Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

[News] [Rival] ActiveX Leaves Internet Explorer Fragile Again, US Pentagon is teh PWNED

  • Subject: [News] [Rival] ActiveX Leaves Internet Explorer Fragile Again, US Pentagon is teh PWNED
  • From: Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx>
  • Date: Wed, 12 Mar 2008 11:22:11 +0000
  • Newsgroups: comp.os.linux.advocacy
  • Organization: Freelance
  • User-agent: KNode/0.10.4
RealPlayer vulnerable in Internet Explorer

,----[ Quote ]
| To avoid the loss of functionality, security experts recommend using 
| RealPlayer in a browser that doesn't support ActiveX, such as Mozilla Firefox 
| (for Windows and Mac).  
`----

http://www.news.com/8301-10784_3-9890945-7.html?part=rss&subj=news&tag=2547-1_3-0-20

New in Heise (probably an update on older reports):

Pentagon cyber attack more serious than previously assumed

,----[ Quote ]
| However, the new magazine report claims that malicious code, which exploits a 
| hole in Microsoft Windows, was detected in various portions of the network 
| during network infrastructure reorganisation.   
`----

http://www.heise.de/english/newsticker/news/104819/from/rss09


Related:

Chinese military hacked into Pentagon

,----[ Quote ]
| The Chinese military hacked into a Pentagon computer network in June in the 
| most successful cyber attack on the US defence department, say American ­
| officials.  
`----

http://www.ft.com/cms/s/0/9dba9ba2-5a3b-11dc-9bcd-0000779fd2ac.html


China Crafts Cyberweapons

,----[ Quote ]
| The Defense Department reports China is building cyberwarfare
| units and developing viruses.
`----

http://www.pcworld.com/article/id,132284-pg,1/article.html(News)


German constitutional protection authorities foresee "secret service
procurement offensive" 

,----[ Quote ]
| ...if Chinese attackers really had penetrated government computers, this 
| would pose a risk even if no confidential data was involved. "It is possible 
| to find out many things in this way - appointments, responsibilities, who is 
| working  on what - this is the first step in carrying out classical 
| espionage," said  Möller.     
`----

http://www.heise.de/english/newsticker/news/95236/from/rss09


Politicians want to be informed on Chinese Trojan attacks

,----[ Quote ]
| Ruprecht Polenz (CDU), chairman of the Committee on Foreign Affairs, 
| said: "If there is clear evidence that the Chinese state is responsible for 
| these attacks, we cannot let the matter rest." According to a Spiegel report, 
| the Federal Office for the Protection of the Constitution assumes that 
| experts of the Chinese army have conducted the online espionage attacks 
| against the Federal Chancellery, the ministry of economics, the ministry of 
| research and also the ministry of foreign affairs.      
`----

http://www.heise.de/english/newsticker/news/94983/from/rss09


Estonia suspects Kremlin in Web attacks

,----[ Quote ]
| He said more than 1 million computers worldwide have been used in
| recent weeks to attack Estonian government and business Web sites
| since a dispute arose with Moscow over Estonia's moving of a
| Soviet-era war memorial from downtown Tallinn.
`----

http://www.cnn.com/2007/TECH/internet/05/17/estonia.cyber.attacks.ap/index.html?eref=rss_tech


U.S. cyber counterattack: Bomb 'em one way or the other

,----[ Quote ]
| If the United States found itself under a major cyberattack aimed
| at undermining the natio's critical information infrastructure,
| the Department of Defense is prepared, based on the authority of
| the president, to launch a cyber counterattack or an actual 
| bombing of an attack source.
`----

http://www.networkworld.com/news/2007/020807-rsa-cyber-attacks.html


US plans for cyber attack revealed

http://www.theinquirer.net/default.aspx?article=37563


Homeland Security sees cyberthreats on the rise

,----[ Quote ]
| To test the nation's response to a cyberattack, the Department
| of Homeland Security plans to hold another major exercise,
| called Cyberstorm II, in March 2008, Garcia said. A first
| such exercise happened early last year.
`----

http://news.com.com/2100-7355_3-6157809.html?part=rss&tag=2547-1_3-0-20&subj=news
http://tinyurl.com/2dpbmv


