Adobe Patches Multiple Security Holes in Adobe Flash Player & AIR (CVE-2012-5274 to 5280)

Critical Buffer Overflow, Memory Corruption & Security bypass Vulnerability in Adobe Flash Player & AIR Patched

Adobe- American multinational computer software company has released new versions of its Flash Player to eliminate a number of critical vulnerabilities  in Flash Player that could lead to system crashes or remote attackers controlling computers running compromised software. All the flaws were discovered by members of the Google Security Team are associated with several CVE numbers; CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5280 are buffer overflows, CVE-2012-5279 is a memory corruption issue and CVE-2012-5278 is a security bypass; all of which are listed as potentially allowing an attacker to inject malicious code into the system. Google said it will update Flash Player installed with Google Chrome, and Microsoft will do the same with Internet Explorer 10. In the security bulletin Adobe said that it has released security updates for Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.243 and earlier versions for Linux, Adobe Flash Player 11.1.115.20 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. 

Adobe recommends users update their product installations to the latest versions:-

• Users of Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.5.502.110.
• Users of Adobe Flash Player 11.2.202.243 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.251.
• Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.5.31.2 for Windows, Macintosh and Linux.
• Flash Player installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.3.376.12 for Windows.
• Users of Adobe Flash Player 11.1.115.20 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.27.
• Users of Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.24.
• Users of Adobe AIR 3.4.0.2710 and earlier versions for Windows and Macintosh, SDK (including AIR for iOS) and Android should update to Adobe AIR 3.5.0.600.

AFFECTED SOFTWARE VERSIONS:- 

• Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh
• Adobe Flash Player 11.2.202.243 and earlier versions for Linux
• Adobe Flash Player 11.1.115.20 and earlier versions for Android 4.x
• Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and 2.x
• Adobe AIR 3.4.0.2710 and earlier versions for Windows and Macintosh, SDK (includes AIR for iOS) and Android

To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system. To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.  To verify the version of Adobe AIR installed on your system, follow the instructions in the Adobe AIR TechNote. Adobe also recommended its Adobe AIR users to update  to 3.5.0.600.
While talking about security patches in Adobe product, we want to give to reminder that just couple of weeks ago Adobe also plugged buffer overflow vulnerability in its Shockwave Player. Also in late September, Adobe disclosed that it had been attacked and hackers were using a valid Adobe certificate to sign two malicious utilities used most often in targeted attacks. Adobe revoked the certificate Oct. 4.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Adobe Patches Multiple Security Holes in Adobe Flash Player & AIR (CVE-2012-5274 to 5280)"https://www.voiceofgreyhat.com/2012/11/Adobe-Patches-Security-Holes-in-Flash-Player-AIR.html</a>

Adobe Plugged Newly Found Zero-day Hole In Flash Player

Adobe Plugged Newly Found Zero-day Hole In Flash Player

Adobe warned that hackers are exploiting a critical vulnerability in its popular Flash Player program, and issued an emergency update to patch the bug. The vulnerability allows an attacker to crash the player or take control of an affected system. Adobe says that there are reports of this vulnerability being exploited in the wild as part of targeted email-based attacks which trick the user into clicking on a malicious file. Adobe released security updates for Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.7 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and 2.x. These updates address an object confusion vulnerability (CVE-2012-0779) that could cause the application to crash and potentially allow an attacker to take control of the affected system.
There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message. The exploit targets Flash Player on Internet Explorer for Windows only. 

Affected Software Version :- 

• Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux operating systems
• Adobe Flash Player 11.1.115.7 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and 2.x

Adobe recommends users of Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 11.2.202.235. Flash Player installed with Google Chrome was updated automatically, so no user action is required. Users of Adobe Flash Player 11.1.115.7 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.8. Users of Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.9. For detailed information and to see the security bulletin of Adobe click here.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Adobe Plugged Newly Found Zero-day Hole In Flash Player"https://www.voiceofgreyhat.com/2012/05/adobe-plugged-newly-found-zero-day-hole.html</a>

Zero-Day Vulnerability In Flash Patched By Adobe

Zero-Day Vulnerability In Flash Patched By Adobe 

Yet another Zero day vulnerability found in Adobe Flash Player. Earlier hackers found zero-day exploit in flash player which can allow an attacker to hack you web-cam remotely later Adobe patched that. Before releasing Flash Player 11 Adobe issued new privacy policy and security update but now it seems that those are of zero use. 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.

