The vulnerability, called the Apple QuickTime RTSP Response Header Stack-Based Buffer Overflow Vulnerability, was first disclosed on Nov. 23rd and still remains unpatched. The vulnerability can be exploited through Internet Explorer, Firefox, Opera, and Safari and effects both Windows and Mac users.
First observed on Saturday, the attacks appear to be aimed at Windows users, but Mac OS users could also be at risk since the QuickTime vulnerability in question affects both operating systems, the alert said. That vulnerability, called the Apple QuickTime RTSP Response Header Stack-Based Buffer Overflow Vulnerability, was first disclosed on Nov. 23 and remains unpatched by Apple.
Researchers have shown that the QuickTime vulnerability affects a range of operating systems, including Windows XP, Windows Vista, MacOS X 10.4, and the recently released MacOS X 10.5, also called Leopard. The vulnerability can be exploited through Internet Explorer, Firefox, Opera, and Safari.
There are two types of attacks underway, Symantec said. In the first, victims’ computers are being redirected from an adult Web site, Ourvoyeur.net, to another Web site that infects the computer with an application called loader.exe, which can be saved to the computer as metasploit.exe, asasa.exe, or syst.exe. Once installed on a computer this application downloads another binary file, which Symantec identified as Hacktool.Rootkit, a set of tools that can be used to break into a system.
Hope this helps anyone out who is confused on where their politician stands.
Hillary: Bring the troops home starting within 60 days of being elected.
Obama: Begin withdrawing our troops engaged in combat operations at a pace of one or two brigades every month, to be completed by the end of next year.
Edwards: Supports the immediate withdrawal of 40,000-50,000 troops from Iraq and the complete withdrawal of all combat troops from Iraq within nine to ten months.
Giuliani: No time-table on troop withdrawal
Romney: Send MORE troops to Iraq, increase redeployment.
Huckabee: Stay in Iraq.
Paul: Pull out of Iraq immediately
Upset teen, JedineKazama, explains to the world what hackers are all about:
On Monday, Sunbelt Software’s security blog revealed that thousands of malware redirects were showing up in search engine results. Network bots designed to post relevant keywords and spam links in various online forms (think forum posts or blog comments) helped attackers claim high-ranking search engine positions for various obscure and seemingly innocuous search terms. According to Sunbelt, two of the thousands of terms were “infinity” and “hospice.” Yeah, that’s cool. Search for hospice information for a sick friend or family member, potentially get your system infected with nasty malware.
On Tuesday, Sunbelt revealed more information about the ill-effects clicking on these fake links could have on a vulnerable system (as a reminder – ALWAYS keep your browser and Internet security tools up to date). Best case scenario – you might end up with one of those annoying toolbars and pop-up ads for fake security software. Worst case? Your computer could be used to generate false-clicks for the attacker’s pay-per click programs (so they infect your system so that you can make them money), or worse still, that bot could load other malware/worms/trojans onto the unprotected system. Further investigation also revealed that these SEO-poisoning attacks were targeted at Google, although other search engines may have also been victim to the attacks.
People probably don’t realize, just how often and in how many ways that total strangers are snooping in their lives. Whether the snooping means are video cameras, cell phones or through the Internet there are thousands of businesses, people and governments all up our personal business and lives.
Every time a person fills out a contest entry, sweepstakes form, survey application or joins an online community, then chances are the personal information that is used to complete these things are sold, rented or shared with second and third parties without our knowledge.
Most reputable companies or websites will have a privacy statement that explains clearly how they will use the personal information that they collect from their members or customers. Not all websites or companies are reputable, so it is extremely wise to read their privacy statements before handing over any revealing or personal information about you to strangers.
Q: Who is king of internet marketing?
Yes, yes, I know, do no evil. In the meantime, Google is slowly building one heck of a user profile database. They’ve got your email, they’ve got your documents, they most likely know your physical address and your phone number. Now they can even triangulate your approximate location in real time via your cell phone. They have the potential to eventually know more about you than you know about yourself but not to worry, they’ll never mis-use any of this information they’re collecting.
The following websites are extremely useful to help stop big brother from snooping into your personal business and private lives.
Think that’s a silly question? Think again. A woman’s choice of operating system (OS) can reveal a lot to the inquisitive man. And with women as famously cryptic as they are, let’s face it: it’d be dumb to turn a blind eye to anything that offers a peek into their innermost thoughts. So let’s analyze what a woman’s choice of Windows, Mac OSX, or Linux really means!
“If Samy Kamkar plays his cards right, he may be allowed to visit MySpace again in just a few months. For the time being, however, he’s not even allowed to touch a computer, following a January 2007 guilty plea for creating what many consider to be the first Web 2.0 worm: the Samy worm.
