8/12/2005

Exploits Circulate for Windows 2000 Worm Hole

Filed under: — Aviran Mordo

Windows 2000 users, patch now or else…
That’s the blunt warning from Microsoft Corp.’s security response center after “detailed exploit code” for a wormable flaw started circulating on underground security Web sites.

The software maker rushed out an advisory late Thursday night to warn that unpatched Windows 2000 users are at the biggest risk of a PC takeover attack.

Ziff Davis Internet News has confirmed the existence of at least five exploits targeting several different vulnerabilities patched by Microsoft earlier this week.

The one that worries Microsoft the most is the exploit for the Plug and Play vulnerability addressed in the MS05-039 bulletin.

The vulnerability is an unchecked buffer in the Plug and Play service that can be exploited as a privilege escalation or to run remote code as administrator. Plug and Play, or PnP, is a feature that allows the operating system to detect new hardware installed on a system. For example, when a user installs a new mouse on a PC, PnP allows Windows to detect it and load the needed drivers.

Microsoft’s patch updates the Plug and Play service code to validate the length of a message before it passes it to the allocated buffer and has been released for users of Windows 2000, Windows XP and Windows Server 2003 users.

Source: eWeek

One of the Most Complex Cybercrime Attacks Ever

Filed under: — Aviran Mordo

PandaLabs has reported a sophisticated ‘chain’ attack, perpetrated through the SpamNet.A Trojan, discovered on a web page hosted on a server in the USA, with a domain registered from an address in Moscow. The attack is highly complex, using a tree structure to infect with up to 19 species of malware. Its principal goal is to send out junk mail, and, by using this complex structure, has so far compiled more than 3 million email addresses worldwide. Panda Software has contacted the companies that host the files and web pages that are the main part of this organized attack.

The infection chain begins when a user visits the web page mentioned above. This web page uses the Iframe tag to try to open two new pages. This initiates two parallel processes, each one associated to one of the two pages:
(more…)

SHOWTIME and MSN Video to Stream Videos

Filed under: — Aviran Mordo

The first episode of “Barbershop: The Series,? a new show that premieres this Sunday, Aug. 14 at 10 p.m. EDT and PDT on SHOWTIME, will be available for streaming in its entirety on MSN® Video simultaneously with the series debut.

The first episode of the half-hour comedy series, which focuses on the interplay between an eclectic staff of haircutters and their customers at a Chicago barbershop, also can be viewed free at http://www.msnvideo.com. The “Barbershop? pilot will be available on MSN for eight consecutive days starting Aug. 14. In addition, MSN Video will feature behind-the-scenes content and clips from each of the series episodes throughout the season for free.

“We’re thrilled to be working with SHOWTIME, a member of MSN Video since our launch of the service in January 2004, to introduce this edgy and inventive series to our extensive network of unique users,? said Mike Conte, general manager of MSN Marketplaces and Digital Media at Microsoft Corp. “Consumers can expect to see even more examples of original programming on MSN Video, which continues to attract high-quality content, exceptional advertising support and fast-growing viewership.?

“This is a wonderful opportunity to introduce our outstanding SHOWTIME programming to a whole new audience,? said Showtime Executive Vice President Mark Greenberg. “We’re confident that once people get a taste of this terrific new series ‘Barbershop,’ they’ll want to sign up for SHOWTIME.?

Google pauses library project

Filed under: — Aviran Mordo

Google will temporarily stop scanning copyright-protected books from libraries into its database, the company said late Thursday.

The company’s library project, launched in December, involves the scanning of out-of-print and copyright works so that their text can be found through the search engine’s database. Google is working on the project with libraries at Stanford University, Harvard University and other schools.

The plan has come under fire from several groups, including publishers, who object to what they claim are violations of their copyrights.

Google said on its blog late Thursday that, following discussions with “publishers, publishing industry organizations and authors,” it will stop scanning in copyright-protected until November, while it makes changes to its Google Print Publisher Program.

Source: News.com

Mac Hacks Allow OS X on PCs

Filed under: — Aviran Mordo

That future may already be unfolding: Hackers have found a way to bypass a chip designed to prevent the Mac OS from running on non-Apple PCs, which are often cheaper than Macs.

Some of the hackers are running the tweaked version of the operating system on their PCs natively. Others are using the system with VMware, which allows the Mac OS to support more PC hardware.

Hackers and curious computer users this week have been downloading the tweaked Mac OS X for PCs, nicknamed “OSx86,” from several websites connected to the BitTorrent file-distribution system.

OSx86 is designed to run on Apple Computer’s next generation of hardware, which some call “MacIntels” and others “MacTels” because the machines will run on Intel microprocessors rather than the PowerPC processor used in current Macs. The hacked version of OSx86 is based on pirated software, which came from copies of the operating system sent to participants in the Apple Developer Connection. The ADC participants also received MacIntel computers for testing and development.

Now the hacked version of OSx86 is running on Dell laptops and other PCs with Intel and AMD microprocessors.

Source: Wired

Breaking on through to 4G

Filed under: — Aviran Mordo

US wireless company xG technology claims its radio technology will outperform 3G, 802.11x and Ultrawideband – making it the first real contender for fourth-generation connectivity

Once every two or three years, a new company appears and makes extraordinary claims about fundamentally new technology. Often, these prove to be more hype than substance; sometimes, however, an idea has the potential to change the game.

This years’ contender is xG Technology, a Florida company with a wireless data system called xMax. This will outperform any existing radio technology, says the company, providing bandwidth and range that substantially outclass 3G, 802.11x and ultrawideband while using far less power and causing far less interference. So far, the company has been reticent to describe exactly how this system works, but ZDNet UK has spent some time in conversation with Chris Whiteley, the programme manager for xMax, and Joe Bobier, president and chief executive of xG Technology and the inventor behind the idea. Although we’ll have to wait for three more months before the company goes properly public, Whiteley and Bobier discussed the basic idea behind xMax and lent some credence to the possibility that it may indeed work as advertised.

Source: ZDNet

Verizon Web Site Flaw Allowed Record Access

Filed under: — Aviran Mordo

Verizon Wireless customers who signed up for online billing services were able to peek at some details of others’ accounts due to a Web site programming error that was caught by a customer and fixed this week, a company spokesman said Thursday.

The flaw allowed customers who punched in another user’s phone number to see how many airtime minutes that person had used, as well as the number of free minutes they had remaining for the month, spokesman Tom Pica said. Snoopers could also learn what cell phone model a customer used.

All users who registered to use the “My Account” system were affected by the glitch, which could have been in place for as long as five years, Pica told The Associated Press. It did not appear that anyone had taken advantage of the error to pry into individual accounts, he said.

Source: AP

Intel to detail new chips at conference

Filed under: — Aviran Mordo

Intel plans to provide details on a new generation of multicore processors at its semiannual developer conference in two weeks–and in the process highlight how its chip families are coming back together.

The new chips will start to emerge in the second half of 2006 and sport, among other attributes, greater energy efficiency and better manageability, according to sources familiar with the company’s plans. The chips are code-named Merom (for notebooks), Conroe (for desktops) and Woodcrest (for servers).

Intel CEO Paul Otellini plans to provide details about the new generation of chips on Aug. 23, the first day of the Intel Developer Forum, which will take place in San Francisco.

Source: News.com

Powered by WordPress