Affected Version:- 

• Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems

• Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and 2.x

Later Adobe confirmed that and immediately released a patch to close the security hole. Through this security release Adobe also resolves a universal cross-site scripting vulnerability that could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability (CVE-2012-0767) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message (Internet Explorer on Windows only). Google's Chrome Web browser, which directly integrates Flash into its software (unlike competing browsers) also received an update to reflect Adobe's patch update. 

Recommendation From Adobe:-

Adobe recommends users of Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 11.1.102.62. Users of Adobe Flash Player 11.1.112.61 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.6. Users of Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.6. For further details click here.

Earlier in 2011 another Flash Player bug found in Blackberry OS & later fixed by the developer and also last year adobe closes serious security hole in Acrobat 9X & Adobe Reader.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Zero-Day Vulnerability In Flash Patched By Adobe"https://www.voiceofgreyhat.com/2012/02/zero-day-vulnerability-in-flash-patched.html</a>

New Privacy & Security Updates of Adobe Flash Player 11

Adobe announced this week that it's putting the finishing touches on a new version of Flash Player that will provide new security and privacy enhancements on both the desktop and mobile versions of its application. Notably, Flash Player 11--set to debut in early October--adds desktop support for SSL socket connections, as well as a secure, random number generator, both of which should help developers to better secure users' information. "Flash Player previously provided a basic, random number generator through Math.random. This was good enough for games and other lighter-weight use cases, but it didn't meet the complete cryptographic standards for random number generation," said Adobe

New Security Features in Flash Player 11:-

On the security front, Adobe is introducing several new features that will allow developers to better protect customer data. The first major new feature being added by Adobe is support for SSL socket connections, which will make it easier for developers to protect the data they stream over the Flash Player raw socket connections.
Adobe is  also adding a secure random number generator. Flash Player previously provided a basic, random number generator through Math.random. This was good enough for games and other lighter-weight use cases, but it didn’t meet the complete cryptographic standards for random number generation. The new random number generator API hooks the cryptographic provider of the host device, such as the CryptGenRandom function in Microsoft CAPI on Windows, for generating the random number. The native OS cryptographic providers have better sources of entropy and have been peer reviewed by industry experts.

Lastly, the introduction of 64-bit support in Flash Player 11 brings with it some security side-benefits: If you are using a 64-bit browser that supports address space layout randomization (ASLR) in conjunction with the 64-bit version of Flash Player, you will be protected by 64-bit ASLR. Traditional 32-bit ASLR only has a small number of bits available in the memory address for randomizing locations. Memory addresses based on 64-bit registers have a wider range of free bits for randomization, increasing the effectiveness of ASLR.
Overall, Adobe security and privacy roadmap still has much more to come, and Adobe is already working on the next generation of features for upcoming releases. To take a look at the many new features in Flash Player 11—whether it be the advancements for gaming, media and data-driven applications, the security enhancements or the new mobile privacy features—check out the release candidate of Flash Player 11 for desktops now available on Adobe Labs or watch for an announcement once Flash Player 11 for desktops and Android devices becomes available in early October.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">New Privacy & Security Updates of Adobe Flash Player 11"https://www.voiceofgreyhat.com/2011/09/new-privacy-security-updates-of-adobe.html</a>

Adobe Released Security Bulletin to Patch Multiple Vulnerable Products

Adobe released a security bulletin to patch their multiple vulnerable products. Here are the list with detail information of those products.

• APSB11-19 – Security update available for Adobe Shockwave Player (Critical)
• APSB11-20 – Security update available for Adobe Flash Media Server (Critical)
• APSB11-21 – Security update available for Adobe Flash Player (Critical)
• APSB11-22 – Security update available for Adobe Photoshop CS5 (Critical)
• APSB11-23 – Security updates available for RoboHelp (Important)

Security update available for Adobe Shockwave Player:-

 
Critical vulnerabilities have been identified in Adobe Shockwave Player 11.6.0.626 and earlier versions on the Windows and Macintosh operating systems. These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system.
Adobe recommends users of Adobe Shockwave Player 11.6.0.626 and earlier versions update to Adobe Shockwave Player 11.6.1.629.

