I was able to browse around this and found it interesting since this vunerability is found in 4 Microsoft Operating Sytems, Windows 2000, Windows XP, Windows Vista, Windows 2003 Server. From the article Microsoft stated that their is a hole in the .ani files, which happen to be related tothe mouse cursor, when the mouse icon changes depending on what you do. They only mention that with this flaw it always hackers to break into someone computer and do their thing. But in another article relating to this attack it was mention that in order for this to happen a user has to go to a specific website or open a email that will trigger this.
QUOTE
"In order for this attack to be carried out, a user must either visit a Web site that contains a Web page that is used to exploit the vulnerability or view a specially crafted e-mail message or e-mail attachment sent to them by an attacker," Adrian Stone from Microsoft's Security Response Center, wrote in an official advisory.
They are currently working on the patch, however, they don't have a time table of when it will be released. But another company called eEye Digital has put out a temporary patch for this vunerability until the more secure patch is provided. Also Microsoft has added to their live one care program to look for software that targets this security hole.
Sheesh, that pretty much covers the whole range of currently supported operating Systems. Is there and end to these Security leaks? Not in the foreseeable future.
And who has the time and resources to find the procedures to make these 'holes' appear? They need to get a life outside of the Web.
Any indication as to how serious or common this breach is? How many users have an animated cursor by default? or do you simply need to have a spinning hourglass while you are waiting for a download? Those are animated by default.
I'm downloading the patch, since every download on the 'net uses that animated cursor.
*edit*
The download is a full anti-virus software. I didn't install it, so I cannot express an opinion about the package.
Another security vulnverability? This is just sad. The amount of holes they have in their systems and the time it takes to fix them is just not good at all. This is one of the reasons I switched to using Linux. Windows runs really slow on my computer. I have only had one problem is the fact that my browser sometiems randomly closes, but with the increased speed on my computer it is worth it. Hopefully there aren't too many more vulnerabilities. Its saddening hearing about all of them.
To give a small update, micrsoft plans to upload a patch tomorrow, because of how quickly they were able to figure it out and patch it up. From reading the updated article about this exploit it looks like if soemone had the right skills they could load up a worm and do some damage. They also comfirm that in order for this exploit to happen you would have to be on a website that is programmed to use this exploit and or open a link through a "well crafted" email. So it will be a good idea for you Windows to patch this exploit, since it is spread across 4 Windows OS's. Source
for a minor update about this wonder exploit it looks like someone programmed a worm for it over the weekend and that 100 websites are being monitored for the actual spreading of this exploit in the windows OS. It’s funny that they don’t mention them so people will know what sites not to go to. For all we know someone could ad spoof Microsoft’s website .
Whats funny Microsoft says they can’t garuntee that this patch will work, I would say that is the most stupidest thing they could have mention but of course Microsoft says a bunch of stupid stuff these days.
Here is updated info about what this exploit can do and what not.
QUOTE
"Currently, the majority of the attacks appear to be downloading and installing generic password-stealing code," Websense reported on its blog. "Most sites are hosted in China. Interestingly, the most popular domain space being used is .com." The .ANI vulnerability lies in the way Windows handles malformed animated cursor files and could enable a hacker to remotely take control of an infected system. The bug affects all the recent Windows releases, including its highly-touted Vista operating system. Internet Explorer is the main attack vector for the exploits. "In order for this attack to be carried out, a user must either visit a Web site that contains a Web page that is used to exploit the vulnerability, view a specially crafted e-mail message, or open a specially crafted e-mail attachment sent to them by an attacker," Adrian Stone, a Microsoft researcher, said in a blog. "While the attack appears to be targeted and not widespread, we are monitoring the issue and will update the advisory and blog as new information becomes available.”
So now, the vulnerability is a mouse cursor. I cant believe how weak the microsoft operating systems are, but its too bad that some of us have dont have an option.
Well the news keeps coming in about this exploit, even after the fact 3 patches have been made for this. It looks like 450 websites have been "monitored" that exploit this flaw. Then of course the slew of email spam that have been produce such as the "Hot Pictures of Britiney Speers" email that are laced with this exploit. But to add to the growing problem it looks like M$ new about since December of last year, which means that hackers, crackers, phreakers, spammers have had plenty of time to work on this.
