Over 1 million tech questions and answers.

Internet Flaw Could Let Hackers Take Over The Web

Q: Internet Flaw Could Let Hackers Take Over The Web

Computer industry heavyweights are hustling to fix a flaw in the foundation of the Internet that would let hackers control traffic on the World Wide Web..."It's a very fundamental issue with how the entire addressing scheme of the Internet works," Securosis analyst Rich Mogul said in a media conference call."You'd have the Internet, but it wouldn't be the Internet you expect. (Hackers) would control everything."breitbart.com

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Internet Flaw Could Let Hackers Take Over The Web

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 69.6

A serious LibreOffice flaw can be easily exploited by attackers to deliver malware on computers running a vulnerable version of the popular free and open source office suite.

According to The Document Foundation, which develops the software suite, the vulnerability (CVE-2016-4324) arises from an insufficient check for validity while parsing the Rich Text Format (RTF) character style index.

It is a Use After Free vulnerability that could ultimately allow for malicious code execution. And, unfortunately, it?s easy to exploit.

?A specially crafted RTF document containing both a stylesheet and superscript element causes LibreOffice to access an invalid pointer referencing previously used memory on the heap. By carefully manipulating the contents of the heap, this vulnerability can be able to be used to execute arbitrary code,? says Cisco Talos technical lead of security research Martin Lee.

The attacker has to know how to create such a file, and the trick the targeted user into opening it via a vulnerable version of LibreOffice.

Full Story. Easily exploitable LibreOffice flaw is a godsend for hackers - Help Net Security
 

A:LibreOffice flaw is a godsend for hackers

This is one of the reasons why I don´t understand why people avoid Microsoft Office, unless it is because it's paid. Even though it´s more common in Ms Office every software has its vulnerabilities and sooner or later you´ll know about them. You can get exploited in Ms Office, LibreOffice and others alike, it´s a matter of time.
Sorry bad english.
 

Read other 0 answers
RELEVANCY SCORE 69.6

An attacker could commandeer a computer running the browser simply by crafting a Web page that contains some malicious JavaScript code, Mischa Spiegelmock and Andrew Wbeelsoi said in a presentation at the ToorCon hacker conference here. The flaw affects Firefox on Windows, Apple Computer's Mac OS X and Linux, they said.The flaw is specific to Firefox's implementation of JavaScript, a 10-year old scripting language widely used on the Web. In particular, various programming tricks can cause a stack overflow error, Spiegelmock said. The implementation is a "complete mess," he said. "It is impossible to patch."It looks like they had enough information in their slide for an attacker to reproduce it. I think it is unfortunate because it puts users at risk, but that seems to be their goal.Hackers claim zero-day flaw in Firefox @ CNET NewsEDIT: Mentioning the NoScript extension right about now is probably a good idea.

A:Hackers Claim Zero-day Flaw In Firefox

RETIRED: Mozilla Firefox Multiple Unspecified Javascript VulnerabilitiesUpdate (October 3, 2006): This BID is being retired as reports indicate that these issues are a hoax. The researchers responsible for disclosing these vulnerabilities have claimed that their original reports were not correct...http://www.securityfocus.com/bid/20294/discuss

Read other 2 answers
RELEVANCY SCORE 68.8

Hackers warn of critical flaw in Firefox

02 October 2006 - Two hackers at the ToorCon hacker conference in San Diego said that they’ve found a critical flaw in Firefox that looks, to them at least, impossible to patch.

The hackers, who have been named as Mischa Spiegelmock and Andrew Wbeelsoi, said that someone could execute an attack simply by creating a webpage with malicious JavaScript code. In most attacks, hackers have to get a computer user to download something to the computer, but in this case, they won’t know what hit them.

Windows users are used to facing security threats, but smug Apple and Linux users aren’t immune to this bug, as it affects all versions of Firefox.

Spiegelmock said that malicious code could create a stack overflow error, and called the implementation “a complete mess”.

Mozilla’s security chief Window Snyder took the presentation completely seriously after watch a video of it; she said Mozilla would “do some investigating”, but isn’t happy of the release of the exploit to the wide world of hackers.

The reason that the flaw is so difficult to patch? It’s in the part of the browser that deals with JavaScript.

After hearing that the two hackers know of another 30 unpatched flaws in Firefox, Jesse Ruderman, a Mozilla security staffer, encouraged them to disclose the bugs to Mozilla, who gives away $500 per vulnerability.