Samy’s worm wasn’t malicious, but it did force News Corp.’s MySpace social-networking site to shut down in late 2005 after forcing more than 1 million users to declare Samy a “hero” on their profile pages.
Last week, Samy, who is now 21, made his first public appearance since his conviction, attending the OWASP App Sec 2007 conference, hosted by eBay, in San Jose, California. He was treated like a celebrity at the show, but there were some complications. Under the terms of his plea agreement, he can only use computers for work, so he was forced to show slides that he’d dictated to a friend on a computer that was operated by a conference staffer.
It’s not easy being a computer geek cut off from computers, but if Samy remains a model parolee, he could be allowed to use computers again in a couple of months. He talked to IDG News Service about what life has been like since his arrest and what he plans to do as soon as he’s online again.”
Excuse the “Myspace Victim” photo above. I’ve said this on every single “virus/wom writer busted” article, and I’ll continue to do so — a worm or virus that doesn’t actually do any real damage should translate into an instant job offer, NOT a conviction… well in a perfect world. In case you were interested in viewing the XSS code, you can find it, and it’s explanation here.
Samy is my hero.
“What do around 16,000 Google employees stare at in the morning when theyâ€™ve arrived at the office? They might be looking at Moma, the name for the Google intranet. The meaning of the name of â€œMomaâ€ is a mystery even to some of the employees working on it, we heard, but Momaâ€™s mission is prominently displayed on its footer: â€œOrganize Googleâ€™s information and make it accessible and useful to Googlers.â€ A â€œGoogler,â€ as you may know, is what Google employees call themselves (they have other nicknames for specific roles; a noogler is a new Google employee, a gaygler is a gay one, a xoogler is an ex-one, and so on).”
Excellent article/guide to using SSH tunnels to bypass using third pary VPN software. I agree with them on all points. SSH FTW.
In a recent Red Hat Magazine article, Paul Frields gave some examples of how SSH port forwarding can be used to remotely gain access to resources, or ports, from a remote location. This article will show a pragmatic implementation of SSH port forwarding by demonstrating how to use configuration files and conditional statements to create permanent, yet dynamic, SSH configurations for your home, office, and any virtual machines you may have on your systems.
Attention Microsoft/Apple, this is why everyone loves Google.
Just released tonight: Even without GPS, it gets your location automatically via cell phone towers.
Working like a charm on my Treo. Is there anything Google can’t do?
Press “0″ and look for the blue dot: or
If you have a GPS-enabled device, this blue dot corresponds to your GPS location. At times, or if you do not have a GPS-enabled phone, you might see the blue dot surrounded by a light blue circle (as shown on the right) to indicate uncertainty about your location.
Why the uncertainty? The My Location feature takes information broadcast from mobile towers near you to approximate your current location on the map – it’s not GPS, but it comes pretty close (approximately 1000m close, on average). We’re still in beta, but we’re excited to launch this feature and are constantly working to improve our coverage and accuracy.
The My Location feature is available for most web-enabled mobile phones, including Java, BlackBerry, Windows Mobile, and Nokia/Symbian devices.
I’ve been searching for an iTunes Coverflow clone in flash, because one of my client asked me to use something like that for a new project. I finally found something decent… Take a look the following link: http://www.quietlyscheming.com/blog/components/tutorial-displayshelf-component/
Now the above opensource product is built for flex2, so it doesn’t suit our project. Then I found this. It’s pure .fla file, and XML to write data. I think this is the best sample to recreate Coverflow in flash.
Tried to catch up on the Prison Break highlights and came across the Amex Only previews. Well since I don’t have an AMEX there’s only one choice. Google American Express support numbers.
Enter any one of these phone number numbers:
then enter anything longer than 5 letters in the name field and any expiration date to access the American Express “exclusive” Prison Break promo.
Leading security researcher and co-creator of the Off-the-Record Messaging (OTR) protocol discusses why you should use OTR to make sure your instant messages remain private. This is especially important given the NSA’s recent wiretapping activities and the increasing prominence of Big Brother.
Off-the-Record Messaging, commonly referred to as OTR, is a cryptographic protocol that provides strong encryption for instant messaging conversations. OTR uses a combination of the AES symmetric-key algorithm, the Diffie-Hellman key exchange, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides perfect forward secrecy and deniable encryption. This is not to be confused with the “off the record” setting in Google Talk, which merely disables logging.
The redeeming thing about OTR is that there is pretty much no configuration after its installed. You don’t have to worry about managing keys, trust databases, or any of that crap. You just click the button and it encrypts. When you “authenticate” someone, you don’t have to memorize their public key. Instead, you type in a shared secret (any string) and if the other party types in the same string, their public key is marked as trusted. Of course, it uses an algorithm that doesn’t reveal the secret to the other party. Pure genius. Great article and video.
