Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security

Submission + - PDF imports spyware (heise-security.co.uk)

Submitted by Anonymous Coward
An anonymous reader writes: PDF files named like BILL.pdf, INVOICE.pdf and STATEMENT.pdf are using the Windows URI problem to shut down the Windows firewall and download spyware onto the computer reports heise Security. The commands are executed if the files are opened in Adobe Reader. At the beginning of this week Adobe published a fixed version 8.1.1 for the problem. A more general patch from Microsoft for Windows is still not available.
Security

Submission + - Unofficial URI-patch for Windows (heise-security.co.uk)

Submitted by dg2fer
dg2fer writes: For more than two month, the vulnerability of parsing URIs is known for several Windows programms, including Outlook, Adobe Reader, IRC clients and many more.

The latest Microsoft patches published for October did not include a solution for the URI problem, so according to an article on heise security hackers started to solve the problem theirselfes and published an unofficial patch which cleans up the critical parameters of URI system calls before calling the vulnerable Windows system function.
Security

Submission + - Spoofing 911 calls (heise-security.co.uk)

Submitted by
juct
juct writes: "A 19 is brought to court for abusing the 911 emergency call system. It appears that he has a method for spoofing the origin of a 911 call, and is believed to have used this to make over 200 hoax emergency calls throughout the US over a period of a couple of years."
Security

Submission + - Update Vista and Office offline (heise-security.co.uk)

Submitted by
juct
juct writes: "The new version of Heise Security's popular script collection Offline Update featured in an earlier slashdot article now supports Windows Vista and Microsoft Office. After you select your targets Offline Update downloads all the relevant security updates from Microsoft and creates a CD/DVD/USB-Stick. You can then launch an installation script from the media that quickly installs the updates on the target PCs. Unlike "update packs" like Autopatcher, Offline Update is not affected by copyright problems because it does contain any Microsoft code."
Security

Submission + - Microsoft Outlook also caught in the URI trap (heise-security.co.uk)

Submitted by
juct
juct writes: "What started out as an alleged Firefox bug comes back to haunt Microsoft. In addition to Firefox, Netscape, Adobe Reader, Skype, Miranda and mIRC, Outlook 2000/Express have now been proved vulnerable to the strange behaviour of Windows when certain URLs are opened. Attackers could use this to launch programs at will. heise Security hopes that this rises the chance that Microsoft will finally accept its responsibility for addressing the problem, and will take steps to make the behaviour of Windows more predictable."
Security

Submission + - Serious problems with Windows URI handling (heise-security.co.uk)

Submitted by
juct
juct writes: "Imagine you have a Windows XP system that is secure (or at least as secure as you need it). Then you install Internet Explorer 7 — and that changes the way Windows handles URLs. And suddenly there are security holes in all kinds of applications like Firefox, Skype, Acrobat Reader, Netscape, Miranda. A simple click or even just opening a document is enough to execute arbitrary programs and maybe install spyware on your system. That is the situation right now. Firefox and Skype already included a workaround for what they see as a Windows problem to protect their users. Adobe Acrobat Reader, Netscape and Miranda IM are still vulnerable — and propably a lot of other applications as well. And Microsoft is just saying, that this is not a problem in Microsoft products. For more see the complete article on heise Security."
Mozilla

Submission + - The Morality of Web Advertisement Blocking (cnet.com) 1

Submitted by Anonymous Coward
An anonymous reader writes: There has been some recent coverage of the over-hyped boycott of Firefox, in response to the rising popularity of the Adblock Plus Firefox extension. A recent editorial on CNET looks into the issue, and explores the moral and legal issues involved in client-side web advertisement blocking. Whereas TiVo users freeload on the relatively fixed broadcasting costs paid by TV networks, users of web ad-blocking technology are actively denying website owners revenue that would otherwise go to pay for the bandwidth costs of serving up those web pages. If the website designer has to pay for bits each time you view their website without viewing their banner ads, are you engaged in theft? Is this right? CNET has more on the subject....
Security

Submission + - Stealing passwords using TOR (derangedsecurity.com)

Submitted by Anonymous Coward
An anonymous reader writes: Remember that guy who published email passwords of 100 embassies? He reveals how he's done that. He used "Five ToR exit nodes ... equipped with our own packet-sniffer focused entirely on POP3 and IMAP traffic using a keyword-filter". Futhermore he states that government agencies in the US, Russia and around Asia are hosting TOR exit nodes and might be doing the same thing right now. This is supported by Heise Security who observed that the number of exit nodes in China grew from less than five to 77 in the last year — and guess who is operating TOR exit nodes in China.

Slashdot Top Deals

What good is a ticket to the good life, if you can't find the entrance?

Close