BackgroundJim and Cheryl owned a retail store that sold high-end hi-fi sound systems. It started out as a hobby – they were real audiophiles. They sold sophisticated equipment in the higher price range to knowledgeable buyers, like themselves, who understood the basics. They had a good corner location on a main thoroughfare.The ProblemA competitor set up a store diagonally across the street with
ESSENTİAL PROGRAMIEssential net tools (gerekli internet araçları) bu program bilgisayarlar arası dosya alışverişi sağlayan ve internet üzerinden paylaşımı açık insanların bilgisayarlarına girebilmenizi sağlarProgramı indirdikten sonra bilmemiz gerek ilk şey ip numarasının ilk iki epizotunun değişmedigi son 2 epizotunun değiştiğidir ve buna göre ip numarasının son epizo
La verdad es que ésto no sorprende a nadie, y mucho menos a la comunidad usuaria de Firefox, por lo que no voy a extenderme mucho en el tema. Lo concreto es que Microsoft ha reconocido una falla muy grave en su explorador (navegador) Internet Explorer 7 (también se encontraría en el flamante Internet Explorer 8 beta y en versiones anteriores) que permitiría a hackers, piratas informáticos y
Sans.org published a notice today that there is a 0-day exploit for Internet Explorer in the wild. The updates released by Microsoft yesterday did not fix this vulnerability. The specific exploit checks to be sure it is running in IE7 on XP or 2003 before it does anything, but whether other versions are exploitable is not yet known.
The article says "At this point in time it d
AMARCORD TRIPLETTE & GRANDI NOMI: Quanto tempo! Siiii... Quanto tempo per vedere realizzata una tripletta al BINTI! C'è riuscito 'Tibo-Gol' contro il LEGNANO nella 14^ Giornata di LEGA PRO ma erano...
Hellas Verona Style BONDOLA SMARSA Blog sull'Hellas Verona con gioco pronostici, news, rassegna stampa, notizie di calciomercato e altro sul mondo gialloblu: un punto di vista DIVERSO su una fede U
WordPress 2.6.5 is immediately available and fixes one security problem and three bugs. I recommend everyone upgrade to this release.
The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy wp-includes/feed.php and wp-includes/version.php from [...]
You mig
Have you ever considered how to cut down your marketing costs? Have you been thinking about not sending promotional gifts this year? What a mistake that could be!
Most people when looking at promotional gifts think about promotional pens, diaries and the likes. These are fine and easy to distribute, but usually have only enough printing [...]
Roshan Exploit in DoTA 6.55b - Level 1 Roshan kill (as posted by wetdirtmud)
This is the reason why DoTA 6.56 had to be released. Here’s a video where the DoTA 6.55 Roshan exploit is demonstrated using Lina Inverse and Ursa Warrior. Roshan is almost down even before the creeps start spawning, giving the exploiting team [...]
Dota Allstars 6.56
Released : October 13, 2008
Filesize : 3.24 MB
DoTA Allstars 6.56 Download Mirror 1
DoTA Allstars 6.56 Download Mirror 2
DoTA Allstars 6.56 Download Mirror 3
A new DoTA Version (DoTA 6.56) has been released because the usual culprit (Roshan) was exploitable again. But aside from that, there are several other bug fixes in this version too, [...]
Microsoft updated Security Advisory (951306) last week. A vulnerability exists from last April that allowed local privilege escalation. The update to the advisory was made since there is now exploit code online. There is currently no patch available but a workaround is possible:Microsoft is investigating new public reports of a vulnerability which could allow elevation of privilege from authentic
Whether it is through manual poking and prodding or the use of security testing tools, malicious attackers employ a variety of tricks to break into SQL Server systems, both inside and outside your firewall. It stands to reason then, if the hackers are doing it, you need to carry the same attacks to test the security strength of your systems. Here are 10 hacker tricks to gain access and violate
Comme le chantait Michel Fugain, Jetman ou plutôt Yves Rossy fait comme l'oiseau.Il avait lancé un pari fou, traverser la manche avec son Jetpack, une aile collée sur son dos avec quatre moteurs à réactions.Un homme fusée, un rivale de Batman ou de Superman. Yves Rossy est âgé de 49 ans, il est originaire de Suisse. Yves ROSSY est un ancien pilote militaire avec plus de 1 000 heures de vol
* Buffer Overflow Attacks Detect, Exploit, Prevent (pdf)* Buffer overflows make up one of the largest collections of vulnerabilities in existence; And a large percentage of possible remote exploits are of the overflow variety. Almost all of the most devastating computer attacks to hit the Internet in recent years including SQL Slammer, Blaster, and I Love You attacks. If executed properly, an over
Check this out folks! Could this be the very first known Google Chrome Browser Exploit?