Wbeelsoi simply said, “It’s a double-edged sword, but what we’re doing is really for the greater good of the I... Read more

A:Hackers warn of critical flaw in Firefox

Read other 7 answers
RELEVANCY SCORE 68.8

Quote:
Microsoft warned on Wednesday that a flaw in its Internet Explorer browser gives attackers access to files stored on a PC under certain conditions.
"Our investigation so far has shown that if a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location," Microsoft said in a security advisory.

The vulnerability requires that an attacker knows the name of the file they want to access, it said.


Source -
IE flaw gives hackers access to user files, Microsoft says

A:IE flaw gives hackers access to user files, MS says.

Another great post. I hope you know how much we all appreciate this. Thank You Jan

Read other 1 answers
RELEVANCY SCORE 68.4

Android is the most popular mobile operating system on Earth: About 80 percent of smartphones run on it. And, according to mobile security experts at the firm Zimperium, there's a gaping hole in the software — one that would let hackers break into someone's phone and take over, just by knowing the phone's number.
 
Just A Text
In this attack, the target would not need to goof up — open an attachment or download a file that's corrupt. The malicious code would take over instantly, the moment you receive a text message.
 
"This happens even before the sound that you've received a message has even occurred," says Joshua Drake, security researcher with Zimperium and co-author of Android Hacker's Handbook. "That's what makes it so dangerous. [It] could be absolutely silent. You may not even see anything."
 
Here's how the attack would work: The bad guy creates a short video, hides the malware inside it and texts it to your number. As soon as it's received by the phone, Drake says, "it does its initial processing, which triggers the vulnerability."
 

Unfortunately, contract phones like Tracfone or Virginmobile never get patches.
 
Article

Read other answers
RELEVANCY SCORE 68.4

Microsoft won't fix Windows flaw that lets hackers steal your username and password
 

The flaw wasn't considered a major issue until Windows 8 began allowing users to sign into their Microsoft accounts -- which links their Xbox, Hotmail and Outlook, Office, and Skype accounts, among others.
Overnight, the attack got larger in scope, and now it allows an attacker to conduct a full takeover of a Microsoft account. The flaw works because Internet Explorer and Edge (on Windows 10) allow a user to access local network shares but don't fully block connections to remote shares.

 

There's a simple mitigation, according to the group. Don't use Internet Explorer, Edge, or Microsoft Outlook, and don't log in to Windows with a Microsoft account.

 
Greets! 

A:Windows flaw that lets hackers steal your logins

I refuse to use IE or Edge. Windows 10 Cortana forces users to use Edge so there is no way to avoid Edge when doing searches. 
 
http://searchengineland.com/microsoft-says-no-to-other-browsers-248381

Read other 1 answers
RELEVANCY SCORE 68.4

YouTube has been forced to fix a flaw allowing hackers to bombard users with fake pop-up messages and redirect them to adult sites.Hackers placed code in the comments section, under targeted videos, that would run when people watched the clip.http://news.bbc.co.uk/2/hi/technology/10506150.stm

A:Google acts to fix YouTube flaw exploited by hackers

all I can say is, what the heck's wrong with these people!

Read other 2 answers
RELEVANCY SCORE 68.4

IE Flaw Gives Hackers Access to User Files, Microsoft Says.

"Our investigation so far has shown that if a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location," Microsoft said in a security advisory.Click to expand...

-- Tom
 

A:IE Flaw Gives Hackers Access to User Files, Microsoft Says

Never a dull moment with Microsoft.

.
 

Read other 1 answers
RELEVANCY SCORE 66.8

Google and Microsoft are butting heads over the disclosure of vulnerabilities. On Monday, Google revealed a critical flaw in Windows after it gave Microsoft a ten-day window to warn the public about it.
 
Google posted about the zero-day vulnerability on its security blog, saying Microsoft had yet to publish a fix or issue an advisory about the software flaw.
 
"This vulnerability is particularly serious because we know it is being actively exploited," Google said. It lets hackers exploit a bug in the Windows kernel, via a win32k.sys system call, to bypass the security sandbox.
 
The search giant originally told Microsoft about the problem 10 days ago, on Oct. 21. It waited to say anything about it publicly so Microsoft could fix the problem first. But Google has a strict policy of giving vendors only seven days to either publish a patch or issue a warning about a flaw.
 
