Spyware, Viruses, & Security forum

General discussion

NEWS - January 4, 2007

Former Apple engineer patching Month of Apple Bugs-revealed flaws
Fiona Raisbeck Jan 4 2007 14:49
A software engineer has vowed to provide solutions for flaws in Apple's OS X operating system exposed by the Month of Apple Bugs project (MoAB).


The two security researchers behind the project, Kevin Finisterre and a former hacker known as LMH, are revealing bugs in Apple software throughout January, as well as exploit code for any flaws they find.

However, former Apple engineer Landon Fuller has set up an unofficial operation to fix the flaws.

"If I have time, I will attempt to patch the other vulnerabilities, one a day, until the month is out," he said on his blog. "Part brain exercise, part public service, I have created a runtime fix for the first issue using Application Enhancer."

http://www.scmagazine.com/us/news/article/624521/former-apple-engineer-patching-month-apple-bugs-revealed-flaws/

Discussion is locked
You are posting a reply to: NEWS - January 4, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - January 4, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Patch issued for OpenOffice.org WMF

In reply to: NEWS - January 4, 2007

Flaw could enable unauthorized code to run on a targeted computer
Jeremy Kirk

January 04, 2007 (IDG News Service) -- A patch has been released for a vulnerability in the OpenOffice.org productivity suite, a problem rated as "highly critical" by one security vendor.

The flaw could be exploited by creating a malicious file in the Windows Metafile (WMF) or Enhanced Metafile formats. If the file was opened by a user, it could start running unauthorized code on a computer, according to an advisory by Linux distribution vendor Red Hat Inc., which offers the OpenOffice suite with several of its products.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9007101&source=rss_topic17

Collapse -
Multiple Vulnerabilities in Cisco Clean Access

In reply to: NEWS - January 4, 2007

Summary

Cisco Clean Access (CCA) is a software solution that can automatically detect, isolate, and clean infected or vulnerable devices that attempt to access your network. It consists of Cisco Clean Access Manager (CAM) and Cisco Clean Access Server (CAS) devices that work in tandem.

Cisco Clean Access is affected by the following vulnerabilities:


Unchangeable shared secret
Readable snapshot files

http://isc.sans.org/

Collapse -
Internet Explorer Vulnerable To Adobe XSS Bug

In reply to: NEWS - January 4, 2007

Adobe says that Reader 8.0, which was launched a month ago, was invulnerable to the cross-site scripting bug, and recommended that all users update to that version immediately.

By Gregg Keizer
InformationWeek

Jan 4, 2007 02:35 PM

In a turn-about from the day before, security researchers on Thursday reported that some versions of Microsoft's market-leading Internet Explorer browser are vulnerable to a critical bug in Adobe's popular Reader software.

The vulnerability in Adobe Reader's browser plug-in, which was publicized Wednesday by several security companies, can let hackers force trusted Adobe PDF (Portable Document Format) files to run malicious JavaScript code on victimized PCs.

Early Wednesday, Symantec researchers insisted that only Firefox 1.5 and Opera 9.10 were vulnerable to a possible exploit; by Thursday, however, additional research had confirmed that some versions of Internet Explorer are at risk. According to an updated DeepSight threat network alert, IE 6.0 on XP SP2 equipped with Adobe Reader 6, as well as IE 6 on XP SP1 running Reader 7, are vulnerable. Also at risk: Firefox 1.5, Firefox 2.0, and Opera 9.10 when running either Reader 6 or 7.

More: http://www.informationweek.com/story/showArticle.jhtml?articleID=196801124&cid=RSSfeed_IWK_Security

Collapse -
WSLabs, Malicious Website / Malicious Code: Adobe Acrobat XS

In reply to: Internet Explorer Vulnerable To Adobe XSS Bug

Websense

Collapse -
Bluetooth cracking tools released

In reply to: NEWS - January 4, 2007

Security News04 January 2007

By Matthew Broersma, Techworld
German programmers have released two tools aimed at compromising Bluetooth devices, including PCs, at the Chaos Communications Congress in Berlin.

Enterprises generally ignore Bluetooth from a security point of view, but should be aware that there are fundamental security weaknesses in the wireless specification, according to Thierry Zoller, who introduced the tools at the conference on Friday.
Zoller, a security consultant, developed BTCrack, an implementation of a flaw disclosed in 2005 by Israeli security researchers. The tool takes advantage of weak PINs in Bluetooth devices, allowing an attacker to listen in on a pairing session and gain access to both paired devices.
HID Attack is a proof-of-concept exploit for hijacking a Bluetooth keyboard using the Human Interface Device (HID) standard. The attack could allow access to sensitive systems, according to developer Collin Mulliner, who said he came across the problem by accident while developing a software keyboard.

More: http://www.techworld.com/security/news/index.cfm?RSS&NewsID=7706

Collapse -
Websense Security Labs - Multi-hack...defaced site hosting P

In reply to: NEWS - January 4, 2007

Multi-hack...defaced site hosting Phish.

Jan 4 2007 10:27AM

Today we received the below email in one of our mail honeypots. The mail basically informs the user they have one "secure message" and that they need to click on the URL in order to access the message. Upon accessing the site they are redirected to a Phishing page that requests information for their bank. Nothing really interesting there. What is somewhat interesting is that the main page of the site was defaced by a well-known Turkish hacking group. Although there is a chance that Phishers are tracking defaced sites and using them for their own purposes, more likely they simply used a similar tool to detect a vulnerable site and uploaded their content there.

More: http://www.websense.com/securitylabs/blog/blog.php?BlogID=103

Collapse -
Microsoft Schedules Eight Bug Fixes Next Week

In reply to: NEWS - January 4, 2007

Microsoft announced it would issue three updates for Windows, three for its Office productivity suite, one that affects both Windows and Office, and another that impacts both Windows and the Visual Studio development platform.

By Gregg Keizer
InformationWeek

Jan 4, 2007 04:25 PM

Microsoft said Thursday that it will begin 2007's security update season with a bang by releasing eight bulletins next week to patch problems in Windows, Office, and Visual Studio.

In the advance notification posted Thursday, Microsoft announced it would issue three updates for Windows, three for its Office productivity suite, one that affects both Windows and Office, and another that impacts both Windows and the Visual Studio development platform. At least two of the updates will be labeled "critical," Microsoft's highest warning.

As is its practice, Microsoft did not disclose details of the updates, but only offered clues about what it plans to fix. Some hints, however, can be gleaned from third-party security vendors that track zero-day, or unpatched, vulnerabilities.

More: http://www.informationweek.com/story/showArticle.jhtml?articleID=196801182&cid=RSSfeed_IWK_Security

Collapse -
Advance notice of Microsoft patches next week

In reply to: Microsoft Schedules Eight Bug Fixes Next Week

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GIVEAWAY

Enter to win* a free holiday tech gift!

CNET's giving five lucky winners the gift of their choice valued up to $250!