Google's new Web browser (Chrome) allows files (e.g., executables) to be automatically downloaded to the user's computer without any user prompt.
Source: milw0rm Dot Com
Special thanks to ShoeMoney for...
[[ This is a content summary only. Visit my website for full links, other content, and more! ]]
Details of the selected infection are shown below. This infection can be detected and cleaned using Spy Soap.Threat Exploit.HTML.Iframe.FileDownload detail information:Spyware Name: Exploit.HTML.Iframe.FileDownloadType: ExploitBrief: MalwareRemoval instructions: This infection can be removed using Spy Soap.Minimum System Requirements
Windows 98/Me, Windows 2000, XP,Vista
350 Mhz
Anadrol is the strongest & also the most successful oral steroid. Anadrol has a tremendously high androgenic effect which goes hand in hand with an enormously intense anabolic component. Anadrol is the U.K. product name for oxymetholone, an extremely potent oral androgen. This complex was first made available in 1965, by the international drug firm [...]
There’s been some wild and panicky stuff in some of the Tech press lately about a potential exploit that could bypass Vista’s security model. It all sounds pretty drastic but please bear in mind that most reports have been pretty sensationalist about it.
A ZDNet blog post contains a bit more ‘measured’ information about it along [...]
PLR articles opportunity is for such people like an oasis in a desert that can be reached after a long and hard journey. For those who have their own website, PLR articles are used to attract internet users as well as prospective clients.
More: continued here
addthis_url = 'http%3A%2F%2Fwww.geoff-lord.com%2Fmarketing%2Fhow-the-experts-exploit-plr-articles-posted-by-andy-fah';
[...]
1). Just create a new folder where ever you want to get the invisible folder.2). Rename it as ALT+0160 make sure you press ALT and type 0160 with NUMPAD.
These techniques are being seen as an advance that many in the security community say will have far-reaching implications not only for Microsoft, but also on how the entire technology industry thinks about attacks.
A quick note to warn you that the first code sample has been released to try and exploit the recently announced DNS cache poisoning vulnerability. While most users will be relying on their ISP etc to ensure they have patched the hole, you should also make sure that you have applied any required OS patches/updates [...]
Ini bukan tool penetrasi atau tool mencari korban WordPress yang bisa di exploitasi, namun sebuah tool untuk mengecek diri sendiri, sudahkah Anda menjadi korban exploit, atau sudahkah wordpress Anda disusupi malicious script. Mengingat maraknya spammer yang semakin liar caranya membuang sampah termasuk menyusupi script malicious untuk menginjeksi komputer pengunjung blog (wordpress) Anda, ada baik
"De acordo com a Symantec, sites legítimos hospedando conteúdo do Adobe Flash Player podem ser comprometidos ao utilizaram um JavaScript que redireciona os usuários para um servidor chinês de malwares. As versões do Flash Player afetadas incluem a 9.0.124.0 (a mais recente) e a 9.0.115.0.A Symantec informou que sob certas circunstâncias, o JavaScript integrado ao player redireciona os usuár
MMORPG blog
Known/Patched Flash Exploit Can Target WoW AccountsThe Mac Observer - 5 hours ago… 2008 A known and patched exploit in Adobe's Shockwave player — a component of Flash — can be used to target World of Warcraft player accounts, …Flash exploit used to steal gaming passwords Virus BulletinVulnerability discovered in Adobe Flash, resolved by updating [...]