"Seven days is an aggressive timeline and may be too short for some vendors to update their products," Google said in a blog post in 2013. "But it should be enough time to publish advice about possible mitigations."
 

Article

 

A:Google reveals Windows flaw being exploited by hackers, angering Micros

That is a good find!  Thank you for sharing.  I think MS needs to up their game, things of this nature need not to be out in the wild IMO.

Read other 2 answers
RELEVANCY SCORE 66.8

Google and Microsoft are butting heads over the disclosure of vulnerabilities. On Monday, Google revealed a critical flaw in Windows after it gave Microsoft a ten-day window to warn the public about it.
 
Google posted about the zero-day vulnerability on its security blog, saying Microsoft had yet to publish a fix or issue an advisory about the software flaw.
 
"This vulnerability is particularly serious because we know it is being actively exploited," Google said. It lets hackers exploit a bug in the Windows kernel, via a win32k.sys system call, to bypass the security sandbox.
 
The search giant originally told Microsoft about the problem 10 days ago, on Oct. 21. It waited to say anything about it publicly so Microsoft could fix the problem first. But Google has a strict policy of giving vendors only seven days to either publish a patch or issue a warning about a flaw.
 
"Seven days is an aggressive timeline and may be too short for some vendors to update their products," Google said in a blog post in 2013. "But it should be enough time to publish advice about possible mitigations."
 

Article

 

A:Google reveals Windows flaw being exploited by hackers, angering Micros

That is a good find!  Thank you for sharing.  I think MS needs to up their game, things of this nature need not to be out in the wild IMO.

Read other 1 answers
RELEVANCY SCORE 66.8

DELL ISN'T HAVING A GOOD WEEK.A second root certificate has been found on its PCs and laptops, that could leave users' personal information vulnerable to hackers.
The second certificate, called DSDTestProvider, is installed by an application called Dell System Detect (DSD), which users are prompted to download and install when they visit the Dell support website. 
Carnegie Mellon University CERT said in an advisory that the flaw allows hackers to create trusted certificates and impersonate sites and launch man-in-the-middle attacks.
 

Article

A:Second security flaw leaves Dell PC users vulnerable to hackers:Inquirer.net

Microsoft reacted to this and updated Windows Defender (and Microsoft Security Essentials) to remove that rogue certificate http://www.zdnet.com/article/windows-defender-removes-potentially-dangerous-dell-certificate/

Read other 1 answers
RELEVANCY SCORE 51.2

Good hackers meet to seek ways to stop the bad hackers.

The world of hackers is kind of like the "Star Wars" universe: There's a light side and a dark side of cracking computers.

-- Tom
 

Read other answers
RELEVANCY SCORE 50.4

Alright, let the rant begin:
 
A month back, Comcast backstabbed us and gave us <1 Mbps, when we were paying for 40+ Mbps. After three different routers and three different tech support guys came over, we "solved" the problem. Only not really.
It seems everywhere else the internet is fine. On this computer though (HP Pavilion p7-1534 PC, running Windows 8) it's anything but fine. The problem is that the connection randomly drops and says "Limited" in the Networks panel. I can reconnect immediately, but I play Wizard101 and once you lose connection for the slightest second, you have to restart the entire program (Which takes close to a minute). It has also been bothering other users of this computer.
 
Another odd thing is that, when I try to check the "Connect Automatically" box, and we lose connection again, the box NEVER stays checked. Even weirder, ALL of the other networks in my area have the "Connect Automatically" box checked. I think this may be part of the problem.
 
I am an avid hater of Windows 8 because nothing seems to work, including this. The internet was working fine until Comcast backstabbed us, but now I think it is just the computer.
 
Any ideas how to solve this? I am getting REALLY tired of it.
Thanks in advance for any help.
 
One more thing: We have no bandwidth problems, it just randomly dorps. My parents are considering buying a booster, would that solve the problem?

A:Internet Flaw

 
 
It seems everywhere else the internet is fine. On this computer though (HP Pavilion p7-1534 PC, running Windows 8) it's anything but fine. The problem is that the connection randomly drops and says "Limited" in the Networks panel. I can reconnect immediately, but I play Wizard101 and once you lose connection for the slightest second, you have to restart the entire program (Which takes close to a minute). It has also been bothering other users of this computer.
 