Zombie botnets attack global DNS servers

,----[ Quote ]
| Hackers launched a sustained attack last night against key root servers
| which form the backbone of the internet.
| 
| Security firm Sophos said that botnets of zombie PCs bombarded the
| internet's domain name system (DNS) servers with traffic.
| 
| "These zombie computers could have brought the web to its knees,"
| said Graham Cluley, senior technology consultant at Sophos.
`----

http://www.vnunet.com/vnunet/news/2174383/zombie-botnets-attack-global


Perspective:  Microsoft security--no more second chances?

,----[ Excerpt ]
| CNET News.com's Charles Cooper says the software maker is running out
| of excuses for a history of poor security.
`----

,----[ Quote ]
| As if Homeland Security Secretary Michael Chertoff didn't have enough on
| his plate.
|
| Not only has he had to deal with Katrina and Osama. Now he's also got to
| whip Steve Ballmer and the crew at Microsoft into shape. If past is
| prologue, that last task may be the most daunting of all.
`---- 

http://news.com.com/2010-1002_3-6104512.html?part=rss&tag=6104512&subj=news


Botnet 'pandemic' threatens to strangle the net

,----[ Quote ]
| Cerf estimated that between 100 million and 150 million of the
|                             ^^^^^^^^^^^^^^^^^^^^^^^^^^^
| 600 million PCs on the internet are under the control of hackers,
|                                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
| the BBC reports. "Despite all that, the net is still working,
| which is pretty amazing. It's pretty resilient," he said.
`----

http://www.theregister.co.uk/2007/01/26/botnet_threat/


EveryDNS, OpenDNS Under Botnet DDoS Attack

,----[ Quote ]
| The last time the Web mob (spammers and phishers using botnets)
| decided to go after a security service, Blue Security was forced
| to fold and collateral damage extended to several businesses,
| including Six Apart.
`----

http://securitywatch.eweek.com/exploits_and_attacks/everydns_opendns_under_botnet_ddos_attack.html


Be prepared: ActiveX attacks will persist

,----[ Quote ]
| A recent string of high-profile ActiveX vulnerabilities caused the U.S. 
| Computer Emergency Readiness Team (US-CERT) to advise users to disable the 
| ubiquitous Microsoft browser plug-in technology altogether.  
`----

http://www.infoworld.com/article/08/02/19/08NF-activex-horror_1.html


ActiveX Controls Out of Control

,----[ Quote ]
| The federal agency's warning to disable all Internet Explorer ActiveX 
| controls might as well be recommendation to use Firefox—or Opera or Safari. 
| Hey, AOL, are you sure about pulling the plug on Netscape?  
`----

http://www.microsoft-watch.com/content/security/activex_controls_out_of_control.html?kc=MWRSS02129TX1K0000535


The feds weigh in on Windows security

,----[ Quote ]
| "The benefits of this move are enormous: Common, secure configurations
| can help slow botnet spreading, can radically reduce delays in patching,
| can stop many attacks directly, and organizations that have made the
| move report that it actually saves money rather than costs money,"
| Paller wrote.
`----

http://news.zdnet.com/2100-1009_22-6172158.html


Yahoo IM affected by ActiveX vulnerabilities

,----[ Quote ]
| On the heels of ActiveX vulnerabilities in the image uploading tools for 
| Facebook and MySpace.com, researchers warned Monday that Yahoo Instant 
| Messenger and Yahoo Messenger are vulnerable to ActiveX-based attacks.  
`---- 

http://www.news.com/8301-10789_3-9864333-57.html?part=rss&subj=news&tag=2547-1_3-0-20