Security update available for Adobe Flash Media Server :-

A critical vulnerability has been identified in Adobe Flash Media Server (FMS) 4.0.2 and earlier versions, and Adobe Flash Media Server (FMS) 3.5.6 and earlier versions for Windows and Linux.
This vulnerability could allow an attacker, who successfully exploits the vulnerability, to cause a denial of service on the affected system. Adobe has provided an update to address the reported vulnerability and recommends that users update their installations to Flash Media Server 4.0.3 or 3.5.7 respectively.

Security update available for Adobe Flash Player :-

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.25 and earlier versions for Android. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users of Adobe Flash Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 10.3.183.5. Users of Adobe Flash Player for Android 10.3.185.25 and earlier versions should update to Adobe Flash Player for Android 10.3.186.3. Users of Adobe AIR 2.7 for Windows and Macintosh, should update to 2.7.1 and users of AIR 2.7 for Android should update to Adobe AIR 2.7.1.1961.

Security update available for Adobe Photoshop CS5 :-

A critical vulnerability has been identified in Photoshop CS5 and CS5.1 (12.0 and 12.1) and earlier for Windows and Macintosh that could allow an attacker who successfully exploits this vulnerability to take control of the affected system. To successfully exploit this vulnerability, an attacker would have to convince a user to open a malicious .GIF file in Photoshop CS5.

Security updates available for RoboHelp :-

An important vulnerability has been identified in RoboHelp 9 (versions 9.0.1.232 and earlier), RoboHelp 8, RoboHelp Server 9 and RoboHelp Server 8. A specially crafted URL could be used to create a cross-site scripting attack on RoboHelp installations. 

-News Source (Adobe & Help Security)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Adobe Released Security Bulletin to Patch Multiple Vulnerable Products"https://www.voiceofgreyhat.com/2011/08/adobe-released-security-bulletin-to.html</a>

SWFRETools: A Tool to Reverse Engineer SWF Files

The SWFRE Tools are a collection of tools built for vulnerability analysis of the Adobe Flash player and for malware analysis of malicious SWF files. The tools are partly written in Java and partly in Python and are licensed under the GPL 2.0 license.
The basic architecture of SQFRETools is as follows:

• Flash Dissector: Flash Dissector is a GUI tool that allows you to inspect SWF files on a binary level. When you open a SWF file in Flash Dissector you have the ability to look through the structures defined in the SWF file in a hex editor and in a structure viewer. This makes it easy to understand what bytes of a SWF file hold what functionality.
• SWF Parser: SWF Parser is an open-source SWF file parser implemented in Java that you can build upon when you want to create your own Flash reverse engineering tools.
• Minimizer: The Minimizer program takes a SWF input that makes Flash Player crash and automatically removes the parts of the SWF file that are not related to the crash. This makes it easier to determine what the root cause of a crash is.
• FP Debugger: This Flash Player hooking script hooks important functionality in Flash Player at runtime and dumps information about what Flash Player is parsing and executing. This is very useful in situations where Flash Player trips up and static analysis are out of sync with what Flash Player is doing.
• StatsGenerator: Generate stats over SWF files.

Detailed information about using the above mentioned tools can be found in the “readme” files in the each of their directories. Application testing or code review businesses are in boom in the IT and Financial sectors. Tools such as SWFREtools help you as you try to analyze SWF file based exploits or even with stuff such as metadata from the extracted images.
This SWF file reverse engineering framework depends on the following lists of files and softwares:

• Java FileDrop
• JHexView
• Java
• splib
• Buggery

Download SWFREtools (swfretools_100.zip) here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">SWFRETools: A Tool to Reverse Engineer SWF Files"https://www.voiceofgreyhat.com/2011/05/swfretools-tool-to-reverse-engineer-swf.html</a>

Adobe Says Windows 8 Users are Vulnerable to Active Flash Exploits (Microsoft Will not Patch the Bug Until October)

Adobe Says Windows 8 Users are Vulnerable to Active Flash Exploits (Microsoft Will not Patch the Bug Until October 26)

Adobe confirmed a serious security hole in Windows 8, hackers have been aiming at  Microsoft's Windows 8 PCs for several weeks as it is vulnerable to attack by exploits. Its very unfortunate for those who runs all the four (consumer preview, developer preview, release preview & enterprise) pre-release version of Windows 8, because the Redmond based software giant Microsoft said it will not patch the bug in Flash Player until what it called "GA," for "general availability." That would be Oct. 26, when Windows 8 hits retail and PCs powered by the new operating system go on sale. 