Any ideas how to solve this? I am getting REALLY tired of it.
Thanks in advance for any help.
 
One more thing: We have no bandwidth problems, it just randomly dorps. My parents are considering buying a booster, would that solve the problem?
 

Try replacing the network cable for that computer if that doesn't resolve the issue. Then next thing you can do is to try to do a system restore/ or update your Ethernet adapter drivers.

Read other 4 answers
RELEVANCY SCORE 49.6

About this flaw mentioned in the following articles:

New Web Attack Exploits Unpatched IE Flaw
Robert McMillan, IDG News Service
Dec 9, 2008 8:20 am
http://www.pcworld.com/article/155190/new_web_attack_exploits_unpatched_ie_flaw.html

Microsoft Security Advisory (961051)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
Published: December 10, 2008 | Updated: December 13, 2008
http://www.microsoft.com/technet/security/advisory/961051.mspx

Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer. Our investigation so far has shown that these attacks are only against Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008.Click to expand...

Question:
I am using IE7 and Windows Vista, does the security update KB958215 fix the above IE7 zero day flaw on Windows Vista?

Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB958215)
http://go.microsoft.com/fwlink/?LinkId=133437

Thanks.
 

A:Internet Explorer 7 zero-day flaw

Read other 13 answers
RELEVANCY SCORE 49.2

Overview:It has been discovered that an adware purveyor has leveraged two security flaws (one of which was previously undetected, a "zero day") in Microsoft's Internet Explorer browser to surreptitiously install a toolbar on victims' computers that triggers pop-up adsAdditionally, as a public service to the network security community, eEye Digital Security has developed utilities to assist with the remediation of the flaws these attacks are leveraging. To download these tools please visit:http://www.eeye.com/html/research/alerts/AL20040610.html

Read other answers
RELEVANCY SCORE 49.2

A flaw that was discovered in Internet Explorer 6 months ago was determined to be more critical that originally thought. http://www.security.ithub.com/article/Unpa...d/166164_1.aspxTo keep yourself safe from this security flaw, disable active scripting for untrusted sites.

Read other answers
RELEVANCY SCORE 49.2

sorry for the caps, now im a firefox users, but i found this out on yahoo, Even thou im not a IE user,i thought you guys should be warned..
http://tech.yahoo.com/blogs/null/111811

Read other answers
RELEVANCY SCORE 48.8

I just read this article on IE having a major security issue and I have to say it makes me very concerned. They say to use Firefox, Chrome, or Opera. Are these really secure?Which is the best one?Here is the article: http://tech.yahoo.com/blogs/null/111811Thanks

A:Major flaw revealed in Internet Explorer

IE has always been targeted by hackers and malware programmers because it has the lion's share of the browser market and will cause the most disruption (just as they like it) This makes vulnerabilities look worse than they are.

I think there is a general move to recommend alternative browsers such as Firefox or Opera because of this and there is certainly no big reason to stick with IE other than familiarity.

My advice is to try FF or Opera (or Chrome, though this is still in the early stages) and see what you think. The basic features are similar in style and use so it isn't a big step.

Of course, If (or some people would say, when) FF overtakes IE and the malware developers switch their attention to another browser they may decide to offer advice the other way

Read other 4 answers
RELEVANCY SCORE 47.6

Researchers at computer giant HP have published exploit code that can be used to attack a weakness in Internet Explorer, after Microsoft refused to issue a patch.In a blog post, Dustin Childs, HP senior security content developer, said the move to publish the flaw was not out of "spite or malice," but was in accordance with its own disclosure policy.
 
The bug allows an attacker to bypass Address Space Layout Randomization (ASLR), which acts as one of the many lines of defense in the popular browser. But the flaw only affects 32-bit systems, which the HP researchers said still affects millions of systems, even if many systems nowadays are 64-bit.
 

Article

A:Exploit code released for unpatched Internet Explorer flaw

John...I always err on the side of providing folks with more info rather than less. So good for HP and their policy.