A very recent news on Zdnet announced that there is an very serious exploit that Adobe Flash Players 9.0.115.0 and 9.0.124.0 are vulnerable; other versions may also be affected.
The link to the whole story is here.
Strategyfreaks.com Re-launchs Dofus Exploit CommunityThe Open Press (press release) - 1 hour agoBesides Dofus, Strategy Freaks also provides similar services to players of Age of Conan, World of Warcraft, Lord of the Rings Online and many more MMORPG …
Written by Google Inc. and Powered by WordPress
How many sites do you own, where the traffic generated from long tail keywords far exceeds that of the main keyword? I know personally about 60% of my sites gain most of their traffic through their long tails as opposed to their mains. Therefore how can we exploit the long tail keywords of individual niches in a way that will maximize traffic without spamming the search engines?
The Duplication exploit is still not fixed in this patch, but according to Famine, they are still working on a solution for this along with other issues concerning trader NPCs.
May 23 Age of Conan Patch notes / change log.
Playfields
* Characters should no longer get stuck when they zone into Lacheish Plains.
Items
* [...]
d Wife suspected it when we watched Miss Pettigrew Lives For a Day and I did not complain.d Wife confirmed it the day she suggested we watch Enchanted on pay-per-view and I said "Sure! ok!" and got off the computer right away without a fuss."You totally crush on Amy Adams, don't you!""What? No, no, she's pretty, I mean, she does look like a Disney princess and all... but n
A recently-discovered flaw in Gmail is capable of turning Google’s e-mail service into a highly effective spam machine. According to the Information Security Research Team (INSERT), Gmail is susceptible to a man-in-the-middle attack that allows a spammer to send thousands of bulk e-mails through Google’s SMTP service without fear of detection. This attack bypasses both [...]
Here are the five most common methods insiders use to access network resources and simple measures enterprise IT can take to protect against the implied threats.1. Modems.A lack of central management combined with easy-to-guess static passwords make modems an ideal entry point for insiders with detailed knowledge of a network. Many companies have tried to address this challenge by simply unpluggin
Download Exploit Client Terror V.4 by SatmaSalah satu booter terbaik saat ini menurut saya, menggunakan opsi exploit sehingga meskipun pm dalam keadaan terkunci, tetep gampang dc, meskipun menggunakan chat client dengan locked pm. Pengecualian jika si victim menggunakan gawd mode atau shield on.
The goal of this guide is to be used as a reference for concerns about legal and illegal actions in competitive play for Counter-Strike: Source.
BASIC GAME PLAY EXPLOITS(Exploits concerning general game play and a basic description of what is legal and illegal.)
BOMB PLANTING AND DEFUSAL
Bomb PlantingAttempting to make the bomb undefusable by covering it with objects is ILLEGAL [
The paper "Application-Specific Attacks: Leveraging the ActionScript Virtual Machine" written by Mark Dowd in which he describes various techniques that promise to open up a class of exploits and vulnerability research previously thought to be prohibitively difficult. While the Flash vulnerability described in the paper [pdf] has been patched by Adobe, the presentation of a [...]
Apple iPhone Safari browser is vulnerable to DoS attacks due to a design flaw that may be triggered by a series of memory allocation operations on the dynamic memory pool, which in turn triggers a bug in the garbage collector. The security hole is currently unpatched, leaving iPhone owners vulnerable to potential attacks until Apple issues a security update.Apple has yet to comment.This blog will tell you how to Unlock Jailbreak Activate and Hack your iPhone and iTouch firmware for FREE
Radware's Security Operations Center is claiming to have discovered a new Denial-of-Serivce vulnerability in the iPhone's Mobile Safari web browser in the 1.1.4 firmware. The exploit would require that a user click on a link to a web page containing Javascript that triggers the vulnerability, causing Safari to crash.
