checks all administered servers*

Read other 5 answers
RELEVANCY SCORE 50.8

DELL ISN'T HAVING A GOOD WEEK.A second root certificate has been found on its PCs and laptops, that could leave users' personal information vulnerable to hackers.
The second certificate, called DSDTestProvider, is installed by an application called Dell System Detect (DSD), which users are prompted to download and install when they visit the Dell support website. 
Carnegie Mellon University CERT said in an advisory that the flaw allows hackers to create trusted certificates and impersonate sites and launch man-in-the-middle attacks.
 

Article

A:Second security flaw leaves Dell PC users vulnerable to hackers:Inquirer.net

Microsoft reacted to this and updated Windows Defender (and Microsoft Security Essentials) to remove that rogue certificate http://www.zdnet.com/article/windows-defender-removes-potentially-dangerous-dell-certificate/

Read other 1 answers