Read other 1 answers
RELEVANCY SCORE 47.6

 
A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses, security researchers say.
The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites, including household names, and small Internet sites. Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems.

http://www.nytimes.com/2014/08/06/technology/russian-gang-said-to-amass-more-than-a-billion-stolen-internet-credentials.html?_r=1
 
Might be time to change those passwords

Read other answers
RELEVANCY SCORE 47.2

A couple of weeks ago I installed Windows 8 (fresh install from scratch, not an update) on my computer. I do a lot of web browsing and over the last couple of weeks I've been using Windows 8, I could swear the web browsing wasn't as fast at it used to be on Windows 7.
I then noticed I was having major issues bringing up my router's control panel (ASUS RT-N56U) so thinking it was my router I upgraded the firmware. Turned out, the Avast Anti-Virus I was running has issues with Windows 8. I removed AVAST and turned on Windows Defender (which in Windows 8 is also an anti-virus program now referred to MSE - Miscrosoft Security Essentials). MSE has gotten fairly good reviews so I decided to use it, for maximum compatibility with Windows 8.

However, although the router control panel would now come up okay, browsing still seemed to not be quite as fast as it used to be. I sat down at the old 5-year old Dell Desktop next to me that is running Windows 7, both computers were connected to the router via Gigabit Ethernet. I tested network speeds with Speedtest.net to make sure they were both getting the same Internet speeds (which they were.) I found a couple 'heavy' web pages to test:

www.epicurious.com (home page)
sports.yahoo.com (home page)

The browsing was MUCH faster on the Windows 7 machine!! So I decided to do more of a controlled test.

The Samsung Notebook is a Series 6 Core i5 with 6GB RAM and 64GB SSD running Win 8 Pro 64-bit. Windows Experience sco... Read more

A:Windows 8 Flaw? Slow Web Browsing Chrome, Firefox, IE, Internet Problem?

Read other 6 answers
RELEVANCY SCORE 46.8

Hackers target freshly uncovered Internet Explorer hole dated March 9, 2010

Microsoft on Tuesday warned that hackers are targeting a freshly-uncovered weakness in some earlier versions of its Internet Explorer (IE) Web browser software.

Microsoft said it is investigating a hole that cyber attackers are taking advantage of in IE 6 and IE 7.Click to expand...

-- Tom
 

A:Hackers target freshly uncovered Internet Explorer hole

Yep. I had previously read about it here.

Another good reason for upgrading to IE8.

---------------------------------------------------------------
 

Read other 1 answers
RELEVANCY SCORE 46.8

Microsoft has issued an emergency update to patch a critical vulnerability that affects all supported versions of Internet Explorer. If you haven't already installed the fix, it's recommended that you do so ASAP as hackers are said to be actively...

Read more
 

A:Microsoft rolls out emergency fix for critical flaw affecting all versions of Internet Explorer

Do NOT install the recommended updates. M$ has secretly hidden an nVIDIA driver there. None of the recommended updates' details say ANYTHING about any of them being a display driver or driver for that matter. After a restart, it even went as far as turning DSR on GLOBALLY (2.00x) and after trying to uninstall the driver and everything with it (physx, 3D etc) the end result was nothing named nVIDIA was in add/remove or Revo Uninstaller.

I did a Clean Custom Install (driver and PhysX only) of the same driver and the proper entries are installed and showing in add/remove.

I have not had a single graphics driver appear in Windows Update until today. Something really freaking fishy is going on. I am running Windows 8.1.
 

Read other 7 answers
RELEVANCY SCORE 46

A couple of weeks ago I installed Windows 8 (fresh install from scratch, not an update) on my computer. I do a lot of web browsing and over the last couple of weeks I've been using Windows 8, I could swear the web browsing wasn't as fast at it used to be on Windows 7.
I then noticed I was having major issues bringing up my router's control panel (ASUS RT-N56U) so thinking it was my router I upgraded the firmware. Turned out, the Avast Anti-Virus I was running has issues with Windows 8. I removed AVAST and turned on Windows Defender (which in Windows 8 is also an anti-virus program now referred to MSE - Miscrosoft Security Essentials). MSE has gotten fairly good reviews so I decided to use it, for maximum compatibility with Windows 8.

However, although the router control panel would now come up okay, browsing still seemed to not be quite as fast as it used to be. I sat down at the old 5-year old Dell Desktop next to me that is running Windows 7, both computers were connected to the router via Gigabit Ethernet. I tested network speeds with Speedtest.net to make sure they were both getting the same Internet speeds (which they were.) I found a couple 'heavy' web pages to test:

Epicurious.com: Recipes, Menus, Cooking Articles & Food Guides (home page)
sports.yahoo.com (home page)

The browsing was MUCH faster on the Windows 7 machine!! So I decided to do more of a controlled test.