"We will update Flash in Windows 8 via Windows Update as needed," a spokeswoman said in a reply to questions. "The current version of Flash in the Windows 8 RTM build does not have the latest fix, but we will have a security update coming through Windows Update in the GA timeframe."
Microsoft, not Adobe, is responsible for patching Flash Player in Windows 8 because the company took a page from Google's playbook and integrated the popular media software with Internet Explorer 10 (IE10), the new operating system's browser. Last month, Adobe issued two updates for Flash Player that patched eight vulnerabilities, some of which were ranked as "1" by the company, its highest threat warning. One of the vulnerabilities, tagged as CVE-2012-1535, was patched Aug. 14, but had been exploited for an indeterminate time before that.
In fact, CVE-2012-1535 was one of four "zero-days," or unpatched vulnerabilities, exploited in a 16-week stretch by an elite hacker gang revealed by Symantec researchers on Friday. Microsoft has not updated the Flash in IE10 within Windows 8 to accommodate those two sets of patches, Adobe confirmed Friday. "Flash Player 11.3.372.94 does not incorporate the fixes released in APSB12-18 and APSB12-19," said Wiebke Lips, a spokeswoman for Adobe, referring to the Aug. 14 and Aug. 21 Flash updates.
Windows 8 RTM's IE10 identifies the integrated Flash Player as version 11.3.372.94, a more recent build than the one in Windows 8 Release Preview, but older than the most-up-to-date version for Windows, 11.4.402.265, which Adobe delivered on Aug. 21.

Adobe actually told some users about Windows 8's Flash situation two weeks ago. On an Adobe support forum, a company representative announced on Aug. 23 that there would be no Flash update for Windows 8 and IE10 until late October. "Since Windows 8 has not yet been released for general availability, the update channel is not active," said Chris Campbell, identified as an Adobe employee. "Once this goes live, you'll start getting updates to Flash Player."

-Source (Computer World)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Adobe Says Windows 8 Users are Vulnerable to Active Flash Exploits (Microsoft Will not Patch the Bug Until October)"https://www.voiceofgreyhat.com/2012/09/Windows8-Users-are-Vulnerable-to-Active-Flash-Exploits.html</a>

Adobe release patch for Flash Player to prevent XSS

Adobe has released an out-of-cycle security update for Flash Player just days after learning of a new zero-day vulnerability. The vulnerability affected Flash Player 10.3.181.16 and earlier versions on Windows, Macintosh, Linux and Solaris, and Android version 10.3.185.22 and earlier. Despite the speed of the patch release, the vulnerability did not get the top "critical" rating, but is still rated "important". The "important" status denotes a vulnerability which could compromise data security, allowing hackers access to confidential data, or could compromise processing resources in a user's computer. "This universal cross-site scripting vulnerability (CVE-2011-2107) could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website," Adobe said in a security bulletin. According to Adobe, the vulnerability is being exploited in the wild, in active, targeted attacks tricking the user into clicking on a malicious link delivered in an e-mail message. Adobe recommends users of the affected versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 10.3.181.22 or 10.3.181.23 for ActiveX. The firm expects to release an update for Flash Player 10.3.185.22 for Android later this week.
Adobe investigated the flaw in Adobe Reader and Acrobat versions 10.x and 9.x for Windows and Macintosh, but said it was unaware of zero-day attacks against those platforms.
Google has updated its Chrome web browser, also affected by the vulnerability.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Adobe release patch for Flash Player to prevent XSS"https://www.voiceofgreyhat.com/2011/06/adobe-release-path-for-flash-player-to.html</a>

Adobe releases Flash Player 10.3 update for Windows, Mac, Linux and Android

Adobe has released the latest update for Flash Player, version 10.3. The update works with all Flash-enabled platforms, including Windows, Mac OS, Linux and Android, with support for the most recent 3.1 update to Honeycomb. You can nab the download on the web at Adobe.com or through Android Market on your mobile device

