[Lockergnome] Computer Security ~ August 8, 2009

Lockergnome's Computer Security ~ August 8, 2009    dont have internet connection.. what should i do?? http server not connecting Heeeeeelllllllllppppppppppp !!!!!!!!!!!! ACER Laptop is. brother p-touch pro xl is wasting tape Disc Cleanup side-by-side configuration is incorrect Firefox freezes everything! Remove date from a digital photo IE 8 HELP ME OUT Limited or No Connectivity Outlook Express 6 Not Receiving All Mail In Account How can I unsinstall and end updates for Internet Explorer sony vaio unstable/won't boot Unused Programs Personal File Server: Wrinc Lab's new Personal File Server is Web-based software that allows Web site visitors to download and upload files using only their favorite browser. It is a very extensible solution in sharing audio/video files, documents or any other file type with ease. Files can be shared with colleagues and friends on a network, intranet or Internet without needing any third party software or a browser plug-in. It is also a very robust solution for customized... [Click Here to Download] Lockergnome help - Antivirus Discussions How to update NOD32? a small disturbance in Beijing AVG Free AntiVirus -some problems lately- anyone else? Problem with iexplore.exe AVG - The Virus Vault has reached the maximum file count l.. Avg reported virus/trojan then disappeared? Internet Explorer 8 Coming Next Month Via WSUS MAC Produces 3rd Annual Global Fusion Festival TT Livescan Database Update - 7/7/2009 Avira free: problem with advertising Avira a bit misleading computer desktop and laptop Win32.Brontok smsstoraqge.lst free antivirus for old notebook Lockergnome help - Trojans/Spyware Discussions System Security 2009 Can I delete these "problems" from Spybot - Search & Destr.. Alexa Toolbar: Security software finds it as Virus/Spyware Google Hijack Virus I need help!! i think i have malware avg updates are "forbidden" Can't seem to remove uacinit.dll. Help please? spyware hi, i have a malware infection i think :-( nother hijacked google in firefox and IE Google Hijack- Unable to update anti-virus Search hijacked -- AVG Can't Update - Frequent crashes Plethora of problems from one stupid action. Spyware Doctor Offer Help for yet another search engine hijack? Lockergnome help - Antivirus Discussions - General Discussions How to update NOD32? a small disturbance in Beijing Problem with iexplore.exe MAC Produces 3rd Annual Global Fusion Festival Avira a bit misleading computer desktop and laptop Win32.Brontok smsstoraqge.lst Search Engine Result Page Hijacked TT Livescan Update AV for old Win ME laptop Recycler etc... bar311 got me, logs on & right back off ! More Spam 83378 Sears/Kenmore Air Cleaner Replacement Filter Lockergnome help - Antivirus Discussions - McAfee Internet Explorer 8 Coming Next Month Via WSUS McAfee Annoying Restart Computer Warning Anybody had to deal with McAfee's new Download Manager? Norton vs McAfee? McAfee Uninstall has crippled me McAfee ePO CMA Install Issues w/ Framework Service AVS is no more, AOL now using McAfee McAfee Enterprise AV Problem McAfee Virus Scan Enterprise Update problem help please Uninstall McAfee Firewall Kaspersky vs McAfee and Norton McAfee isn't picking up a pest!!! Infamous McAfee framework service problem McAfee updated then msconfig gives "access denied, log in .. McAfee, Vista and Dell- an installation from hell Lockergnome help - Antivirus Discussions - Symantec/Norton Will Norton AV 2002 run on Win98se? Online attackers feed off Norton forum purge Can't login to Norton Internet Security are going to buy norton 2009? How do I "reset" Symantec scan history? Secure storage system svichoost.exe anyone? How to un-install NORTON suite? AVG vs Norton NAV 2007 total removal ??? Infostealer cancelling Norton subscriptions Norton 360 vs. printer/scanner issues Norton Internet Security 2007 Problem With Norton SystemWorks and Windows XP Login Lockergnome help - Antivirus Discussions - AVG AVG Free AntiVirus -some problems lately- anyone else? AVG - The Virus Vault has reached the maximum file count l.. Avg reported virus/trojan then disappeared? Disabling AVG AVG problem with AutoIt scripts ... ? What to do to stop A.. Defrag AVG files AVG 8.0 Problems Galore AVG Free Edition 8.0.175 Unable to install AVG free 8.0 Problem installing paid AVG 8.0 - ewido conflict AVG free command line Problems uninstalling AVG Free 7.5 stop AVG Gaelicum removal tool running on startup Network question with AVG 8.0 Quick Scan? Lockergnome help - Antivirus Discussions - F-PROT F-PROT Is F-Prot for DOS no longer supported? F-Prot Fisk Intl' F-Prot What is latest version of F-Prot for DOS free version? F-Prot for Dos not scanning all files F-Prot server down? F-Prot Antivirus ftp://ftp.f-prot updates taking forever to download F-PROT for Linux - Trying to check bootsector F-prot DOS run in Windows DOS BOX or real mode MS-DOS modifying memory usage of a program (F-Prot)? AdAware 1.06 conflict with F-Prot 3.16b NOD32 vs. F-PROT? Commercial message from F-Prot Lockergnome help - Antivirus Discussions - Panda Problem with Panda mother-in-law's computer riddled pfdnnt program not found after uninstalling Panda IS unable to install Panda Panda 2007 - internet/lan problem Panda and PATH command problem with panda antivirus 2007 How about Panda PANDA FIREWALL ALLOW IP RANGE OF LAN Panda Titanium 2006 virus and anti spyware a scan schedule.. problems found with panda dont no how to get rid panda titanium antivirus plus antispyware 2006 renew license how to move panda businesSecure panda update script panda for linux free? Lockergnome help - Antivirus Discussions - Free Antivirus TT Livescan Database Update - 7/7/2009 Avira free: problem with advertising free antivirus for old notebook Freebie AV For Windows Home Server? Free Anti-Virus programs eEye Blink free anti-malware and firewall System files protected Has anyone tried the free Spyware Doctor Starter Edition -.. 4 windows XP installation ! Trend Micro 2008 compared to Avast 7.5 task bar pop-up spyware malware fix problem with the Resident Shield of AVG7.5 BugHunter Signature Update August 4th, 2007 - 10,953 signa.. Freeware Software BugHunter Update! 07.09.2007 Lockergnome help - Antivirus Discussions - Others Google-Redirect virus? Zone Alarm Trial - Running Firewall only Bit Defender uninstall Unable To UnInstall TrendMicro's PC-Cillin?? G-Data Antivirus or NOD32? Trend Micro PC-Cillin Internet Security 2007 Issue RunScanner 0.9.5 released! Bit Defender Finds This Trend Micro Pc-cillin Trend PC-Cillin and Windows 98SE Upgrade? Trend Micro PC-cillin trendmicro internet security restore quarantines problem BitDefender on demand only new files and folders created by BitDefender? How to Handle Remote Tech Support Lockergnome help - Trojans/Spyware Discussions - General Discussions System Security 2009 Alexa Toolbar: Security software finds it as Virus/Spyware Google Hijack Virus I need help!! i think i have malware avg updates are "forbidden" Can't seem to remove uacinit.dll. Help please? spyware hi, i have a malware infection i think :-( nother hijacked google in firefox and IE Google Hijack- Unable to update anti-virus Search hijacked -- AVG Can't Update - Frequent crashes Plethora of problems from one stupid action. Spyware Doctor Offer Help for yet another search engine hijack? I've been hijacked... google, yahoo, etc. results redirected Lockergnome help - Trojans/Spyware Discussions - Lavasoft Ad-Aware Ad-Aware crashes on Opera cookies - why? Adaware error whist scanning problem ad-aware & spybot spybot and addaware ADAWARE 2007 ADAWARE SE COMMAND LINE OPTIONS Ad-Aware Updates Adaware will not finish Adaware definitions "588 days old" ??? Does BitDefender interfere with Ad-Aware? Ad-Aware ref file problem Kaspersky and Ad Aware Pinging all the experts here -->Zone Alarm anti-spyware ju.. Updates: Latest Defs. Jun. 15th?! AdAware found regkey items...advice? Lockergnome help - Trojans/Spyware Discussions - Webroot Spy Sweeper Vietnampathfinder Travel Spy Sweeper v 6.0.2.39 stopping spysweeper spy sweeper under vista Spy Sweeper Interface Problem Allow specific ad sites in v5.5? Webroot Antivirus any good? XP Shutdown/Restart Problem after installing Spy Sweeper. Not Sure Spysweeper 5.3.2.2361 is Working Restart Problem (Spy Sweeper) webroot spysweeper How good is SpySweeper Antivirus extra module? spy sweeper 5.0 problems? Spy Sweeper: ma vi sembra possibile? SpySweeper dected Perfect Keylogger. Now what? Lockergnome help - Trojans/Spyware Discussions - Spybot S&D Can I delete these "problems" from Spybot - Search & Destr.. Trojan horse virus SHeur.BSLA Spybot-B I am SICK of w32.spybot.worm spybot search and destroy Spybot 1.4 & Win 95 k6ber.exe hacktool and msnsgrs.exe spybot TeaTimer Issues Spybot S&D Allow Change Problem SpywareBlaster and Spybot Search & Destroy. Spybot Search and Destroy Updates Folder Tea-Timer (Spybot) spybot question Hits with Spybot Spybot & The Bane of the '!!bad checksum!' Super Bounce Out: One of the most popular games released by famed Windows game publisher GameHouse! In Super Bounce Out, you must bounce out balls by arranging them in lines of three or more of the same colour. You can swap two balls that are next to each other (touching), but at least one of the balls must form a line of three or more balls of the same colour. You receive more points for getting four, five... [Click Here to Download] Administrivia © 1996-2008, Lockergnome LLC. ISSN: 1095-3965. ISIPP Accredited. All Rights Reserved. Web site hosted by the folks who bring us Lockergnome.net.