The Samsung Notebook is a Series 6 Core i5 with 6GB RAM and 64GB SSD running... Read more

Read other answers
RELEVANCY SCORE 36.4

I found it in my startup through msconfig. I have no idea what it is.
Loads from the c:\docume~1\admini~1\applic~1\find01~1\dvd flaw.exe

A:Dvd Flaw.exe What Is It?

to BC easye35Googling on this name came up empty. The single flaw.exe was reckognized as malware. If you do CTRL ALT DEL do you see it running under processes?Please downloadProcessExplorer and see where it is refering to by selecting the process and post it here

Read other 4 answers
RELEVANCY SCORE 36.4

Zero day IE7 security flaw:

http://threatpost.com/en_us/blogs/new-zero-day-flaw-discovered-ie7-112209
 

Read other answers
RELEVANCY SCORE 36.4

Microsoft Corp., a worldwide leader in operating systems and Internet technologies, announced that it has found a major flaw in Windows XP operating system that is related to the JPEG image format.

An attacker could infiltrate the user's computer by tricking the user into opening a specially coded JPEG file. Microsoft has released a patch and a specialized tool that will scan for the aforementioned vulnerability. The software giant stated that this flaw does not affect users with Windows XP Service Pack 2.

The flaw affects Windows XP, Windows 2003 Server Edition, and later versions of Microsoft Office. Some users with older Microsoft operating systems may also be affected only if they are running specialized image editing software such as Digital Image Pro and Visio 2002.

Here is a link to a plethora of information on this flaw.
 

A:Another Flaw With MS?

Deke said:

The software giant stated that this flaw does not affect users with Windows XP Service Pack 2. Click to expand...

So the moral is - get SP2 !
 

Read other 1 answers
RELEVANCY SCORE 36.4

A German mathematician called Martin von Gagern found a bug in GnuTLS , an open-source library that implements TLS...http://www.malwarecity.com/blog/devil-in-t...etails-287.html

Read other answers
RELEVANCY SCORE 36

MyNetscape

Sunday, Sept. 1, 2002
Security Flaw Found in Microsoft Web Browser
SAN FRANCISCO (Reuters) - Security researchers on Monday
said they have found serious flaws in Microsoft Corp.'s
Internet Explorer browser and in PGP, a widely used data
scrambling program, that could expose credit card and other
sensitive information of Internet users.
The Internet Explorer (IE) problem has been around for at
least five years and could allow an attacker to intercept
personal data when a user is making a purchase or providing
information for e-commerce purposes, said Mike Benham, an
independent security researcher based in San Francisco.
"If you ever typed in credit card information to an SSL
site there's a chance that somebody intercepted it," he added.
Internet Explorer fails to check the validity of digital
certificates used to prove the identity of Web sites, allowing
for an "undetected, man in the middle attack," he said.
Digital certificates are typically issued by trusted
certificate authorities, such as VeriSign Inc., and used by Web
sites in conjunction with the Secure Sockets Layer (SSL)
protocol for encryption and authentication.
Anyone with a valid digital certificate for any Web site
can generate a valid certificate for any other Web site,
according to Benham.
"I would consider this to be incredibly severe," he added.
Cryptography expert Bruce Schneier agreed.
"This is one of the worst cryptographic vulnerabilities
... Read more

Read other answers
RELEVANCY SCORE 36

See: http://www.eweek.com/article2/0,1895,1850357,00.asp
'Killbit' Workaround for Zero-Day IE Flaw Available <-- DO NOT USE!!!!!!!!!

Note: Use Microsoft pre-patch workaround instead!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

The utility sets the "killbit" for Msddds.dll (Microsoft DDS Library Shape Control), the COM object that can cause browser crashes—and remote code execution—via specially crafted Web pages.

Once the "killbit" is set to prevent the use of Msdds.dll as an ActiveX, all applications that use the COM object utility will break.