read more
From: Nuclear Spring Anne Lauvergeon (or "Atomic Anne," as the press calls her) is the fourteenth most powerful woman in the world, according to Forbes. She owes this rank, and her nickname, to the fact that she heads the French nuclear company Areva. Three weeks ago, Lauvergeon made an appearance at Harvard's Center for the Environment. And, when she strode to the lectern, she set about toying with the expectations of her audience. Where Americans are accustomed to hearing Europeans lambaste their wasteful way of life and degradation of the planet, Lauvergeon took a more counterintuitive approach: "A tribute to your country's essential contribution to the world debate on the crucial issue of climate change!" She continued, "Yes, I want to pay tribute to Vice President Al
Web designers making very old mistakes are letting malicious hackers hijack visitors to their sites, say experts. Many of the loopholes left in the code created for websites have been known about for almost a decade say the security researchers. The poor practices are proving very attractive to hi-tech criminals looking for a ready source of victims. According to Symantec the number of sites
Hillary Clinton spoke to a union in Pennsylvania today, and they didn't seem to be buying her latest assault on Obama.As she went on to say, "Well, you know, I know that many of you, like me, were disappointed by recent remarks that he made," scattered boos and calls of "No" could clearly be heard from the audience.
Parece que o PS3 acabou obtendo seu próprio Hello World como saudação em cortesia do Dragula96, um conhecido hacker de PSP. Segundo Dragula96, ele recentemente descobriu um exploit no PS3 firmware oficial 2.20 e foi capaz de pôr o seu próprio Hello World como prova de conceito. Atualmente, ele não compartilha como ele o fez; [...]
…Una prueba de concepto publicada por milw0rm.com el pasado domingo (30/03/08)…
Segun esta prueba de concepto se ha encontra un agujero de seguridad en el Office para XP SP3, especificamente la vulnerabilidad se encuentra en PowerPoint.
Una prueba de concepto publicada por milw0rm.com el pasado domingo (30/03/08), puede ser utilizada para la ejecución de código mediante la [...]
Lazy attack aims to dupe the credulous
The miscreants behind the Storm Worm botnet have taken advantage of April Fools’ day in a bid to infect more Windows PCs.…
Read more…
Spybot - Search & Destroy pode detectar e remover diferentes tipos de "programas espiões" de seu computador. Esses espiões são uma ameaça relativamente nova que os programas antivírus mais utilizados ainda não eliminam. Se você se deparar com novas barras de ferramentas em seu Internet Explorer (que você tem certeza de que não instalou), se seu navegador trava inexplicavelmente, ou ainda a página inicial do seu navegador mudou e/ou foi travada em outro endereço, sem que você saiba como, você provavelmente tem algum desses programas espiões instalado. Mas mesmo que você não veja os sintomas, pode tê-los rodando em seu computador, já que a cada dia surgem mais e mais desses programas com a capacidade de rastrear silenciosamente as suas atividades na internet. A fina
MS Word subjected to selective attacks.
Microsoft confirms Word attacks
Microsoft has confirmed reports of vulnerability in Word that allows an attacker to exploit a system via the Microsoft Jet Database Engine, which shares data with Access, Visual Basic and third party applications.
Microsoft in its advisory said the potential for attack is “very limited.” Reports of the Word flaw were
And you know what means, don’t you? New firmware soon! Well, not necessarily, but if the newly-discovered Safari exploit turns out to be bad enough, Apple might find enough reason to work up a version 1.1.5 — or at least a patch of some sort, which I’m sure the jailbreak community will come up with [...]
Tehskeen is reporting on a Zelda save exploit Here is a screen shot of an error in Zelda for the Nintendo Wii. So, whats so important about this part1 Vote(s)
Microsoft (24hoursnews)'s Patch Tuesday came a day late after a U.S. Computer Emergency Readiness Team advisory warned that a targeted Trojan attack may exploit one of Office Excel's known vulnerabilities.
Altogether, the vulnerabilities can be found in Microsoft Office Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Office Excel 2002, Office Excel 2000 and Excel 2004 for Mac.
For those guys who updated their Vista with the KB940150 patch without knowing what it does and promptly received a message regarding SL07-001 or other SL07 Activation Exploit being detected, here are a few workarounds :
Got fixes for SL07-001 and Sl07-006 or Activation exploit detection that were not listed here? post them at the comment [...]
