RealPlayer vulnerable in Internet Explorer
,----[ Quote ]
| To avoid the loss of functionality, security experts recommend using
| RealPlayer in a browser that doesn't support ActiveX, such as Mozilla Firefox
| (for Windows and Mac).
`----
http://www.news.com/8301-10784_3-9890945-7.html?part=rss&subj=news&tag=2547-1_3-0-20
New in Heise (probably an update on older reports):
Pentagon cyber attack more serious than previously assumed
,----[ Quote ]
| However, the new magazine report claims that malicious code, which exploits a
| hole in Microsoft Windows, was detected in various portions of the network
| during network infrastructure reorganisation.
`----
http://www.heise.de/english/newsticker/news/104819/from/rss09
Related:
Chinese military hacked into Pentagon
,----[ Quote ]
| The Chinese military hacked into a Pentagon computer network in June in the
| most successful cyber attack on the US defence department, say American
| officials.
`----
http://www.ft.com/cms/s/0/9dba9ba2-5a3b-11dc-9bcd-0000779fd2ac.html
China Crafts Cyberweapons
,----[ Quote ]
| The Defense Department reports China is building cyberwarfare
| units and developing viruses.
`----
http://www.pcworld.com/article/id,132284-pg,1/article.html(News)
German constitutional protection authorities foresee "secret service
procurement offensive"
,----[ Quote ]
| ...if Chinese attackers really had penetrated government computers, this
| would pose a risk even if no confidential data was involved. "It is possible
| to find out many things in this way - appointments, responsibilities, who is
| working on what - this is the first step in carrying out classical
| espionage," said Möller.
`----
http://www.heise.de/english/newsticker/news/95236/from/rss09
Politicians want to be informed on Chinese Trojan attacks
,----[ Quote ]
| Ruprecht Polenz (CDU), chairman of the Committee on Foreign Affairs,
| said: "If there is clear evidence that the Chinese state is responsible for
| these attacks, we cannot let the matter rest." According to a Spiegel report,
| the Federal Office for the Protection of the Constitution assumes that
| experts of the Chinese army have conducted the online espionage attacks
| against the Federal Chancellery, the ministry of economics, the ministry of
| research and also the ministry of foreign affairs.
`----
http://www.heise.de/english/newsticker/news/94983/from/rss09
Estonia suspects Kremlin in Web attacks
,----[ Quote ]
| He said more than 1 million computers worldwide have been used in
| recent weeks to attack Estonian government and business Web sites
| since a dispute arose with Moscow over Estonia's moving of a
| Soviet-era war memorial from downtown Tallinn.
`----
http://www.cnn.com/2007/TECH/internet/05/17/estonia.cyber.attacks.ap/index.html?eref=rss_tech
U.S. cyber counterattack: Bomb 'em one way or the other
,----[ Quote ]
| If the United States found itself under a major cyberattack aimed
| at undermining the natio's critical information infrastructure,
| the Department of Defense is prepared, based on the authority of
| the president, to launch a cyber counterattack or an actual
| bombing of an attack source.
`----
http://www.networkworld.com/news/2007/020807-rsa-cyber-attacks.html
US plans for cyber attack revealed
http://www.theinquirer.net/default.aspx?article=37563
Homeland Security sees cyberthreats on the rise
,----[ Quote ]
| To test the nation's response to a cyberattack, the Department
| of Homeland Security plans to hold another major exercise,
| called Cyberstorm II, in March 2008, Garcia said. A first
| such exercise happened early last year.
`----
http://news.com.com/2100-7355_3-6157809.html?part=rss&tag=2547-1_3-0-20&subj=news
http://tinyurl.com/2dpbmv
Zombie botnets attack global DNS servers
,----[ Quote ]
| Hackers launched a sustained attack last night against key root servers
| which form the backbone of the internet.
|
| Security firm Sophos said that botnets of zombie PCs bombarded the
| internet's domain name system (DNS) servers with traffic.
|
| "These zombie computers could have brought the web to its knees,"
| said Graham Cluley, senior technology consultant at Sophos.
`----
http://www.vnunet.com/vnunet/news/2174383/zombie-botnets-attack-global
Perspective: Microsoft security--no more second chances?
,----[ Excerpt ]
| CNET News.com's Charles Cooper says the software maker is running out
| of excuses for a history of poor security.
`----
,----[ Quote ]
| As if Homeland Security Secretary Michael Chertoff didn't have enough on
| his plate.
|
| Not only has he had to deal with Katrina and Osama. Now he's also got to
| whip Steve Ballmer and the crew at Microsoft into shape. If past is
| prologue, that last task may be the most daunting of all.
`----
http://news.com.com/2010-1002_3-6104512.html?part=rss&tag=6104512&subj=news
Botnet 'pandemic' threatens to strangle the net
,----[ Quote ]
| Cerf estimated that between 100 million and 150 million of the
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^
| 600 million PCs on the internet are under the control of hackers,
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
| the BBC reports. "Despite all that, the net is still working,
| which is pretty amazing. It's pretty resilient," he said.
`----
http://www.theregister.co.uk/2007/01/26/botnet_threat/
EveryDNS, OpenDNS Under Botnet DDoS Attack
,----[ Quote ]
| The last time the Web mob (spammers and phishers using botnets)
| decided to go after a security service, Blue Security was forced
| to fold and collateral damage extended to several businesses,
| including Six Apart.
