Friday, April 18th, 2008
A demonstration of a security hole in the Microsoft Works Image Server (WkImgSrv.dll) ActiveX module contained in the Microsoft Works office suite has appeared on the Bugtraq mailing list. The demo appears to only cause a system crash. McAfee, however, has already found fully functional exploits which allow attackers to ...
Posted in Coding, Security, Windows | No Comments
Monday, April 14th, 2008
ActiveX controls made up most of all browser plug-in vulnerabilities in the second half of 2007, according to Symantec.
The company has just released its semi-annual web security report and in it said that Microsoft's technology, primarily used to create add-ins for Internet Explorer, accounted for 79 percent of the 239 ...
Posted in Coding, Internet, Privacy, Security, Software | No Comments
Thursday, April 10th, 2008
The CLSID for an ActiveX control is a GUID for that control. You can prevent an ActiveX control from running in Internet Explorer by setting the kill bit so that the control is never called by Internet Explorer when default settings are used.
The kill bit is a specific value for ...
Posted in Coding, Internet, Security, Windows | No Comments
Wednesday, April 9th, 2008
Online malware attacks are becoming more pervasive, targeted, and refined as the underground threat economy continues to evolve and take on the characteristics of an organized industry.
The latest iteration of Symantec's Internet Security Threat Report -- covering its research over the final six months of calendar 2007 and released on ...
Posted in Internet, Privacy, Security | No Comments
Wednesday, April 9th, 2008
At the RSA Security Conference I caught up with Austin Wilson, Microsoft 's Director of Windows Product Management and learned a few tidbits about security enhancements coming in Internet Explorer 8. IE8 will address three specific areas where security can be a problem: social engineering, traditional browser vulnerabilities, and attacks ...
Posted in Internet, Security, Windows | No Comments
Monday, April 7th, 2008
Hackers are using a new multiple-attack package composed of seven ActiveX exploits, many of them never seen in the wild before, said a security company on Friday.
Fewer than half of the flawed ActiveX controls have been patched.
The attack framework probes Windows PCs for vulnerable ActiveX controls from software vendors Microsoft, ...
Posted in Internet, Security, Windows | No Comments
Monday, April 7th, 2008
In the tiger team operations we have been involved with, I often end up hacking through the least interesting systems. If you ask AP, a password-cracking ninja and master of hacking through simplicity, the less interesting the system is, the higher the chances to be insecure. A successful exploitation of ...
Posted in Hardware, Security, Software | No Comments
Saturday, March 8th, 2008
Unfortunately, ActiveX controls are ideal tools for those who would attack your computer. Over the years, Internet Explorer has been their favored vehicle. It was built to take advantage of ActiveX controls.
These controls pose a serious security threat that outweighs their benefits. So it's important to take steps to protect ...
Posted in Internet, Security, Windows | No Comments
Saturday, March 8th, 2008
I now have even greater sympathy for people suffering a spyware infection than ever before. I spent the better part of Tuesday night fighting off the worst spyware infection I have ever seen or heard of.
Someone was kind enough to donate a copy of VMWare for me to use ...
Posted in Internet, Privacy, Security | No Comments
Saturday, March 8th, 2008
Mike Healan
March 23, 2004
If you've ever been infected with a browser hijacker, you know what an infuriating situation it is. For all intents and purposes, your $3,000 computer is converted into a source of revenue for some fly-by-night web site unable to generate legitimate web traffic. Once ...
Posted in Privacy, Security | No Comments