At 2:58pm, PST, on Wednesday, November 24, 1971, the day before Thanksgiving in the United States, a man traveling under the name Dan Cooper hijacked a Boeing 727-051, Northwest Orient Airlines Flight 305, flying from Portland International Airport (PDX) in Portland, Oregon to Seattle, Washington, with the threat of a bomb (he had a briefcase containing wires, a large battery and “red sticks”).
Cooper boarded the plane of only 36 passengers and 6 crew. He wore a black raincoat and loafers, a dark suit, a neatly pressed white shirt, a black necktie, and a mother-of-pearl tie pin. He also had black sunglasses.
I realize this is somewhat old news, but after sitting around Calculus class playing with my TI-84 Plus graphing calculator, I decided to look around to see what has been hacked onto these things. I thought for sure some tiny distro of linux has been ported to it. I stumbled upon an open-source project called usb8x. This is very cool.
“Ever since Texas Instruments added a USB link port to the TI-84 line, people have been trying to write drivers for almost any device. Here’s an example of a Lexar Jumpdrive playing a black-and-white short – it’s the lobby scene from The Matrix! Check out the article’s comments for users’ takes on this development.”
In an open letter to Internet service providers published earlier this week, billionaire entrepreneur Mark Cuban calls for telecoms to put an end to peer-to-peer (P2P) file-sharing. Cuban expresses concerns that P2P “freeloaders” are clogging the tubes with commercial content. His letter doesn’t focus on piracy, however, and instead primarily attacks companies that use P2P for legitimate commercial applications. Being from the same hometown, we’re always interested to read the musings of Mr. Cuban, but this time we’re pretty sure he’s missed the point.
“If I was a Comcast customer, I would tell them, as I am now telling all the services I am a customer of: BLOCK P2P TRAFFIC, PLEASE. As a consumer, I want my Internet experience to be as fast as possible. The last thing I want slowing my Internet service down are P2P freeloaders,” says Cuban. “Thats right, P2P content distributors are nothing more than freeloaders. The only person/organization that benefits from P2P usage are those that are trying to distribute content and want to distribute it on someone else’s bandwidth dime… When consumers provide their bandwidth to assist commercial applications, they are subsidizing those commercial applications which if it isn’t already, should be against an ISPs terms of service.”
A group of researchers has described Microsoft’s upcoming Windows Vista Service Pack 1 as a “performance dud”.
Researchers from the EXO Performance Network claimed that a series of in-house benchmark tests showed that users hoping to receive a speed boost from the update will be disappointed.
“After extensive testing of Release To Manufacture and SP1-patched versions of Vista it seems clear that the hoped-for performance fixes that Microsoft has been hinting at have not materialised,” the group said in a company blog.
The tests were run using tools from Devil Mountain Software, which also hosts the group’s site. The researchers used a Dell notebook with 1GB of Ram for the tests.
The benchmark tests measured performance in Microsoft Office 2007, multitasking and streaming media.
The results from the SP1-patched system were nearly identical to those from the version of Vista released to manufacturers, according to the researchers.
“The thinking goes that SP1 will address all of these early performance issues and somehow bring Vista on par with, or at least closer to, XP in terms of runtime performance,” said the report. “Unfortunately, this is simply not the case.”
The researchers concluded that users waiting for the update to fix pokey performance will not get any respite in the short term.
“If you have been disappointed with the performance of Windows Vista to date, get used to it,” they wrote. “SP1 is simply not the panacea that many predicted.”
Apple finally released their new OS called Leopard about a month ago. One of the things I like the most with Apple, and probably everybody loves too, is that they always release tons of beautiful stuff. From the package box to the t-shirt. Yeah there is a very cool t-shirt as well. And now itâ€™s not different. I loved the space feeling of the new wallpaper with that sort of aurora borealis effect.
Besides that, this week the new version of GIMP was released. The 2.4 version has a renewed interface, with new icons, and much more stable, at least running on my mac it has not crashed yet.
Anyways, what I want to show on this tutorial is how to create that Aurora Borealis effect using the new GIMP. Basically I used the Leopardâ€™s wallpaper as my reference. I have to say it was easier than I thought. Follow the link below for the amazing write up.
An old friend emailed me over the weekend and asked for some help reducing the size of a MP3 file so he could load it on his wireless phone. Seems he wanted the ringer to sound like a sheep when one certain person called (don’t ask), but the MP3 he found was too big for the phone to accept.
I did a little research and found a cool little utility called FreeRIP that will convert between .WAV, .MP3 and .OGG formats with ease. You can also convert a MP3 file to the same format, but with a different bit-rate, which allowed my friend to reduce the file size as needed, and duly embarrass his friend in public.