TechBlog

RealPlayer update fixes security vulnerabilities

Published: May 17, 2012 Reading Time: 1 min

The H-Online: RealNetworks is warning users about multiple security vulnerabilities in its RealPlayer media player application for Windows; the company says that none of the, now fixed, holes are known to have been used to compromise systems. The released update, version 15.0.4.53 of RealPlayer, closes three security holes. One hole is related to ASM RuleBook parsing that could be exploited by an attacker to remotely execute arbitrary code, another is a memory corruption problem related to MP4 file handling in the QuickTime plugin used by RealPlayer, and the third is a buffer overrun in the Media parser. ...

Continue Reading

Chrome 19 released with tab syncing

Published: May 17, 2012 Reading Time: 3 min

The H-Online: Google has announced that Chrome 19 is the new stable version of its open source based web browser. As usual, the browser sees a number of security fixes: this time there are seven high-severity fixes specifically for Chrome including various use-after-free and out-of-bounds errors. Two fixes with a wider impact than Chrome are also mentioned – a workaround for a Linux NVIDIA driver bug and an “off-by-one out-of-bounds” write in libxml. In all, $7500 was paid out in rewards to security researchers, and Google notes it has also paid out $9000 to researchers to stamp out bugs before they reached its stable channel. ...

Continue Reading

Google bringing new smarts to Search with Knowledge Graph

Published: May 16, 2012 Reading Time: 2 min

Google’s Knowledge Graph will display summaries of topics when your query is related to one of the 500 million items in Google’s new database of things. Google has long sought to index the world’s information — and it’s now taking things a step farther with an effort to create “a database of everything in the world.” And it’s bringing this effort to your search results pages. The new Knowledge Graph project, rolling out to English-language Google Search users over the next few days, provides more data snippets alongside its query results than the search engine currently provides. The results are based on Google’s new database of 500 million people, places, and things, says Jack Manzel, Product Management Director of Search at Google. Manzel says there are 3.5 billion attributes and connections between these things in the database. ...

Continue Reading

Avira AV update hangs systems

Published: May 15, 2012 Reading Time: 2 min

H-Online Says: A faulty update for Avira‘s paid-for anti-virus software blocks harmless processes and may in some cases stop computers from booting. The update results in the ProActiv behavioral monitoring component becoming oversensitive in its treatment of executable files. According to user reports, ProActiv blocks trusted system processes such as cmd.exe, rundll32.exe, taskeng.exe, wuauclt.exe, dllhost.exe, iexplore.exe, notepad.exe and regedit.exe. In some cases this results in Windows failing to boot properly. It also appears to be blocking non-OS applications such as Microsoft Office, the Opera web browser and Google’s Updater program. ...

Continue Reading

Sniffer tool displays other people's WhatsApp messages

Published: May 13, 2012 Reading Time: 2 min

The H-Online: WhatsApp Sniffer is an app able to display messages from other WhatsApp users connected to the same network as the app user. The tool diverts all data traffic on, for example, a Wi-Fi network through the user’s smartphone and seeks out WhatsApp messages, which are transferred in plain text. All the user requires is a rooted Android smartphone. The WhatsApp messaging service has established itself as an alternative to texting between smartphone users, because, unlike text messages, users only have to pay for data use. And if a user is in range of a free Wi-Fi point, then it is free to use. ...

Continue Reading

Microsoft Patch Tuesday more extensive than anticipated

Published: May 10, 2012 Reading Time: 2 min

The H-Online: As previously announced, Microsoft has released seven bulletins to close a total of 23 vulnerabilities on its May Patch Tuesday. The total number of bulletins belies the scope of the patches, however, as the combined update MS12-034 closes various holes in numerous products. The reason for this is a critical hole in the code for processing TrueType fonts that was exploited by the Duqu spyware last year. The hole was closed in the Windows kernel on the December Patch Tuesday; however, Microsoft has since used a code scanner to track down the vulnerable code in numerous other components; among them is the gdiplus.dll library, which is used by various browsers to render web fonts. ...

Continue Reading

Excuse me, Graham Cluley

Published: May 6, 2012 Reading Time: 1 min

Hi,/ You may have noticed that part of my blog posts are copied from other source as I name them (and link them) in beginning of my posts, for example “Naked Security” (SophosLabs). Just today I noticed a message from “Graham Cluley”, one of the Authors in “Naked Security” blog which asked me to don’t re-post his articles. In the past I had checked with many of my other sources and they have always gave me permission to share their articles as long as it comes with a link to the source too and I thought “Naked Security” blog follow same rule, but seems they don’t, no problem. ...

Continue Reading

PHP patch quick but inadequate

Published: May 5, 2012 Reading Time: 2 min

The H-Online: The updates to PHP versions 5.3.12 and 5.4.2 released on Thursday do not fully resolve the vulnerability that was accidentally disclosed on Reddit, according to the discoverer of the flaw. The bug in the way CGI and PHP interact with each other leads to a situation where attackers can execute code on affected servers. The issue remained undiscovered for eight years. The best protection at present is offered by setting up filter rules on the web server. However, the RewriteRule workaround described on PHP.net is also, according to security expert Christopher Kunz, inadequate. He suggests a slightly modified form of the rule as an alternative. ...

Continue Reading

Adobe Flash Player update closes critical object confusion hole

Published: May 5, 2012 Reading Time: 2 min

The H-Online: Adobe has released a security advisory relating to an object confusion vulnerability which allows an attacker to crash the player or take control of an affected system. Adobe says that there are reports of this vulnerability being exploited in the wild as part of targeted email-based attacks which trick the user into clicking on a malicious file; this exploit only targets Flash Player on Internet Explorer on Windows, though the vulnerability exists on Windows, Mac OS X, Linux and Android versions of the player. ...

Continue Reading

Fake Google Iranian domain defaced by Algerian Script Kiddies

Published: May 3, 2012 Reading Time: 1 min

TheHackerNews: Google got Pwned ? NO Few Algerian Script Kiddies try to spread fake rumors that they Hack and Deface the Giant Search engine “Google Iranian” domain http://www.google.co.ir/ . As the screenshot shown a Algerian flag on it and Page Titles : **“**H4Ck3D By vaga-hacker dz and DR.KIM”. As mentioned by hacker, the team include hackers named : “V4Ga-Dz,Dz0ne,DR-KIM King-Dz,BroX0 aghilass elite jrojan password kha&mix wasim -dz” . It is not confirmed that, either these are member from some Anonymous Hackers but they try to use Anonymous Hackers Tag line : We Dont Forget , We Dont Forgive, Expect Us! to get some publicity. ...

Continue Reading