Update : I’ve started making a knowledgebase for solving both SL07-001 and SL07-006 problems here :Fixes for SL07-001 and SL07-006 detection problems (Vista activation exploit)
Ok, Windows Vista Update came up to me and asked me to Download a KB940510 update from … well I thought it was a regular update, hotfix and all that so [...]
A while back a couple of my blogs was hit with a hacker where he inserted multiple spam links in my blogroll. Eventually at wordpress, I found where they talked about the problem and a supposed fix. The problem is it didn’t work. The only thing that worked was renaming the link.php [...]
The beauty of the creation of Google Adwords is its simplicity. Programmers Google appears to be a close follower of the highest given by Edward Debono when it comes to simplicity. Log in and start it is very easy and takes a few minutes to get his campaign moving.
If you are new to the Google Adwords, all you need to do is relax, and go through the steps listed below to start off in one of the most technically advanced plans for advertising on the Internet: Step 1: Define the eyes: The first step would be to define the target audience of your ad. There are a number of fields to select from which help you get geography and language preference of the audience created so that their ads are displayed only to the audience. This process results in a group of ads, and you can define several sets
El que algunos han declarado como, un gravisimo fallo en la seguridad de Linux, el exploit local contra el kernel Linux que hizo saltar las alarmas hace apenas 10 días, vuelve a ser noticia, pero esta vez, para bien.Dicho exploit afectaba a las versiones del kernel: de 2.6.17 a 2.6.24.1, debido a un bug en vmsplice. El exploit, publicado en la lista de bugs de Debian, permite conseguir shell de root al ser ejecutado.Bien, pues el sitio DistroWatch hace un resumen de la rapidez con que las principales distribuciones GNU/Linux respondieron publicando sus correcciones al problema. Todas las distribuciones reaccionaron en menos de 48 horas: 1. Debian (0+ horas)2. Fedora (8+ horas)3. Slackware (12+ horas)4. Mandriva (19+ horas)5. Frugalware (21+ horas)6. OpenSUSE (23+ horas)7. rPath (26+ h
El que algunos han declarado como, un gravisimo fallo en la seguridad de Linux, el exploit local contra el kernel Linux que hizo saltar las alarmas hace apenas 10 días, vuelve a ser noticia, pero esta vez, para bien.Dicho exploit afectaba a las versiones del kernel: de 2.6.17 a 2.6.24.1, debido a un bug en vmsplice. El exploit, publicado en la lista de bugs de Debian, permite conseguir shell de root al ser ejecutado.Bien, pues el sitio DistroWatch hace un resumen de la rapidez con que las principales distribuciones GNU/Linux respondieron publicando sus correcciones al problema. Todas las distribuciones reaccionaron en menos de 48 horas: 1. Debian (0+ horas)2. Fedora (8+ horas)3. Slackware (12+ horas)4. Mandriva (19+ horas)5. Frugalware (21+ horas)6. OpenSUSE (23+ horas)7. rPath (26+ h
El Local Root Exploit en Kernel Linux 2.6, del que ya hablamos, y a grandes rasgos tenía que ver con la posibilidad de dar privilegios de administrador (root), a un usuario sin común. Ya fue solucionado, y la rapidez con que se dio repuesta, la verdad es que sorprende, esto a pesar de que este exploit no fue considerado crítico.Esta tabla muestra la rapidez con que parcharon el kernel las dis
El Local Root Exploit en Kernel Linux 2.6, del que ya hablamos, y a grandes rasgos ten??a que ver con la posibilidad de dar privilegios de administrador (root), a un usuario sin com??n. Ya fue solucionado, y la rapidez con que se dio repuesta, la verdad es que sorprende, esto a pesar de que este exploit no fue considerado cr??tico.Esta tabla muestra la rapidez con que parcharon el kernel las dis
El Local Root Exploit en Kernel Linux 2.6, del que ya hablamos, y a grandes rasgos tenía que ver con la posibilidad de dar privilegios de administrador (root), a un usuario sin común. Ya fue solucionado, y la rapidez con que se dio repuesta, la verdad es que sorprende, esto a pesar de [...]