Wine in Hawaii Social Networking in Hawaii Top 5 Reasons I Could Live in Hawaii The View in Hawaii from my Sheraton Hotel Room The World's Geekiest Toothbrush: Philips Sonicare I Got Leid! What do Gnomedex and Tweetups Taste Like? What Do You Put on Your Burger? What is the Best Camera? Zippy's Chili & Saimin in Hawaii More Headlines Auslogics BoostSpeed 4 - Let Me Know What You Think Sun Delivers Updates & Improvements Southern Fried Geeks Episode #6 Up to 14% off Apple 13.3-Inch MacBook MB467LL/A + Free Shipping! ImgBurn New Version 2.5 - Free Download Hack Your Computer?s PC Fan Microsoft Windows 7 - Is There A Problem? Why Microsoft Should Listen to John Dvorak More Americans are Watching TV and Movies via Internet Fully functioning Recycle Bin in the Windows 7 Taskbar Aetna Must Die. Again. More Fun with the Encephalitic Comcast! Man Says Cat Downloaded Kiddie Porn Solvr Hotel Mogul Why Twitter Was Attacked Change The Disk Defragmenter Schedule In Windows 7 Yahoo CEO: ?We Have Never Been a Search Company? New And Updated Windows Apps For August 7th, 2009 I Am Sorry: We Cannot Teach You How to Breathe Further Help Find Conference Mobile Blogs eBooks Buy Coupons Domains Games Sponsor Download Help Join MP3s Home

TrendLabs | Malware Blog - by Trend Micro - DefCon Las Vegas 2009

 