The latest Flash update is all about squashing bugs and making things work more smoothly. On the Android side, that means NEON optimizations for OMAP4-based devices (pretty much just the BlackBerry PlayBook for now), various fixes for the Samsung Galaxy S, HTC EVO and some Motorola devices and some optimizations for Android 3.0+. All of the fixes are detailed on Adobe’s Android patch notes page. There are a variety of fixes on the non-mobile side as well, along with a handful of new features.
In addition to some new developer tools for measuring video and acoustic echo cancellation, there are also now new controls for managing local storage that have been integrated directly into your browser’s privacy settings, with support for Mozilla Firefox 4, Microsoft Internet Explorer 8 and higher, Google Chrome 11 and “a future release of Apple Safari.” The update also adds a dedicated Flash Player Settings Manager to Control Panels/System Preferences on Windows, Mac and Linux computers, and auto-updated notifications for Mac OS. 
Download Adobe Flash Player 10.3

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Adobe releases Flash Player 10.3 update for Windows, Mac, Linux and Android"https://www.voiceofgreyhat.com/2011/05/adobe-releases-flash-player-103-update.html</a>

Kororaa Linux 15 Released (Based on Fedora 15, Lovelock)

Dubbed Squirt, the new Kororaa 15 OS is now based on the Fedora 15 release, it features both KDE SC 4.6 and GNOME 3 desktop environments, and it is available for download (see download links at the end of the article) for both 32-bit and 64-bit architectures. Kororaa 15 includes lots of new and interesting features, such as Ubuntu’s Jockey Device Driver Manager tool as a replacement for the old Add/Remove Extras script, easier installation of the Adobe Flash Player plugin, and lots more.
"Users still on Kororaa 14 may wish to upgrade to 15 and should do so via a new install (backup your data if necessary). Users who wish to stay with GNOME 2.x should not upgrade to 15, as it comes with GNOME 3."
"However, Kororaa 15 does include a desktop switcher for GNOME 3, so that users can switch between the new Shell interface and the 2.x style Fallback mode." - said Chris Smart in the official announcement.

Highlights of Kororaa 15:-

· Linux kernel 2.6.40.4;
· Customized GNOME 3 desktop environment;
· Customized KDE SC 4.6 desktop environment;
· Mozilla Firefox 6 as default web browser;
· VLC as default video player;
· Pidgin as the default IM client;
· Extra repositories for installing Adobe Flash Player, Google Chrome,                     RPMFusion and VirtualBox;
· Gwibber and Choqok microblogging clients;
· Out-of-the-box multimedia support;
· Adobe Flash Player installer;
· Jockey Device Driver Manager to easily install Nvidia and ATI video drivers;
· Shell and Fallback desktops switcher for GNOME 3;
· OpenShot and Kdenlive video editors;
· SELinux enabled;
· Australian and British English support and dictionaries;
· DownThemAll add-on for Firefox;
· Linphone VoIP client (for the KDE edition);
· Removed KSplice;
· Removed Add/Remove Extras script;
· Lots of other improvements and bugfixes.

To download Kororaa Linux click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Kororaa Linux 15 Released (Based on Fedora 15, Lovelock)"https://www.voiceofgreyhat.com/2011/09/kororaa-linux-15-released-based-on.html</a>

BlackBerry PlayBook OS v1.07.3312 Updated & Fixed Adobe Flash Vulnerability

A new version of the BlackBerry® Tablet OS is now available to all BlackBerry® PlayBook™ tablet users. BlackBerry Tablet OS v1.07.3312 contains an updated version of Adobe® Flash® Player. This free update can be downloaded over-the-air from your BlackBerry PlayBook tablet.

On September 21st, Adobe issued an update for Adobe Flash Player, as noted in Adobe Security BulletinsAPSB-11-26, which addresses issues that can potentially affect any PC, tablet, or other device with an operating system that supports Adobe Flash. 

While there are no known reports of any BlackBerry PlayBook tablet users being affected by these Adobe Flash issues, we (as always) encourage all BlackBerry PlayBook users to update to the newest version of the BlackBerry Tablet OS. For more information about what these security updates mean to the BlackBerry PlayBook, please see our security advisory.