Une faille critique a été découverte dans les noyaux Linux, des versions 2.6.17 à 2.6.24.1. Cette dernière exploite un bug dans l'appel système vmsplice().
Este exploit afecta al Kernel Linux versión 2.6 de Ubuntu y Debian, el exploit es necesario ejecutarlo como usuario local, para así obtener identidad de root.
Los Kernel Linux afectados son desde la versión 2.6.17 hasta 2.6.24. Por el momento para solucionar el problema de seguridad, habría que compilar nuestro propio kernel eliminando vmsplice.
Pruebas hechas en Ubuntu apuntan a que funciona
Este exploit afecta al Kernel Linux versi??n 2.6 de Ubuntu y Debian, el exploit es necesario ejecutarlo como usuario local, para as?? obtener identidad de root.
Los Kernel Linux afectados son desde la versi??n 2.6.17 hasta 2.6.24. Por el momento para solucionar el problema de seguridad, habr??a que compilar nuestro propio kernel eliminando vmsplice.
Pruebas hechas en Ubuntu apuntan a que funciona
Este exploit afecta al Kernel Linux versión 2.6 de Ubuntu y Debian, el exploit es necesario ejecutarlo como usuario local, para así obtener identidad de root.
Los Kernel Linux afectados son desde la versión 2.6.17 hasta 2.6.24. Por el momento para solucionar el problema de seguridad, habría que compilar nuestro propio kernel eliminando vmsplice.
Pruebas hechas en [...]
/*
* jessica_biel_naked_in_my_bed.c
*
* Dovalim z knajpy a cumim ze Wojta zas nema co robit, kura.
* Gizdi, tutaj mate cosyk na hrani, kym aj totok vykeca.
* Stejnak je to stare jak cyp a aj jakesyk rozbite.
*
* Linux vmsplice Local Root Exploit
* By qaaz
*
* Linux 2.6.17 - 2.6.24.1
*
* This is quite old code and I had to rewrite it to even compile.
* It should work well, but I don’t remeber original intent of all
* the code, so I’m not 100% sure about it. You’ve been warned
*
* -static -Wno-format
*/
#define _GNU_SOURCE
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define __KERNEL__
#include
#define PIPE_BUFFERS 16
#define PG_compound 14
#define uint unsigned int
#define static_inline st
An advisory originally posted on Milw0rm.com states that Apple QuickTime versions 7.2 and 7.3 on Microsoft Windows Vista and Windows XP Pro SP2 are both affected and also Apple’s iTunes because it also contains a QuickTime component, they
may also be at risk, according to a security advisory by the United States Computer Emergency Readiness Team (US-CERT).
From News.com
The security flaw is found in the Real Time Streaming Protocol (RTSP) supported by Apple’s QuickTime Streaming Server and QuickTime player, US-CERT notes. As a result, users who load a malicious RTSP stream via a QuickTime Media Link file or by visiting a malicious Web page, may find their systems compromised. Malicious attackers, for example, could execute arbitrary code from users’ systems or launch a denial-of-service attack.
What to do? Go to Apple Downloads and Download the latest fixes and workarounds also for more solutions you can checkout US-CERT’s Article on Apple QuickTime RTSP Content
A security researcher using the pseudonym cocoruder recently reported a stack overflow vulnerability in the way Microsoft® JET Engine parses MDB files. According to cocoruder, a remote attacker can exploit the vulnerability in order to execute arbitrary code on the affected system.
Share This
Vulnerability allows malicious code into browsers, revealing users' Google accounts.Mozilla has taken another security blow with the discovery that Google user accounts can be accessed through a dangerous Firefox exploit.The vulnerability, which is still in the wild some 10 days after its discovery on gnucitizen.org, allows hackers to access Google accounts, including Gmail, with cross-site
Mozilla has taken another security blow with the discovery that Google user accounts can be accessed through a dangerous Firefox exploit.