Here are the latest updates for security-news@awsoda.net "TrendLabs | Malware Blog - by Trend Micro" - 1 new article DefCon Las Vegas 2009 More Recent Articles Search TrendLabs | Malware Blog - by Trend Micro DefCon Las Vegas 2009 DefCon in Las Vegas is probably the biggest event hackers and even non hackers have been waiting for. Although there were fewer people in this year’s DefCon (around 6,000, my estimate), the presentations, contests, and parties still raked in a huge number of attendees. The DefCon attendees believe that cybercriminals will likely be doing more of the same in the near future. Some techniques highlighted were: That Internet browsers will continue to be the easiest platform to exploit, regardless of which browser a user uses. Cross-site scripting (XSS) and cross-site request forgery (CSRF) will continue to makes hackers’ lives easier. In the same context, I got an insight into anonymous browsing tunneled over XSS (XAB) wherein one or many Web browsers can be used for traceless data transfer. In the future, encryption and possible computer chaining were predicted for XAB. The use of Metasploit as a software as a service (SaaS) was dubbed a good practice. We are, in fact, seeing a trend (with Zeus and Ilomo) that malware can be updated via the Internet. I found it amazing that a lawyer talked about hackerspaces and their legal bases. It seems that hackers are already one step ahead in protecting themselves even before laws against hacking are instituted by governments. Last but not least, I found that defeating Secure Sockets Layer (SSL) technology and stealing certificates seemed a very easy task for hackers, in fact, it is already an automated task in stealing credit card numbers and identities. Attacking datacenters was suggested as a new topic for next year’s DefCon. Datacenters can be attacked or exploited either physically (through lock picking) or digitally (hacking Hadoop, one of the most used database systems). I did not hear anything about distributed denial of service (DDOS) attacks on datacenters as this would only probably make sense in cases of blackmailing their customers. The fact that there was no secure OS was again reiterated. This was proven by the presentation on "Runtime Kernel Patching on Mac OS X," from which I gathered: Runtime kernel patching has been around for almost 10 years and is a technique frequently used by various rootkits to subvert the kernels used in many modern OSs. This technique does not require any type of kernel modules or extensions and will allow you to hide various things like processes, files, folders, and network connections by modifying the kernel’s memory directly. It will also allow you to place various backdoors in the kernel for privilege escalation. DefCon originated in 1993. It was a meant to be a party for the members of “Platinum Net,” a Fido protocol-based hacking network out of Canada. At present, it has become one of the oldest-running and largest hacker conventions around. This year’s DefCon was held at the Riviera Hotel and Casino in Las Vegas from 30 July–02 August. Post from: TrendLabs | Malware Blog - by Trend Micro DefCon Las Vegas 2009 • Email to a friend • Article Search • Related • View comments • Track comments • • More Recent Articles The Real Face of KOOBFACE Twitter Filters Tweets Cory Aquino's Death Used to Spread Another FAKEAV Compromised Websites: It Can Happen To Anyone Sly Spam Run Targets Hotmail Users

---

Click here to safely unsubscribe now from "TrendLabs | Malware Blog - by Trend Micro" or change your subscription or subscribe

---

 

---

Unsubscribe from all current and future newsletters powered by FeedBlitz

---

Your requested content delivery powered by FeedBlitz, LLC, 9 Thoreau Way, Sudbury, MA 01776, USA. +1.978.776.9498

 

