mat - Slashdot User

Researchers Bypass IE Protected Mode 91

Posted by Soulskill on Friday December 03, 2010 @07:16PM from the locked-doors-open-windows dept.

Trailrunner7 writes "A new paper from researchers at Verizon Business identifies a method through which an attacker can bypass Internet Explorer Protected Mode and gain elevated privileges once he's successfully exploited a bug on the system. Protected Mode in Internet Explorer is one of a handful of key security mechanisms that Microsoft has added to Windows in the last few years. It is often described as a sandbox, in that it is designed to prevent exploitation of a vulnerability in the browser from leading to more persistent compromise of the underlying system. In their research, the Verizon Business team found a method that, when combined with an existing memory-corruption vulnerability in the browser, enables an attacker to bypass Protected Mode and elevate his privileges on the compromised machine (PDF). The technique enables the attacker to move from a relatively un-privileged level to one with higher privileges, giving him complete access to the logged-in user's account."

Comment Re:Microsoft ? Hum... not sure ? (Score 1) 2

by mat on Thursday June 10, 2010 @09:06AM (#32522484) Attached to: MS hides Firefox extension in toolbar update

Hum... I've just noticed I have a second different search plugin, and the second one is from Microsoft. But I confirm that I have automatic updates turned off.

Comment Microsoft ? Hum... not sure ? (Score 1) 2

by mat on Thursday June 10, 2010 @08:52AM (#32522366) Attached to: MS hides Firefox extension in toolbar update

I've just noticed this extension also on a windows VM that was not updated for a while, and it is enabled on Firefox and IE. And in IE, the published is "(not verified) Sigot, Inc", which is the same publisher as the PdfForge Toolbar.
So, I am note sure microsoft is the one to blame for this.

Nero Files Antitrust Complaint Against MPEG-LA 247

Posted by Soulskill on Monday May 24, 2010 @04:40PM from the hot-topics-getting-hotter dept.

hkmwbz writes "German technology company Nero AG has filed an antitrust complaint against the MPEG-LA, the company that manages the H.264 patent pool. Nero claims that the MPEG-LA has violated the law and achieved and abused 100% market share, by, among other things, using 'independent experts' that weren't independent after all, not weeding out non-essential patents from the pool (in fact, it has grown from the original 53 to more than 1,000), and retroactively changing previously-agreed-on license terms."

Comment Re:Tangental question... (Score 1) 136

by mat on Wednesday April 15, 2009 @07:24PM (#27592547) Attached to: Build an Open Source SSL Accelerator

Just use mod_proxy_balancer (included in Apache) either to load-balance sessions between the two servers using session tracking, or to to use a server as a backup with the parameter "status=+H" (only available for the latests Apache versions).
http://httpd.apache.org/docs/2.3/mod/mod_proxy_balancer.html

Proposed IPv6 Cutover By 2011-01-01 398

Posted by kdawson on Thursday August 02, 2007 @08:48AM from the swatting-a-nat dept.

IO ERROR writes "An internet-draft published this month calls for an IPv6 transition plan which would require all Internet-facing servers to have IPv6 connectivity on or before January 1, 2011. 'Engineer and author John Curran proposes that migration to IPv6 happen in three stages. The first stage, which would happen between now and the end of 2008, would be a preparatory stage in which organizations would start to run IPv6 servers, though these servers would not be considered by outside parties as production servers. The second stage, which would take place in 2009 and 2010, would require organizations to offer IPv6 for Internet-facing servers, which could be used as production servers by outside parties. Finally, in the third stage, starting in 2011, IPv6 must be in use by public-facing servers.' Then IPv4 can go away."

Submission + - Reporter Arrested for Asking a Question (lawbean.com)

Submitted by

Spamicles

on Wednesday June 06, 2007 @07:48PM

Spamicles writes: "Manchester, NH — Freelance reporter Matt Lepacek, reporting for Infowars.com, was arrested for asking a question to one of Giuliani's staff members in a press conference. The press secretary identified the New York based reporter as having previously asked Giuliani about his prior knowledge of WTC building collapses and ordered his arrest."

Slashdot Top Deals