`----
http://securitywatch.eweek.com/exploits_and_attacks/everydns_opendns_under_botnet_ddos_attack.html
Be prepared: ActiveX attacks will persist
,----[ Quote ]
| A recent string of high-profile ActiveX vulnerabilities caused the U.S.
| Computer Emergency Readiness Team (US-CERT) to advise users to disable the
| ubiquitous Microsoft browser plug-in technology altogether.
`----
http://www.infoworld.com/article/08/02/19/08NF-activex-horror_1.html
ActiveX Controls Out of Control
,----[ Quote ]
| The federal agency's warning to disable all Internet Explorer ActiveX
| controls might as well be recommendation to use Firefox—or Opera or Safari.
| Hey, AOL, are you sure about pulling the plug on Netscape?
`----
http://www.microsoft-watch.com/content/security/activex_controls_out_of_control.html?kc=MWRSS02129TX1K0000535
The feds weigh in on Windows security
,----[ Quote ]
| "The benefits of this move are enormous: Common, secure configurations
| can help slow botnet spreading, can radically reduce delays in patching,
| can stop many attacks directly, and organizations that have made the
| move report that it actually saves money rather than costs money,"
| Paller wrote.
`----
http://news.zdnet.com/2100-1009_22-6172158.html
Yahoo IM affected by ActiveX vulnerabilities
,----[ Quote ]
| On the heels of ActiveX vulnerabilities in the image uploading tools for
| Facebook and MySpace.com, researchers warned Monday that Yahoo Instant
| Messenger and Yahoo Messenger are vulnerable to ActiveX-based attacks.
`----
http://www.news.com/8301-10789_3-9864333-57.html?part=rss&subj=news&tag=2547-1_3-0-20
Exploit for 'extremely critical' Yahoo Jukebox vuln goes wild
http://www.theregister.co.uk/2008/02/05/yahoo_jukebox_vuln/
'Highly critical' security bug bites HP Virtual Rooms
,----[ Quote ]
| The vulnerability in HP Virtual Rooms resides in the ActiveX client used to
| install the service on users' PCs, according to this advisory posted Tuesday
| on the Full-Disclosure mail list. Vulnerability tracking service Secunia
| rates it "highly critical," because it can be used by attackers to compromise
| a user's machine.
`----
http://www.theregister.co.uk/2008/01/22/hp_virtual_rooms_security_bug/
'Bricking' bug threatens most HP, Compaq laptops
,----[ Quote ]
| In a post to the milw0rm.com Web site Wednesday, a Polish security researcher
| who used the alias "porkythepig" spelled out a pair of vulnerabilities in an
| ActiveX control used by HP's Software Update, the patch management program
| bundled with virtually every HP- and Compaq-branded laptop.
`----
http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9053818&intsrc=hm_list
Rogue ActiveX controls menace users
,----[ Quote ]
| Flaws in ActiveX controls are being increasingly used to run security
| exploits.
|
| [...]
|
| An attack exploiting this vulnerability can lead to arbitrary code execution
| by a remote attacker," a blog posting by Symantec researcher Parveen
| Vashishtha warns.
`----
http://www.theregister.co.uk/2007/10/24/activex_vulns/
RealPlayer Attack Circulating
,----[ Quote ]
| The attack exploits a flaw in an ActiveX browser helper object, software that
| RealPlayer employs to help users who are experiencing technical difficulties,
| so the PC must be using the Internet Explorer browser to be affected by this
| particular attack, Symantec said.
`----
http://news.yahoo.com/s/pcworld/20071020/tc_pcworld/138706
Yahoo! battered by second ActiveX vulnerability
,----[ Quote ]
| The vulnerabilities affect versions of Yahoo! Messenger 8.x prior to version
| 8.1.0.419, released late last week. Users are urged to upgrade.
`----
http://www.theregister.co.uk/2007/09/03/yahoo_activex_vuln/
Way Too ActiveX
,----[ Quote ]
| Today, over at Symantec's Security Response Weblog, Greg Ahmad
| reveals startling--and I do mean shocking--increases in ActiveX
| vulnerabilities. According to Symantec, ActiveX vulnerabilities
| stayed in the 12- to- 15-a-year range from 2002 to 2005. For
| 2006, the number of vulnerabilities "reached 50," with 42 in
| the second half of the year--coincidentally, the same time
| period Microsoft finished up and released Internet Explorer 7.
`----
http://www.microsoft-watch.com/content/security/way_too_activex.html?kc=MWRSS02129TX1K0000535
http://tinyurl.com/33cfno
Acer puts Active X hole on laptops
,----[ Quote ]
| Laptop outfit Acer seems to have placed an Active X control on its
| computers that seems to allow webpages to execute any program.
|
| This huge hole in network security has been installed on board Acer
| lap-tops since 1998.
`----
http://www.theinquirer.net/default.aspx?article=36773
Adobe Confirms 'Critical' Reader, Acrobat Exploits With IE
,----[ Quote ]
| A critical security vulnerability in an ActiveX control used by
| Internet Explorer could allow malicious hackers to use Adobe's
| Reader and Acrobat software to launch PC hijack attacks,
| according to a warning from Adobe Systems.
`----
http://www.pcmag.com/article2/0,1895,2066079,00.asp
Month of ActiveX bugs project begins with two Office flaws
,----[ Quote ]
| A hacker known as shinnai kicked off his "Month of ActiveX Bugs"
| (MoAxB) project with a bang by exposing a number of severe
| vulnerabilities affecting OCX controls in Microsoft Office.
`----
http://scmagazine.com/us/news/article/654659/month-activex-bugs-project-begins-two-office-flaws/
|
|