This also mention that a group of servers controlled by Russian hackers that give out the whole buffet of attacks and what not. Their has been a root kit that was designed from this little exploit as well
Definition of a root kit
QUOTE
A program that hackers implant in a victim’s computer to hide their nefarious programs; a hacker security tool that captures passwords and message traffic to and from a computer; a collection of tools that allows a hacker to provide a backdoor into a system, collect information on other systems on the network, mask the fact that the system is compromised, and much more. A root kit is a classic example of Trojan horse software and is available for a wide range of operating systems.
By the looks of it from the article the russian hackers who been using this are gaining some steam from this. They even go on to say the originas are from a bunch of Chinese hackers who were trying to steal WOW accounts and then of course they say it's history.
They mention that botnet attack might increase as well over this, which leads me to believe that everyone who follows the darkside of the computer will be using this wonderful exploit until it has lost all it's steam and more importantly that would lead into the fact that Vista just lost in the security department over this exploit since now everyone will be programming from this bad boy.
They even mention the fact that the russian hackers have been waiting awhile to find a new hack to crack the windows OS, I might as well disconnect fro mthe internet right now just make it one less machine.
Microsoft's release of a "critical" patch on Tuesday poked holes in Vista's security promises, but security experts advise against discounting the new operating system.
The software giant broke with its monthly patch cycle Tuesday to fix a bug that cybercrooks had been using since last week to attack Windows PCs, including those running Vista.
"As far as software vulnerabilities go, Vista's cover is blown," said Nand Mulchandani, a vice president at Determina, the company that discovered the latest security bug. "It is not Superman; it is just a human being. It is just software. Vista is going to be very similar to the other operating systems Microsoft has delivered in terms of bugs."
Microsoft officially launched Vista for consumers in January, promoting the operating system as the most secure version of Windows yet. It is the first client version of Windows built with security in mind, meaning that it should have fewer coding errors that might be exploited in attacks, Microsoft has said.
Yet the "critical" hole that affected much older Windows versions also hit Vista. The vulnerability lies in the way Windows handles animated cursors and could let an attacker commandeer a PC when the user views a malicious Web site or e-mail message.
The cursor flaw lies in the operating system code. This means that any application that relies on the operating system to handle animated cursor files could be an attack vector. This includes alternative browsers, such as Firefox.
It is a flaw that should have been caught by Microsoft's code-vetting processes for Vista, called the Security Development Lifecycle, some experts said. The flaw is also evidence that faulty code from previous Windows versions has been copied into Vista, they said.
"It is a little premature to attack the whole effort altogether, but this is something that the Security Development Lifecycle should have caught," said Amol Sarwate, a research manager at vulnerability management company Qualys.
The buffer overflow vulnerability in the cursor function in particular should have already been fixed because a bug in the same Windows component was patched two years ago, said Rohit Dhamankar, manager of security research at TippingPoint, a seller of intrusion prevention products. That should have prompted re-examination of the code, Dhamankar said.
Microsoft disputes that it should have caught the cursor bug before. People who say so don't understand security vulnerabilities because not all bugs are created equal, said Stephen Toulouse, senior product manager in Microsoft's Security Technology Unit.
"In the case of the cursor vulnerability, even though something may look similar to the outside, that doesn't mean the code is anything alike to the previous vulnerability," Toulouse said. "The SDL was never meant to catch every single vulnerability, period."
But Dhamankar argues that Microsoft forgot to recheck all the possibilities that could lead to a buffer overflow after the original bug was found and patched in 2005.
Mulchandani agreed. "The dirty little secret is that Microsoft clearly did not write Vista from scratch. They did not completely build a whole new code base for this operating system. Every version of Windows since Windows NT has had this flaw in it," he said.
Microsoft does acknowledge that Vista will have vulnerabilities. "There are going to be other vulnerabilities. The SDL is not a process by which no vulnerabilities will ever occur. There is no process on this planet that can do that," Toulouse said.
The cursor flaw is like a sign post for the bug hunters. Hackers will now be looking for bugs in similar Windows components to find ways to attack Vista.
"This has been a very significant break and it definitely gives a big pointer," Dhamankar said. "If more such errors are found later, Vista is not going to be able to offer the great protection that's claimed."