[Lockergnome] Computer Security ~ August 7, 2009

Lockergnome's Computer Security ~ August 7, 2009    http server not connecting Heeeeeelllllllllppppppppppp !!!!!!!!!!!! ACER Laptop is. brother p-touch pro xl is wasting tape Disc Cleanup side-by-side configuration is incorrect dont have internet connection.. what should i do?? Firefox freezes everything! Remove date from a digital photo IE 8 HELP ME OUT Limited or No Connectivity Outlook Express 6 Not Receiving All Mail In Account How can I unsinstall and end updates for Internet Explorer sony vaio unstable/won't boot Unused Programs Say the Time v6.0: Even if you haven't tried Say the Time v5.0, get organized the fun and easy way with the new version! Say the Time will keep you on schedule by automatically announcing the date, time or both at specified intervals using a pleasant male or female voice. Keep track of important time commitments with fully-customizable appointment reminders. Transform your boring taskbar time display into a colorful clock that can display both the date and the time...... [Click Here to Download] Lockergnome help - Antivirus Discussions How to update NOD32? a small disturbance in Beijing AVG Free AntiVirus -some problems lately- anyone else? Problem with iexplore.exe AVG - The Virus Vault has reached the maximum file count l.. Avg reported virus/trojan then disappeared? Internet Explorer 8 Coming Next Month Via WSUS MAC Produces 3rd Annual Global Fusion Festival TT Livescan Database Update - 7/7/2009 Avira free: problem with advertising Avira a bit misleading computer desktop and laptop Win32.Brontok smsstoraqge.lst free antivirus for old notebook Lockergnome help - Trojans/Spyware Discussions System Security 2009 Can I delete these "problems" from Spybot - Search & Destr.. Alexa Toolbar: Security software finds it as Virus/Spyware Google Hijack Virus I need help!! i think i have malware avg updates are "forbidden" Can't seem to remove uacinit.dll. Help please? spyware hi, i have a malware infection i think :-( nother hijacked google in firefox and IE Google Hijack- Unable to update anti-virus Search hijacked -- AVG Can't Update - Frequent crashes Plethora of problems from one stupid action. Spyware Doctor Offer Help for yet another search engine hijack? Lockergnome help - Antivirus Discussions - General Discussions How to update NOD32? a small disturbance in Beijing Problem with iexplore.exe MAC Produces 3rd Annual Global Fusion Festival Avira a bit misleading computer desktop and laptop Win32.Brontok smsstoraqge.lst Search Engine Result Page Hijacked TT Livescan Update AV for old Win ME laptop Recycler etc... bar311 got me, logs on & right back off ! More Spam 83378 Sears/Kenmore Air Cleaner Replacement Filter Lockergnome help - Antivirus Discussions - McAfee Internet Explorer 8 Coming Next Month Via WSUS McAfee Annoying Restart Computer Warning Anybody had to deal with McAfee's new Download Manager? Norton vs McAfee? McAfee Uninstall has crippled me McAfee ePO CMA Install Issues w/ Framework Service AVS is no more, AOL now using McAfee McAfee Enterprise AV Problem McAfee Virus Scan Enterprise Update problem help please Uninstall McAfee Firewall Kaspersky vs McAfee and Norton McAfee isn't picking up a pest!!! Infamous McAfee framework service problem McAfee updated then msconfig gives "access denied, log in .. McAfee, Vista and Dell- an installation from hell Lockergnome help - Antivirus Discussions - Symantec/Norton Will Norton AV 2002 run on Win98se? Online attackers feed off Norton forum purge Can't login to Norton Internet Security are going to buy norton 2009? How do I "reset" Symantec scan history? Secure storage system svichoost.exe anyone? How to un-install NORTON suite? AVG vs Norton NAV 2007 total removal ??? Infostealer cancelling Norton subscriptions Norton 360 vs. printer/scanner issues Norton Internet Security 2007 Problem With Norton SystemWorks and Windows XP Login Lockergnome help - Antivirus Discussions - AVG AVG Free AntiVirus -some problems lately- anyone else? AVG - The Virus Vault has reached the maximum file count l.. Avg reported virus/trojan then disappeared? Disabling AVG AVG problem with AutoIt scripts ... ? What to do to stop A.. Defrag AVG files AVG 8.0 Problems Galore AVG Free Edition 8.0.175 Unable to install AVG free 8.0 Problem installing paid AVG 8.0 - ewido conflict AVG free command line Problems uninstalling AVG Free 7.5 stop AVG Gaelicum removal tool running on startup Network question with AVG 8.0 Quick Scan? Lockergnome help - Antivirus Discussions - F-PROT F-PROT Is F-Prot for DOS no longer supported? F-Prot Fisk Intl' F-Prot What is latest version of F-Prot for DOS free version? F-Prot for Dos not scanning all files F-Prot server down? F-Prot Antivirus ftp://ftp.f-prot updates taking forever to download F-PROT for Linux - Trying to check