Exploit for 'extremely critical' Yahoo Jukebox vuln goes wild

http://www.theregister.co.uk/2008/02/05/yahoo_jukebox_vuln/


'Highly critical' security bug bites HP Virtual Rooms

,----[ Quote ]
| The vulnerability in HP Virtual Rooms resides in the ActiveX client used to 
| install the service on users' PCs, according to this advisory posted Tuesday 
| on the Full-Disclosure mail list. Vulnerability tracking service Secunia 
| rates it "highly critical," because it can be used by attackers to compromise 
| a user's machine.    
`----

http://www.theregister.co.uk/2008/01/22/hp_virtual_rooms_security_bug/


'Bricking' bug threatens most HP, Compaq laptops

,----[ Quote ]
| In a post to the milw0rm.com Web site Wednesday, a Polish security researcher 
| who used the alias "porkythepig" spelled out a pair of vulnerabilities in an 
| ActiveX control used by HP's Software Update, the patch management program 
| bundled with virtually every HP- and Compaq-branded laptop.   
`----

http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9053818&intsrc=hm_list


Rogue ActiveX controls menace users

,----[ Quote ]
|  Flaws in ActiveX controls are being increasingly used to run security 
|  exploits. 
| 
| [...]
| 
| An attack exploiting this vulnerability can lead to arbitrary code execution 
| by a remote attacker," a blog posting by Symantec researcher Parveen 
| Vashishtha warns.  
`----

http://www.theregister.co.uk/2007/10/24/activex_vulns/


RealPlayer Attack Circulating

,----[ Quote ]
| The attack exploits a flaw in an ActiveX browser helper object, software that 
| RealPlayer employs to help users who are experiencing technical difficulties, 
| so the PC must be using the Internet Explorer browser to be affected by this 
| particular attack, Symantec said.   
`----

http://news.yahoo.com/s/pcworld/20071020/tc_pcworld/138706


Yahoo! battered by second ActiveX vulnerability

,----[ Quote ]
| The vulnerabilities affect versions of Yahoo! Messenger 8.x prior to version 
| 8.1.0.419, released late last week. Users are urged to upgrade. 
`----

http://www.theregister.co.uk/2007/09/03/yahoo_activex_vuln/


Way Too ActiveX

,----[ Quote ]
| Today, over at Symantec's Security Response Weblog, Greg Ahmad
| reveals startling--and I do mean shocking--increases in ActiveX
| vulnerabilities. According to Symantec, ActiveX vulnerabilities
| stayed in the 12- to- 15-a-year range from 2002 to 2005. For
| 2006, the number of vulnerabilities "reached 50," with 42 in
| the second half of the year--coincidentally, the same time
| period Microsoft finished up and released Internet Explorer 7.
`----

http://www.microsoft-watch.com/content/security/way_too_activex.html?kc=MWRSS02129TX1K0000535
http://tinyurl.com/33cfno


Acer puts Active X hole on laptops 

,----[ Quote ]
| Laptop outfit Acer seems to have placed an Active X control on its
| computers that seems to allow webpages to execute any program.
| 
| This huge hole in network security has been installed on board Acer
| lap-tops since 1998.
`----

http://www.theinquirer.net/default.aspx?article=36773


Adobe Confirms 'Critical' Reader, Acrobat Exploits With IE

,----[ Quote ]
| A critical security vulnerability in an ActiveX control used by
| Internet Explorer could allow malicious hackers to use Adobe's
| Reader and Acrobat software to launch PC hijack attacks,
| according to a warning from Adobe Systems.
`----

http://www.pcmag.com/article2/0,1895,2066079,00.asp


Month of ActiveX bugs project begins with two Office flaws

,----[ Quote ]
| A hacker known as shinnai kicked off his "Month of ActiveX Bugs"
| (MoAxB) project with a bang by exposing a number of severe
| vulnerabilities affecting OCX controls in Microsoft Office.
`----

http://scmagazine.com/us/news/article/654659/month-activex-bugs-project-begins-two-office-flaws/

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index