Still, Microsoft's Vista security promise doesn't fall apart because of this single vulnerability. Vista is more secure than XP or any other Microsoft client operating system, Sarwate said. "If you consider Windows 2000, XP, 2003, I would still say that Vista is more secure than all the other operating systems," he said.
Mulchandani also said that, while Microsoft has taken way too big a bite at the security message, Vista is more secure than its predecessors because of features such as User Account Control and others that limit privileges on the operating system.
And that's just the goal Microsoft was aiming for, Toulouse said.
"You have to look at Vista versus XP. A lot of people are holding Vista up and saying in a vacuum it will reach some nirvana of security," Toulouse said. "Our whole goal with Windows Vista was to create a fundamentally more secure operating system than we have ever created previously."
Notice from jlhaslip:
Previously posted information. Merged. Quote tags are required on non-original materials. Added Quote tags.
For a new wonderful update it looks like the paych microsoft handed out has a flaw it and spammers have adjusted to this flaw. Now M$ has give a patch for the patch to correct this http://support.microsoft.com/kb/935448/, this patch has to deal with the fact that the
QUOTE
Realtek HD Audio Control Panel may not start after the patch is installed. They also may receive an error message about an illegal system DLL relocation. The problem stems from files having conflicting base addresses, according to the Microsoft advisory.
Also they made mention of the Iffy-A Trojan is being used by some sites as well. Also the number of websites has increased to 700 that used this exploit and security advisors do mention that this will get worse regardless of the patches micrsoft has sent out. Also rootkits are coming out that give hackers the chance to develope their own versions and what not.
So for you porn nuts out their don't open naked britney spears emails or risk compromising your computer and junk.
For more exciting news the criminal underground has found aother way to get some business done with this ANI exploit it seems once they get in they can divert web traffic not just of a single user but whole company rosters as well, also micosfot mention that a small number of attacks that affect Domain Name System (DNS) Server Service and so anyone running Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003 SP 1, and Windows Server 2003 SP 2 could be affected if not properly patched.
BUT FOR SOME GOOD NEWS
VISTA, XP SP2 W2k Profession SP 4 do not contain the flaw YEAH!!!
Now for more bad news, with concern about the DNS attacks Amol Sarwate mention that when a person types a domain like yahoo.com they will get an IP number and so when it floats around untill it gets connected to the right server. So what does this mean well the criminal mind will be able to change the settings to the DNS and thus when a person types in a domina they will in fact go somewhere else, which could be dangerous because then they could be uploading who knows what when they click on a link.
Microsoft mentions a few work arounds people can used until the patch is made for this part of the exploit and here is the link for those who think they are affected and told what they need to do.
Just browsing the news and came across this article:
http://news.bbc.co.uk/1/hi/technology/7567889.stm It is a new exploit based on your computers
clipboard. Basically the hacker creates a flash file, usually a banner ad which has some specific
code in it. This code empties your clipboard of anything you have copied and then inserts a weblink
in there to a malicious download posing as anti virus software. So next time you copy some text and
paste it into a forum or chat box or something the flash file, which is now stored within your
firefox process or in the firefox ...
Well it seems this is the first major problem for Vista SP 1 in the sense for those who have the
following Secuirty Suites installed on your ocmputer that is running Vista. They block the
following programs; Zone Alarm Security Suite 7.1, Trend Micro Internet Security 2008, BitDefender
10, and the 2008 version of the Jiangmin antivirus. As for the reason why these programs don't
work, Microsoft says "they are incompatible and so they must be block". Well not exactly like that
but you get the point they also mention that other small programs might now work either b...
The rise of Video web stimulates more intuitive video feeling of large people, and makes video
downloading become a popular trend in web times. Meanwhile, more and more downloading problems arise
correspondingly, in which the first trouble is slow downloading speed and incomplete downloading. It
seems to many people that downloading video, especially downloading large video, is like a
protracted war with the internet, even the victory is difficult to predict. Many domestic video web
has succesesfully solved downloading problems that they suffered for a long time, after...
In an internal memo Microsoft detailed how it plans to tie Win7 and Windows Live. It seems these
guys never learn. They don't don't get tired of monopolizing everything. I just pray the
anti-trust guys will do a good job on this one. Below is part of the blog by Mary Jo Foley about the
memo titled " Microsoft internal memo details Windows 7-Windows Live ties ": " In
January, I mentioned an internal Microsoft memo I had seen which provided details of how Microsoft
plans to more tightly integrate its Windows 7 operating system with Windows Live service...
