TechBlog

RealPlayer update closes critical holes

Published: February 7, 2012 Reading Time: 1 min

The H-Online: RealNetworks has released an update to RealPlayer to close a number of holes in its media player application. Version 15.02.71 of RealPlayer addresses a total of seven remote code execution vulnerabilities, rated as highly critical by Secunia, which could be exploited by an attacker to compromise a victim’s system. These include errors when processing RMFF Flags, VIDOBJ_START_CODE and RealAudio coded_frame_size, as well as RV10 Encoded Height/Width, RV20 Frame Size Array and RV40 content. A remote code execution problem in Atrac Sample Decoding has also been fixed but is not found in the 15.x.x branch of the media player; this issue affects Mac RealPlayer 12.0.0.1701 but is reportedly not found in version 12.0.0.1703. ...

Continue Reading

Google plans to turn off online checks for SSL certificate validity

Published: February 7, 2012 Reading Time: 2 min

The H-Online: Google plans to turn off online checks for SSL certificate validity in its Chrome browser soon, according to a blog post by Adam Langley, the developer in charge of that element of the browser. Instead, the browser will use the update mechanism to receive lists of revoked certificates. When browsers make a connection, they check whether the certificate presented by the server has already been blocked by the certificate authority, using either the certificate authority’s certificate revocation lists (CRLs) or, directly and interactively, the Online Certificate Status Protocol (OCSP). But that whole process has never been completely reliable, since, if the browser isn’t certain of the validity – if, say, an OCSP request doesn’t work – it simply “looks the other way”. Otherwise, there would be too many false alarms. ...

Continue Reading

Malware automatically uploading stolen data to the File sharing sites

Published: February 6, 2012 Reading Time: 1 min

The Hacker News: Roland Dela Paz, a threat response engineer with Trend Micro have discovered a piece of malicious software that automatically uploads its stolen data cache to the SendSpace file-sharing service for retrieval. File-storage services offer several advantages for cybercriminals. SendSpace accepts files and then generates a link that can be shared with other people to download the content in the files. The malware has been configured to send files, copy the download link and send it to a command-and-control server along with the password needed to access the archive, Dela Paz wrote. ...

Continue Reading

Joomla! updates close information disclosure holes

Published: February 6, 2012 Reading Time: 1 min

The H-Online: Versions 1.7.5 and 2.5.1 of the open source Joomla! content management system (CMS) have been released to address two information disclosure vulnerabilities. These include one medium severity problem in Joomla! 1.7.x that could allow an unauthorized user to gain access to the error log stored on a victim’s server, and, in both versions, an inadequate validation problem that could be exploited to gain access to private data. The update to Joomla! 2.5, which arrived last month, also fixes 30 bugs, including one that caused batch processing to break. ...

Continue Reading

USA to equip military, government officials with Androids

Published: February 6, 2012 Reading Time: 4 min

SophosLabs: The United States, which currently forbids government workers or soldiers to use smartphones to send classified messages, is preparing a modified version of Google’s Android operating system that will meet its security certifications. According to CNN, the army has been testing touchscreen devices at U.S. bases for almost two years. Forty phones were sent to soldiers overseas last year, and another 50 phones and 75 tablets are scheduled to ship to soldiers in March. ...

Continue Reading

Google Launches ‘Solve for X,’ Think Tank for Fixing Global Problems

Published: February 6, 2012 Reading Time: 2 min

Mashable: Google just debuted a project dedicated to attacking some of the biggest problems facing civilization, such as global warming, and proposing “radical” ideas for solving them. Solve for X Called “Solve for X,” the idea resembles TED (Technology Entertainment and Design), the series of conferences that feature industry leaders exploring big-picture ideas and how they can improve society. Solve for X, however, appears to be more focused on global problems, using them as opportunities to encourage “moonshot” thinking. ...

Continue Reading

German government makes recommendations for secure Windows PCs

Published: February 6, 2012 Reading Time: 2 min

The H-Online: The German Federal Office of Information Security (BSI (German), BSI English) has compiled security recommendations for Windows PCs that will probably sound familiar to regular readers of The H: Anti-virus software – including free solutions –, backups, security updates, an alternative browser such as Google Chrome and “a healthy level of mistrust” are the main components of its proposal for a secure Windows PC. As the UK lacks a governmental organization that makes such recommendations, as usually such organizations recommend policy for public projects, it is worth seeing what Germany’s BSI suggests. ...

Continue Reading

Goodbye BTJunkie

Published: February 6, 2012 Reading Time: 2 min

gHacks: Users of the popular Bittorrent indexing website BTJunkie who try to access the site’s content in a web browser are not seeing the usual site layout, but a goodbye message instead. The message states that the site operators have decided to close down the service voluntarily after more than seven years of operation. No reason other than that is provided, but it is likely that the decision is linked to recent events, in particular the Pirate Bay case in Sweden where founders of the site recently lost the final appeal and are looking at prison time, and the Megaupload takedown and the fallout that followed. ...

Continue Reading

US attacks Iran and Saudi Arabia? Malware spreads via Facebook status updates

Published: February 3, 2012 Reading Time: 2 min

SophosLabs: Beware of malware lurking on news websites claiming to containing breaking news stories. I’ve seen a worrying number of Facebook users posting the same status messages today, claiming that the United States has attacked Iran and Saudi Arabia in a move heralding the beginning of World War 3. Well, that would certainly get your attention, wouldn’t it? A typical status message looks like the following: U.S. Attacks Iran and Saudia Arabia. F**k 🙁 [LINK] The Begin of World War 3? ...

Continue Reading

Skype 5.8 For Windows Brings Full HD Video Calls, Facebook Integration

Published: February 3, 2012 Reading Time: 1 min

Mashable: Skype for Windows version 5.8 is out, bringing several interesting features, including full HD video-calling, group screen sharing and Facebook integration. Full HD video calls will be most useful to those who own a HD webcam, for example Logitech C920 which does the video encoding itself thus improving HD video quality on older computers. Video calling for Facebook works even with users who don’t use Skype. To start a video call with a Facebook buddy, select the person in your list and click “video call.” ...

Continue Reading