Microsoft has already issued an advisory confirming the severity of the flaw and providing pre-patch workaround to help block known attack vectors. See advisory here:
http://www.microsoft.com/technet/security/advisory/906267.mspx

-- Tom
 

Read other answers
RELEVANCY SCORE 36

Microsoft is investigating a new flaw in the Windows operating system but didn't provide details on their Security Response Center Blog....we?re looking into new public proof of concept code around a possible vulnerability in Microsoft Windows. So far we?re not aware of any attacks attempting to use vulnerability or any customer impact, but we wanted to let everyone know we?re investigating.What we know at the moment is that the vulnerability can be attacked through Internet Explorer and requires user interaction on the page before the attack can occur...blogs.technet.com

A:Another Windows Flaw

Astronaut: Houston we have a problem...

Houston: What is it?

Astronaut: We can't tell you.

Houston: Why not?

Astronaut: Because it hasn't occured yet...

Houston: Then how do you know it will happen?

Astronaut: We saw some code laying around...

Houston: So.. we always have sloppy work

Astronaut: Correct, however, this is leading to an "unknown" problem...

laymans terms of what Microsoft is doing.

Read other 1 answers
RELEVANCY SCORE 36

Found this today.

"New Windows zero-day flaw bypasses UAC"
http://www.informationweek.com/shar...ZW0ACXQE1GHPCKHWATMY32JVN?articleID=228400132
 

A:New Zero-Day Flaw Bypasses UAC

good read
 

Read other 1 answers
RELEVANCY SCORE 36

Lately ...
Many things I try to do, I get a popup notice that this contains a security flaw .. Do I want to continue ???

Is this because I've installed XP SP3 ??
 

A:Security Flaw

Read other 8 answers
RELEVANCY SCORE 36

Here's another beauty - JavaVM is at it again
Flaw in Microsoft VM JDBC Classes Could Allow Code Execution (Q329077)
http://www.microsoft.com/technet/security/bulletin/MS02-052.asp

------
Just noticed it's been rolled into the security post at the top - mod should delete this one.
 

A:JavaVM flaw

That's ok, the additional heads-up can't hurt. They really should provide another download link for the patch other than the update site, as not everyone can get there; it's not on any of their other download sites yet that I can see.
 

Read other 1 answers
RELEVANCY SCORE 36

I think I've found a major flaw in the audio systems for Windows 7. I'm not sure if it could just be my computer, but it's quite annoying, since I change audio ports a lot for recording.

What happens is if I change my Sound out -> Headphones/Speakers port to the other one like lets say from Headphone port (front) to the Speakers port (back) all my sounds will completely cut out, and Windows will begin to lag until I restart my computer. In iTunes, if I try to play a song at this point, iTunes will either lock up or refuse to play the song.

I am running Windows 7 Home Premium 64-bit.
My sound card is a Realtek HD Integrated Audio Chipset.

A:Major Flaw? (Win 7)

Do you have the latest drivers for your sound card?

Read other 5 answers
RELEVANCY SCORE 35.6
Q: Hackers

I am really ignorant when it comes to protecting my computer from hackers. I worry because of bank details etc., and using credit cards. Cany you recommend anywhere i can go on the internet which would give good advise to a novice that is easy to understand. Thanks

A:Hackers

Hello homely53Welcome to BC!I suggest you start right here at BC in this forum AntiVirus, Firewall and Privacy Products and Protection Methods.Peruse that forum and feel free to ask any other questions you have in the forums.regards,Koan

Read other 2 answers
RELEVANCY SCORE 35.6
Q: hackers

recently i downloaded avg antivirus. It found 14 viruses 9 of them said they were back doors. before i restarted windows xp i got a brief error message saying something about a black trojan horse. i then installed zonealarm and it is constantly blocking access to: ICMP Echo Request ('ping')), and TCP port 135. Is this a hacker trying to get back in the back doors or something if you have any ideas or information let me know
 

A:hackers

go to http://www.merijn.org/files/hijackthis.zip , and download 'Hijack This!'.
Unzip it and make sure it is unzipped & placed into it's own folder, not a temporary folder. Then doubleclick the Hijackthis.exe.
Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.
 

Read other 1 answers
RELEVANCY SCORE 35.6

Hello, I play on-line games, but there are people who take things too far. A person has threatened to hack my computer using my IP. I have his IP as well, but I'd like to ask how to deal with these people. I fear merely reporting their IP to their company would stop this kind of threat. What should I do?

A:Hackers.

all you can really do is make sure you have firewall and antivirus in place, but you could get an ip changer, depends how good he is and its probably just a bluff anyway!