Hi Guys, I've had a problem with my computer. I thought it restarted only when using the
internet but I was wrong. I found out that isn't the denominator. I tried disabling the internet
to run a virus scan and the scan can't complete as the computer restarts too often. I followed
the following instructions to read the dmp file the restart error generates. 1) Download and
install the http://www.microsoft.com/whdc/devtools/deb...installx86.mspx Debugging Tools from
Microsoft 2) Locate your latest memory.dmp file- C:\WINDOWS\ Minidump\Mini0...
Cpanel Exploit
- security hole in cPanel to hack the servers of a hosting company (8)
A pair days ago I read this new on Slashdot: cPanel Exploit Used to Circulate IE Exploit
QUOTE "In a dangerous combination of unpatched exploits, hackers have used a previously
undiscovered security hole in cPanel to hack the servers of a hosting company and use hundreds of
hijacked sites to infect Internet Explorer users with malware using the unpatched VML exploit.
cPanel, whose hosting automation software is used by many large hosting companies, has issued a fix.
It's a local exploit, meaning the attacker must control a cPanel account on the target hosti...
I saw this white paper and I thought I bring down some interesting information that has come from
2007 and leading into 2008. I have to say though that the information on this white paper is pretty
darn mind blowing as I bounce some facts to everyone. Of course since I been getting into this
since last year it is not all that surprising since I posted many topics about it as well.
-Sophos currently sees 6,000 new infected webpages each day -One infected page every 14 seconds
-Only about 1 in 5 of these sites is a hacker site -83 percent are hacked sites, or legitima...
I just got a new laptop, and of course it's loaded with vista. Everything works awesomly!
(my last PC was from 2001, BIG DIFF.) But the damned thing compulsivly and automatically sets
Internet Explorer to my default browser and won't let me change certain things which browsers
will typically handle. 've manually changed it so Firefox handles all the stuff except HTTPS
and what not (CANNOT CHANGE W/O HACK!), but IE just bumps in every time I want to click a link
from a non-browser based file /sad.gif" style="vertical-align:middle" emoid=":(" border="...
Before I go into this topic I have to say, stop making up these crazy names. I know I just getting
into the security side of things but still as long as there are computer problems and ways to sucker
someone into downloading the stuff, the crazy names will still live on. QUOTE Lieware
ADVERTISEMENT In 2007, there was a lot of "rogue anti-virus software," which is sometimes also
referred to as "fake anti-virus software." But these terms are confusing because there's too
much negation going on. Fake anti-virus software is not anti-virus software at all. So what ...
Well I have to same I am bit surprise on this security flaw especially what it can do; in which all
a user has to do is open a malicious Excel document and it allows the hackers to execute remote code
on to your system. As far as how wide spread this vulnerability is, it hits every excel software
from Excel 2000 to Excel 2003 SP2, and it also includes the Mac Version of Excel 2004 as well. OF
course with the disappointment of Office 2007 by some people will still be running the 2003 versions
on their computers. Right now the attacks are minimal and the question for t ...
A very good article titled "Security Common Sense" in gnucitizen.org Below is the link to that
article http://www.gnucitizen.org/blog/security-common-sense Website Link
http://www.gnucitizen.org "We basically train a bunch of monkeys to click the yes button for
every security warning." Don't you think many of us fall under the category? because most of
the time we do not see what the dialog says, but press Yes, which might not treat you well
sometimes... A good read....
Well I saw this article and after reading it all just to find the top 10 security problems I thought
I share them and give my thoughts about them. I know I know its horrible but what can I say, its me
/laugh.gif" style="vertical-align:middle" emoid=":lol:" border="0" alt="laugh.gif" />. 1.) Data
Breaches For the most part I am not surprise especially the big stories of 2007 which include the
TJ Max breach of 45 million credit/debit cards; I believe that has been the biggest hack job ever in
terms of stolen cards and id theft (somewhat). Oh lets not forget the al...