bootsector F-prot DOS run in Windows DOS BOX or real mode MS-DOS modifying memory usage of a program (F-Prot)? AdAware 1.06 conflict with F-Prot 3.16b NOD32 vs. F-PROT? Commercial message from F-Prot Lockergnome help - Antivirus Discussions - Panda Problem with Panda mother-in-law's computer riddled pfdnnt program not found after uninstalling Panda IS unable to install Panda Panda 2007 - internet/lan problem Panda and PATH command problem with panda antivirus 2007 How about Panda PANDA FIREWALL ALLOW IP RANGE OF LAN Panda Titanium 2006 virus and anti spyware a scan schedule.. problems found with panda dont no how to get rid panda titanium antivirus plus antispyware 2006 renew license how to move panda businesSecure panda update script panda for linux free? Lockergnome help - Antivirus Discussions - Free Antivirus TT Livescan Database Update - 7/7/2009 Avira free: problem with advertising free antivirus for old notebook Freebie AV For Windows Home Server? Free Anti-Virus programs eEye Blink free anti-malware and firewall System files protected Has anyone tried the free Spyware Doctor Starter Edition -.. 4 windows XP installation ! Trend Micro 2008 compared to Avast 7.5 task bar pop-up spyware malware fix problem with the Resident Shield of AVG7.5 BugHunter Signature Update August 4th, 2007 - 10,953 signa.. Freeware Software BugHunter Update! 07.09.2007 Lockergnome help - Antivirus Discussions - Others Google-Redirect virus? Zone Alarm Trial - Running Firewall only Bit Defender uninstall Unable To UnInstall TrendMicro's PC-Cillin?? G-Data Antivirus or NOD32? Trend Micro PC-Cillin Internet Security 2007 Issue RunScanner 0.9.5 released! Bit Defender Finds This Trend Micro Pc-cillin Trend PC-Cillin and Windows 98SE Upgrade? Trend Micro PC-cillin trendmicro internet security restore quarantines problem BitDefender on demand only new files and folders created by BitDefender? How to Handle Remote Tech Support Lockergnome help - Trojans/Spyware Discussions - General Discussions System Security 2009 Alexa Toolbar: Security software finds it as Virus/Spyware Google Hijack Virus I need help!! i think i have malware avg updates are "forbidden" Can't seem to remove uacinit.dll. Help please? spyware hi, i have a malware infection i think :-( nother hijacked google in firefox and IE Google Hijack- Unable to update anti-virus Search hijacked -- AVG Can't Update - Frequent crashes Plethora of problems from one stupid action. Spyware Doctor Offer Help for yet another search engine hijack? I've been hijacked... google, yahoo, etc. results redirected Lockergnome help - Trojans/Spyware Discussions - Lavasoft Ad-Aware Ad-Aware crashes on Opera cookies - why? Adaware error whist scanning problem ad-aware & spybot spybot and addaware ADAWARE 2007 ADAWARE SE COMMAND LINE OPTIONS Ad-Aware Updates Adaware will not finish Adaware definitions "588 days old" ??? Does BitDefender interfere with Ad-Aware? Ad-Aware ref file problem Kaspersky and Ad Aware Pinging all the experts here -->Zone Alarm anti-spyware ju.. Updates: Latest Defs. Jun. 15th?! AdAware found regkey items...advice? Lockergnome help - Trojans/Spyware Discussions - Webroot Spy Sweeper Vietnampathfinder Travel Spy Sweeper v 6.0.2.39 stopping spysweeper spy sweeper under vista Spy Sweeper Interface Problem Allow specific ad sites in v5.5? Webroot Antivirus any good? XP Shutdown/Restart Problem after installing Spy Sweeper. Not Sure Spysweeper 5.3.2.2361 is Working Restart Problem (Spy Sweeper) webroot spysweeper How good is SpySweeper Antivirus extra module? spy sweeper 5.0 problems? Spy Sweeper: ma vi sembra possibile? SpySweeper dected Perfect Keylogger. Now what? Lockergnome help - Trojans/Spyware Discussions - Spybot S&D Can I delete these "problems" from Spybot - Search & Destr.. Trojan horse virus SHeur.BSLA Spybot-B I am SICK of w32.spybot.worm spybot search and destroy Spybot 1.4 & Win 95 k6ber.exe hacktool and msnsgrs.exe spybot TeaTimer Issues Spybot S&D Allow Change Problem SpywareBlaster and Spybot Search & Destroy. Spybot Search and Destroy Updates Folder Tea-Timer (Spybot) spybot question Hits with Spybot Spybot & The Bane of the '!!bad checksum!' WebGrab!: WebGrab! is a tool that allows you to quickly and easily download Web page elements such as images, html pages, Java applets, Shockwave or Director animation, and more. Unlike traditional Web browsing, WebGrab! "crawls" Web pages or FTP sites to find all downloadable files for download. Download images, audio, video, and pictures for your desktop background, or build your collection of clip art/fonts. WebGrab! helps you save time and energy. Main Features: Easily download all... [Click Here to Download] Administrivia © 1996-2008, Lockergnome LLC. ISSN: 1095-3965. ISIPP Accredited. All Rights Reserved. Web site hosted by the folks who bring us Lockergnome.net.