The vulnerability, which is still in the wild some 10 days after its discovery on gnucitizen.org, allows hackers to access Google accounts, including Gmail, with cross-site scripting attacks.
A client or server-side exploit can be inserted into .zip files via open document formats from Microsoft Office 2007 and OpenOffice, and uploaded to a server where the Firefox JAR protocol extracts the compressed data.
(more…)
Share This
You might want to sit down for this one, folks. It's pretty absurd. Rik Farrow of Fast Company has discovered a way similar to that used for the iPhone TIFF exploit in 1.1.1 to maliciously download malware to their iPhones, after which a hacker has complete control of the iPhone.
read more
Is all this talk about iPhone security exploits freaking you out? The possibility that something like this could be used maliciously has crossed my own mind, and it's a scary thought. Luckily the good guys are on top of it. Not only did they find it, but they're fixing it, too. If you take a look at the features page for AppSnapp, you'll see that feature #6 of AppSnapp is that it fixes the very exploit it uses.
read more
Force Your Web Site Visitors To Build An Unlimited Number Of Niche Targeted Content Websites For You, On Your Command! The Amazing Content Multiplier...
Symantec Corporation has issued an alert that rated a threat with its highest possible score after finding attackers exploiting a zero-day vulnerability in RealPlayer that infects Windows machines running Internet Explorer. An ActiveX control installed by RealNetworks Incorporated's RealPlayer program is flawed in such a way that it can be exploited and malicious code downloaded to any PC that wanders to a specially crafted site.
Only systems on which both RealPlayer and IE have been installed are vulnerable. Multiple versions of RealPlayer install the ActiveX control, including the current 10.5 and the beta of Version 11. RealNetworks has not released a fix, but Symantec said it had informed the media player's maker of the bug. Until RealNetworks releases a patch, Symantec said the best advice it can give is to disable the vulnerable ActiveX control but this requires editing the Windows registry.
Source:→ ComputerWorld
ActiveX, Bug, Exploit, Internet Explorer, RealPlayer,
By Sophie WhiteThere is a current and active way to knock a website out of Google's search engine results. It's simple and effective. This information is already in the public domain and the more people that know about it, the more likelihood there is that Google will do something about it. This article will tell you how it works, how to get a website knocked out of the search engine rankings, but most importantly, how to defend your own website from having it happen to you.To understand this exploit, you must first understand about Google's Duplicate Content filter. It's simply described thus: Google doesn't want you to search for "blue widget" and have the top 10 search terms returned copies of the same article on how great blue widgets are. They want to give you ONE copy of the Great Blue Widget article, and 9 other different results, just on the off chance that you've already read that article and the other results are actually what you wanted.To handle this, every time Googl
By: Sophie White
There is a current and active way to knock a website out of Google’s search engine results. It’s simple and effective. This information is already in the public domain and the more people that know about it, the more likelihood there is that Google will do something about it. This article will tell you how it works, how to get a website knocked out of the search engine rankings, but most importantly, how to defend your own website from having it happen to you.
To understand this exploit, you must first understand about Google’s Duplicate Content filter. It’s simply described thus: Google doesn’t want you to search for “blue widget” and have the top 10 search terms returned copies of the same article on how great blue widgets are. They want to give you ONE copy of the Great Blue Widget article, and 9 other different results, just on the off chance that you’ve already read that article and the other results
Looks like the protocol handler problems just won’t die. On July 20th, Jesper Johansson reported that Firefox 2.0.0.5 didn’t quite get all the bugs out of passing strings to external programs registered as protocol handlers. 10 days later, Mozilla has released a patch in version 2.0.0.6. The first version of the patch was actually coded on July 21st, finalized on the 23rd, tested and reviewed, and released to auto-updates on the 30th. You can see all the gory details in bug 389106 .
Ironically, FF appears to have been doing the same thing that IE was doing, which Window Snyder called a “critical vulnerability in IE” on the 18th. Snyder gave Microsoft a hard time because they were not planning a fix, but on the 23rd he had to eat crow, saying:
(more…)
Share This