Hi, I've posted some security tools and links in my last posts,I preferd to post new topic and
send he extra here : Network Sniffers # DSniff http://www.monkey.org/~dugsong/dsniff/ #
Ethereal - full network protocol sniffer/analyzer http://www.ethereal.com/ # IPTraf - curses based
IP LAN monitor http://iptraf.seul.org/ # TcpDump - network monitor and data acquisition
http://www.tcpdump.org/ # KISMET - 802.11 wireless network detector, sniffer and intrusion
detection system http://www.kismetwireless.net/ Online Tools # AutomatedScanning.com - commer...
With the flood of news coming about the .ani exploits it seems the tech world is recieve more news
about new hacks, viruses and other bad stuff these days. Today Kaspersky Lab created a virus that
is able to affect the Ipod, however, it is only affecting Ipod's that have linux installed and
not the standard OS that comes with Ipod. The virus goes by the name of Podloso, although they say
it doesn't show a current threat this virus does show the possiblity to install malware into
devices such as the Ipod. They also mention that the virus does not copy it self...
my brother has windows vista and told me that it is safer than other versions of windows but
according to other people they say that it has bugs and other stuff whick one of these are true?...
Security Guidelines for Internet Users 1. Install an anti-virus software, you can free ones like
AVG Free . Ensure that it's regularly updated - this is of the utmost importance. 2.
Anti-virus software is not enough, the security can be tightened using a firewall software which
will help you prevent unauthorized incoming and outgoing communications from your computer while
connected to the Internet. 3. Disconnect your computer from the Internet when not in use. The
longer you are connected to the Internet, the more opportunity you give for persons to gain un...
QUOTE PHP Security If you are using PHP on your website we ask that you please read the
following carefully. We have noticed a significant number of PHP websites are being compromised
due to vulnerable PHP code. Spammers are scanning millions of websites on the Internet looking for
PHP scripts that can be exploited to send spam. When they find a script that has a loophole they
send thousands of email messages through the script, often taking down the website or severely
impacting website performance. Generally these loopholes exploit code using paramet...
Popular Applications Are Creating Holes In Your OS Nearly every computer owner nowadays
knows how to keep their computer safe by running regualar virus scans and keeping spyware scanners
up to date. Well researchers at Prinston University say that this is not enough. They have found
many popular applications which open doors up to allow various attacks. Among the discovered
culprits were Adobe Photoshop and AOL Instant Messengar . Fortuneately, these products which had
the worst written code out of all those which were found, have fixed their code. Earlier ...
Even though the fiasco with the .ANI exploit is still going strong microsoft released it's month
updates this time they found 4 more critical breaches in it's systems (XP), most people should
have gotten the update pop up screen yesterday. So here is the info on these critical flaws.
http://go.microsoft.com/fwlink/?LinkId=84687 http://go.microsoft.com/fwlink/?LinkId=85130
http://go.microsoft.com/fwlink/?LinkID=85163 http://go.microsoft.com/fwlink/?LinkID=85164
http://go.microsoft.com/fwlink/?LinkId=80251 I don't know how reliable vista will be af...
Here is the deal. I got this video ipod recently and it turns out that it had a worm on it. I was
only one fo the few but it did have one. The virus is called RavMonE Virus. Here is a link to find
out more about it. more info It doesn't affect macs only windows based computers. I plugged
it up to the computer and my antivirus detected a worm and I was very surprised. I did some
research and it turns out that some contracted company who builds the ipods for apple had computers
connected to the ipods and they had been infected. These computers were windows...
Windows has been acting strangely by now, it freezes/clogs badly, I can't use Opera, MF or
continue my tutorials due to this problem. It gets on my nerves as I think it was MY problem because
I deleted MOST of the files in the Temp folder. CODE (Start>Run...>%Temp%)
That folder, most of the files were deleted by me. I consulted my friend by half-screwed MSN, he
said I "effed me up the arse" by doing that. He recommended me backing up and formatting. I never
did that before so I think it will be most-likely half-impossible for me. And as I d...
We all know the difference between a limited user and an administrator user under Win2k/XP - you
can't/can install major software, perform system maintainence, and other stuff. But using a
limited user on a day-to-day basis also provides you with decent protection from a bunch of threats:
if the malware is running under your limited-rights user, it can only do as much as you can. For
instance, a limited rights user can't edit the HKLM hive of the Registry, so any malware running
under the same user won't be able to touch that area. It's extremely simple t...