Social Networking in Hawaii Top 5 Reasons I Could Live in Hawaii The View in Hawaii from my Sheraton Hotel Room The World's Geekiest Toothbrush: Philips Sonicare I Got Leid! What do Gnomedex and Tweetups Taste Like? What Do You Put on Your Burger? What is the Best Camera? Zippy's Chili & Saimin in Hawaii More Headlines More Americans are watching TV and Movies via Internet Fully functioning Recycle Bin in the Windows 7 Taskbar Aetna Must Die. Again. More Fun with the Encephalitic Comcast! Man Says Cat Downloaded Kiddie Porn Solvr Hotel Mogul Why Twitter Was Attacked Change The Disk Defragmenter Schedule In Windows 7 Yahoo CEO: ?We Have Never Been a Search Company? New And Updated Windows Apps For August 7th, 2009 I Am Sorry: We Cannot Teach You How to Breathe New Czechoslovakian Salsa Song JON HAMMOND Band JAZZKELLER FRANKFURT How Does Microsoft Do It? How Reactive Should We Be About Food Safety? Why Public Techology Use Is Starting To Irritate Us All What is Your Favourite Mac Utility Of All Time? Hitachi Releases 2TB @ 7200RPM Making a Linux Server Bing, As Fair & Balanced In Search As Fox Is To News Further Help Find Conference Mobile Blogs eBooks Buy Coupons Domains Games Sponsor Download Help Join MP3s Home