Read other 6 answers
RELEVANCY SCORE 35.6
Q: Hackers

Recently I started hosting my website on a non profit making website. However the other day the webmaster of the site Graham had a hack attack and all of the users files were deleted. The website has been torn down by these hackers who call themselves the IO crew. Has anyone else heard of stories like this and does anyone know who the hackers are ? To read the full story of ehat happened click the link below.
View Story​​​​
 

Read other answers
RELEVANCY SCORE 35.6

Zone alarm had blocked 1278 intrusions attempts 8 high rated and blocked 82 access attempts.
Why so many?
 

A:How come to many hackers

Hi Afinogenov,

Most of these intrusions are not real ones; they are network background noises as ZoneLabs call them.
Have a look to your 8 high rated intrusions, see if they have not outgoing direction : this would mean some of your softwares or spywares try to connect the Internet.
If you find out that there are some unknown processes, scan your system with stuff like Ad-aware or Spy-Bot.
 

Read other 1 answers
RELEVANCY SCORE 35.6
Q: Hackers

Last month, I was hit with over 3800 dollars in theft from my debit card. Someone evidently got ahold of my number off my computer, the internet, etc. and was charging mainly hobby supplies, RC trucks, etc. with many going UPS to Russia.

I read on drudge yesterday about all of leaks in IE, that enabled hackers to do this, etc. This article indicated to use another browser such as Mozilla.

I am more than a little concerned that this could happen again, even though I always kept the patches up to date, etc.

What is the best way to minimize this from happening? I thought about using Mozilla when ordering with credit card, and IE when surfing, etc.

But anyway, what is the truth about the vulnerablity? And is there a way to completely eliminate the problem?

We are on a cablemodem home network, but run firewalls, etc.

Any ideas appreciated .
 

Read other answers
RELEVANCY SCORE 35.6
Q: Hackers

I have windows xp and someone from microsoft or they said they were from microsoft, showed me that i had four other people on my computer. Is there anything i can do for free

A:Hackers

and welcome to the Forum

Microsoft does not call anyone . . that was a fishing call, trying to sell you some junkware

Read other 3 answers
RELEVANCY SCORE 35.6

how can you tell if someone has infiltrated your system, i have xp and i know that the firewall that came built in isn't the best in the world and i just installed an additional firewall to be safe. but is there some way i can tell if someone has been snooping around because a so called reformed hacker friend of mine has been dropping these little hints..
help!
 

A:Hackers!

Run an antivirus. That might turn up some trojans or other backdoor things that could be on your system. Other than that just be careful of what you run and do while using your computer.
 

Read other 12 answers
RELEVANCY SCORE 35.6

My PC has been acting funny the last few days, and I talked to this dude who apparantly is a hacker and writes programs that can erase harddrives etc.

Im wondering if he has already hijacked my PC. He says his programs are not traceable to any virus scan programs, so this worries me even moreso.

Take a look, anything look out of the ordinary?

Logfile of HijackThis v1.97.7
Scan saved at 10:04:27 PM, on 3/28/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\America Online 8.0\waol.exe
C:\Program Files\America Online 8.0\shellmon.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Owner\Desktop\Hija... Read more

A:Hackers?

Clean

BTW, I'd tell you're friend whos a l337 h4x0r to stop making up things. Don't believe everything you hear.
 

Read other 3 answers
RELEVANCY SCORE 35.6
Q: hackers

hi all----ive had some problems that are pretty serious, i need some fast help! my brother has someone that has hacked into his computer and is deleting files and using theire account info on aol and other places, making calls with their information and such. anyhow, i think the same is happening to my computer as i am having 32 processes running now and am getting unknown internet explorer search windows to pop up. is there anything my brother can do to stop this guy from deleting files from his computer? he has rebooted into safe modeand dosent want to get back online until he has a plan. thanks
 

A:hackers

Welcome to TSG

GO Here http://forums.techguy.org/t110854.html

Pass this on to your brother as well and have him come to this site and start his own thread if he can . The following will get you both started cleaning things up .

Download Spybot Search and Destroy and Ad-Aware SE

UPDATE them both

Run a full system scan with Ad-Aware SE getting rid of all it finds

Do a scan with Spybot and get rid of all ticked off in red

Do a scan with Housecall and Panda Active Scan

REBOOT

Download Hijack This 1.99.1 Follow the directions and do a scan then post a copy of the log here for someone to analyze
 

Read other 1 answers