List of security sites, I'll try to update the list as soon as I can . with compilations of
recent security threats, Global Incident Analysis Center (GIAC), GIAC training, and Reading Room
http://www.sans.org/ http://www.infragard.net/ http://www.cert.org/security-improvement/
CERT Security Improvement Modules,including general information on firewalls and intrusion
detectors. excellent set of papers on firewalls, viruses, e-commerce, etc. http://www.icsa.net/
http://www.gocsi.com/ (Source of the annual "CSI/FBI Computer Crime and Security Su...
Hi everyone!!!!!!! This is the last one!! /tongue.gif"
style="vertical-align:middle" emoid=":P" border="0" alt="tongue.gif" /> Ok guys, I heard
somewhere that if we protect some page with password, it is steel not safe at all, if we dont hace a
secure connction (http s ://...) How is it true? is there a posibility that some one can see a page,
even if it is protected by password? (the scrit in tha page don't allow IDs that didn't past
from the login page) is that script sufficent? thanks a lot to every one /biggrin....
Rootkits
- the security threats that no one's heard of (2)
a security threat to be concerned with is the increasing prevalence of viruses containing advanced
rootkits to hide their actions or data on the computer. even from the anti-stuff tools. a
rootkit was originally a name for tools that hackers/crackers would use to maintain root on
unix/linux machines. root is the uber user with all the permissions on a linux box. on windows
these tools can be used to hide data on the harddrive and in the registry by manipulating the way
the data is stored. THe windows api(the thing windows uses to communicate to the hardware) read...
What it is A exploit in the buggy OS of XP has been found, this one concering DHCP. OS effected
Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Advanced Server SP1 Microsoft Windows
2000 Advanced Server SP2 Microsoft Windows 2000 Advanced Server SP3 Microsoft Windows 2000 Advanced
Server SP4 Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server SP2 Microsoft Windows 2000 Datacenter Server SP3 Microsoft
Windows 2000 Datacenter Server SP4 Microsoft Windows 2000 Professional Microsof...
QUOTE A teenage blogger claims to have discovered a flaw in Google's Gmail service that
allows JavaScript to run, potentially allowing a malicious hacker to gather e-mail addresses or
compromise an account. The supposed flaw may already have been fixed, however. Advertisement: The
teenager identifies himself in his blog as a 14-year-old named Anthony. His entry about Gmail is
here. He wrote that he was trying to e-mail JavaScript code from a Yahoo account to a G-mail
account. The code will run in a preview pane, he wrote. But if the code is mailed from one Gma...
QUOTE IT security experts have warned of a worm that purports to be Microsoft's Windows
Genuine Advantage (WGA) anti-piracy tool. WGA has recently been branded as 'spyware' in
that it collects unnecessary hardware and software data from users' PCs. The Cuebot-K worm
spreads via AOL Instant Messenger, registering itself as a new system driver service called
'wgavn'. It carries the display name 'Windows Genuine Advantage Validation
Notification', and runs automatically during system startup. Once in place the worm disables
the Wi...
(excessively long intro, skip to 'suggestions' for immediate tips) Its almost 2 am and I
just finished an email detailing some ideas I had to keep systems a little more secure than usual (
tips that can be applied to most any Windows users system ). I dont feel like re-editing it so it
doesnt sound I copied and pasted it from my email, cause I did, and its late. Please note THIS IS
NOT SPAM. I did write all of this, just in an email before I copied and pasted it here. These are
entirely valid and ( I hope ) helpful tips for most anyone. Of course I hate just yap...
Looking for major, flaw, ani, file, found, windows, 98, vista, creates, major, security, risk, vista, aint, secure
*RANDOM STUFF*
*SIMILAR VIDEOS*
Searching Video's for major, flaw, ani, file, found, windows, 98, vista, creates, major, security, risk, vista, aint, secure
Express your Opinions, Thoughts or Contribute your information that might help someone here.
Ask your Doubts & Queries to get answers.. "Together, We enlight each other!"
Register FREE for AD-FREE
forum, Create your own topics, Ask Questions, track topics, setup
subscriptions & notifications and Get a Free Website w/ Email and FTP.
.
