Critical Vulnerabilities Discovered In Real Player

Filed under: — Aviran Mordo

Security company eEye discovered multiple vulnerabilities in RealPlayer and RealOne Player, which could be exploited by remote attackers to execute arbitrary commands.

The first issue is due to a stack overflow error when processing a malformed data packet contained in a Real Media file, which could be exploited by remote attackers to compromise a vulnerable system by convincing a user to visit a malicious Web page hosting a specially crafted “.rm” file.

The second vulnerability is due to a heap overflow error in the “DUNZIP32.DLL” library that does not properly handle a malformed RealPlayer skin file, which could be exploited by attackers to execute arbitrary commands by tricking a user into visiting a malicious Web page hosting a specially crafted “.rjs” file.

The third flaw is due to an unspecified stack overflow error when processing malicious skin files, which could be exploited by remote attackers to compromise a vulnerable system.

Security website FrSIRT rates these vulnerabilities as critical (4/4)

RealNetworks has released a patch for this vulnerability. The patch is available via the “Check for Update” menu item under Tools on the RealPlayer menu bar or from http://service.real.com/realplayer/security/.

Yahoo Backs Off Bidding for AOL Stake

Filed under: — Aviran Mordo

Internet media company Yahoo Inc has backed out of the running to buy a stake in Time Warner Inc.’s America Online Internet unit.

“After we learned what their proposed deal terms were we passed and we’ve never looked back,” a Yahoo spokeswoman said on Thursday, confirming a report in the Wall Street Journal.

She denied that the company had made an offer for AOL but confirmed that Yahoo Chief Executive Terry Semel met with Time Warner chairman Richard Parsons in October.

The paper, citing a person familiar with the matter, said Time Warner signaled it wasn’t interested in the terms Yahoo was willing to offer.

Time Warner is still in talks with Web search engine Google Inc. and software giant Microsoft Corp. and the Journal said the two companies are neck-and-neck in the talks, citing unnamed sources.

Time Warner is expected to choose one partner with which it will start exclusive negotiations as early as next week, the paper said.

Source: eWeek

3 Companies Shut Down On Spyware Charges

Filed under: — Aviran Mordo

A U.S. court shut down three Internet companies for secretly bundling malicious “spyware” with ring tones, music programs and other free high-tech goodies, the U.S. Federal Trade Commission said on Thursday.

The malicious software tracked victims’ Internet activity, hijacked their home pages and deluged them with unwanted “pop up” ads, the FTC said.

The assets of Enternet Media Inc. and Conspy & Co. Inc., based in California, and Iwebtunes, based in Ohio, have been frozen pending further court action, the FTC said. The court also ordered all three firms to halt downloads of the software.

According to a complaint filed in district court in Los Angeles, Enternet and Conspy bundled their malicious software with music files, song lyrics and cellular telephone ring tones offered free on a range of Web sites. The software was also disguised as a security upgrade for Microsoft Corp.’s Internet Explorer Web browser.

Iwebtines bundled the spyware with a program that plays background music on blogs, the FTC said.

Once lodged on a victim’s computer, the spyware was difficult to remove, the FTC said.

Microsoft, Google Inc. and Webroot Software Inc. helped with the investigation, the FTC said.

Source: Reuters

Official ‘Lost’ Fan Club Announced

Filed under: — Aviran Mordo

ABC and Creation Entertainment today announced the launch of The Official LOST Fan Club for dedicated viewers of the hit television series.

Members will receive a LOST “Survivors” Package containing an exclusive club DVD, a t-shirt, cast photos, trading card and poster, bumper stickers, an Oceanic Airlines Carry Bag, frequent flyer card and a boarding pass to the mysterious ill-fated Flight 815.

Fan club members will also gain access to an exclusive on-line content site featuring regularly updated cast and crew interviews, photos, news and games.

Erin Ferries, V.P. of Licensing for Creation Entertainment, said, “It is our hope with The Official LOST Fan Club to give the show’s most loyal viewers a chance to really be part of the action and mystery of the series. The storylines and cast of LOST really make running this fan club a uniquely fun experience, one that will take our members into the heart of this great show.”

The Official LOST Fan Club is priced at $27.95

Patents Chilling Effect on Science

Filed under: — Aviran Mordo

The American Association for the Advancement of Science recently conducted a survey on the effect of patenting on the sciences. The results are frightening: 1/5th or more of all research projects in the United States are being chilled by patent holders. The shear amount of research being canceled because of licensing issues is astounding, but at the same time many of these researchers hold their own patents and therefore contribute to the problem.

Source: Slashdot

First Trojan Using Sony DRM Spotted

Filed under: — Aviran Mordo

The malware arrives attached in an email, which pretends to come from a reputable business magazine, asking the businessman to verify his/her “picture” to be used for the December issue. If the malicious payload contained in this email is executed then the Trojan installs an IRC backdoor on affected Windows systems.

Romanian anti-virus firm BitDefender confirms that the malware is in the wild but a full technical analysis of the Trojan is yet to be completed. The response of anti-virus firms, some of which have only promised to flag up rather than block system changes made by Sony-BMG’s rootkit, remains unclear.

Source: The Register

Google’s Going to the Automat

Filed under: — Aviran Mordo

Search giant Google Inc. wants to patent something it calls “Google Automat,” which analysts suggest is another major piece of its online retailing and advertising strategy.

UBS Investment Research analyst Benjamin Schachter, and Florida-based Classified Intelligence, a classified ad strategist, on Wednesday both described Google Automat as a way for individuals, or small advertisers, to more quickly buy advertising.

Google uses the slogan “Advertise Your Items for Sale on Google in Under 1 Minute with Google Automat” to describe it, according to Classified Intelligence, which reviewed the patent application.

Source: eWeek

OpenDocument Format Gathers Support

Filed under: — Aviran Mordo

Big guns in the software industry are massing behind OpenDocument as government customers show more interest in open-source alternatives to Microsoft’s desktop software.

IBM and Sun Microsystems convened a meeting in Armonk, N.Y., on Friday to discuss how to boost adoption of the standardized document format for office applications. The ODF Summit brought together representatives from a handful of industry groups and from at least 13 technology companies, including Oracle, Google and Novell.

That stepped-up commitment from major companies comes amid signs that states are showing interest in OpenDocument. Massachusetts in September decided to standardize on OpenDocument for some state agencies.

Source: News.com

Suit targets Sony BMG anti-piracy technology

Filed under: — Aviran Mordo

Record company Sony BMG Music Entertainment has been targeted in a class-action lawsuit in California by consumers claiming their computers have been harmed by anti-piracy software on some Sony BMG CDs.

The claim states that Sony BMG’s failed to disclose the true nature of the digital rights management system it uses on its CDs and thousands of computer users have unknowingly infected their computers, according to court documents.

The suit, filed Nov. 1 in Los Angeles Superior Court asks the court to stop Sony BMG from selling additional CDs protected by the anti-piracy software and seeks monetary damages for California consumers who purchased them.

A spokesman for Sony BMG declined to comment.

Source: News.com

Powered by WordPress