iDefense Security Advisory 08.07.09: Adobe Flash Player Invalid Loader Object Reference Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

iDefense Security Advisory 07.30.09
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 30, 2009

I. BACKGROUND

Adobe Flash Player is a very popular web browser plugin. It is available
for multiple web browsers and platforms, including Windows, Linux and
MacOS. Flash Player enables web browsers to display rich multimedia
content, such as online videos, and is often a requirement for popular
websites.

For more information, see the vendor's site found at the following link.

http://www.adobe.com/products/flashplayer

II. DESCRIPTION

Remote exploitation of an invalid Loader object reference vulnerability
in Adobe Systems Inc.'s Flash Player could allow an attacker to execute
arbitrary code with the privileges of the current user.

During the processing of a Shockwave Flash file, an object can be
created, along with multiple references that point to the object. The
object can be destroyed and its associated references removed. However
a reference can incorrectly remain pointing to the object. The invalid
object resides in uninitialized memory, which the attacker may control
to gain arbitrary execution control.

III. ANALYSIS

Exploitation of this vulnerability results in the execution of arbitrary
code with the privileges of the user viewing the web page. To exploit
this vulnerability, a targeted user must load a malicious Shockware
Flash file created by an attacker. An attacker typically accomplishes
this via social engineering or injecting content into a compromised,
trusted site.

IV. DETECTION

iDefense has confirmed the existence of this vulnerability in latest
Flash Player version 9.0.124.0. Previous versions may also be affected.

V. WORKAROUND

A Internet Explorer plugin is available to temporarily block and unblock
Flash content using a single click. Only trusted sites should be
unblocked when using this plugin. More information is available at:

http://flash.melameth.com.

A Firefox plugin is available to temporarily block and unblock Flash
content using a single click. Only trusted sites should be unblocked
when using this plugin. More information is available at:

http://flashblock.mozdev.org.

VI. VENDOR RESPONSE

Adobe has released a patch which addresses this issue. Information about
downloadable vendor updates can be found by clicking on the URLs shown.

http://www.adobe.com/support/security/bulletins/apsb09-10.html

VII. CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2009-1864 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org/), which standardizes names for
security problems.

VIII. DISCLOSURE TIMELINE

08/25/2008 - Initial Contact
09/22/2008 - Second Contact attempt
09/22/2008 - PoC Requested
09/24/2008 - PoC Requested
11/05/2008 - PoC Sent
11/06/2008 - Clarification requested
11/21/2008 - Clarification requested
12/05/2008 - Clarification Sent
12/05/2008 - Clarification requested
12/07/2008 - Additional Clarification Sent
02/24/2009 - Status update received - no estimated release date
04/05/2009 - Clarification requested
05/05/2009 - Clarification sent
05/06/2009 - Clarification requested
05/06/2009 - Clarification sent
05/11/2009 - Tentative disclosure set to August
07/30/2009 - Coordinated public disclosure

IX. CREDIT

The discoverer of this vulnerability wishes to remain anonymous.

Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php

Free tools, research and upcoming events
http://labs.idefense.com/

X. LEGAL NOTICES

Copyright © 2009 iDefense, Inc.

Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDefense. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically,
please e-mail customerservice@idefense.com for permission.

Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct,
indirect, or consequential loss or damage arising from use of, or
reliance on, this information.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iD8DBQFKfGkTbjs6HoxIfBkRAl9yAJwNrCsAL/FY6R0Pkj5WaXV4yoBMtQCg13uo
9MEh56avLJWmv2rxUEnvZc8=
=nLH+
-----END PGP SIGNATURE-----
_______________________________________________
To unsubscribe, go here:
http://www.idefense.com/mailman/listinfo/idlabs-advisories