How to update your BlackBerry PlayBook tablet :-

Existing BlackBerry PlayBook tablet users will automatically receive a software update notification on the BlackBerry PlayBook status ribbon, or they can check for the software update at any time in the settings menu under Software Updates. Users who purchase and activate a BlackBerry PlayBook tablet on or after Thursday October 6th will automatically be updated to 1.07.3312 or later as part of the BlackBerry PlayBook tablet setup process.

For users who are already running BlackBerry PlayBook v1.0.7.2942 or higher, the update to this new version (v1.07.3312) will include only the Adobe Flash update and is expected to take only a few minutes to install.

-News Source (BlackBerry) 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">BlackBerry PlayBook OS v1.07.3312 Updated & Fixed Adobe Flash Vulnerability"https://www.voiceofgreyhat.com/2011/10/blackberry-playbook-os-v1073312-updated.html</a>

Adobe Flash Zero-day Exploit Which Allowing Others To Use Your Webcam Has Been Patched

A Stanford University student recently discovered a security flaw with Adobe’s Flash Player that allowed malicious users to activate your webcam and microphone without your knowledge. They could then tap into the video and audio to watch and listen to your every move. OK, that sounded a lot less sensationalist in my head. Unfortunately, up until a few days ago, this exploit very much existed and Adobe was working feverishly on a fix. Feross Aboukhadijeh, the aforementioned Stanford student, wrote about the flaw on October 18.
According to Feross Aboukhadijeh:-

"I discovered a vulnerability in Adobe Flash that allows any website to turn on your webcam and microphone without your knowledge or consent to spy on you. It works in all versions of Adobe Flash that I tested. I’ve confirmed that it works in the Firefox and Safari for Mac browsers. Use one of those if you check out the live demo. There’s a weird CSS opacity bug in most other browsers (Chrome for Mac and most browsers on Windows/Linux)."

Video Demo:-

Later Adobe issued a critical update for its Flash Player software. The patch fixes six security vulnerabilities, at least one of which is a zero-day vulnerability being actively exploited in the wild. The details of the Adobe security bulletin explain, "This update resolves a universal cross-site scripting issue that could be used to take actions on a user's behalf on any website or webmail provider if the user visits a malicious website (CVE-2011-2444)," adding, 

"Note: There are reports that this issue is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message."
The zero-day bug fixed today is similar to a flaw in Flash that was patched in June. Coincidentally, both the June vulnerability, and this one patched today were reported to Adobe by Google.

To download the Patch and more about Adobe Security Bulletin Click Here 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Adobe Flash Zero-day Exploit Which Allowing Others To Use Your Webcam Has Been Patched"https://www.voiceofgreyhat.com/2011/10/adobe-flash-zero-day-exploit-which.html</a>

NSS Labs are Now Offering Rewards Money for Fresh Exploits

NSS Labs is sweetening the pot for its ExploitHub marketplace by offering rewards to security gurus who can write working exploits for a dozen "high-value" vulnerabilities. The company, which has set aside US$4,400 in reward money, plans to give $100 to $500 to the first people to submit a working exploit for the vulnerabilities. Ten of the vulnerabilities concern Microsoft's Internet Explorer browser and two were found in Adobe's Flash multimedia program.
The exploits must be client-side remote exploits that can result in code execution. Proof-of-concept code and denial-of-service conditions do not qualify. NSS Labs will pay the developer with American Express gift cards. Residents from countries that the U.S. has a standing embargo against are not allowed to participate.
NSS Labs said that those who win can then sell their exploits on ExploitHub, a marketplace the company set up for penetration testers to acquire exploits to test against their infrastructure. ExploitHub was set up to help with the development of penetration testing tools and to assist computer security researchers.
Those who write the winning exploits may then sell their code on ExploitHub, with NSS Labs taking a 30 percent commission. Penetration testers can also make requests via the marketplace for exploits for specific vulnerabilities. Those who want to buy exploits are vetted by NSS Labs to ensure the marketplace is not abused.
ExploitHub also only sells exploits for vulnerabilities that have been patched and does not host ones for zero-day vulnerabilities. 

The vulnerabilities that NSS Labs is offering the reward for are:-

1. CVE-2011-1256: Microsoft Internet Explorer CElement Memory Corruption

2. CVE-2011-1266: Microsoft Internet Explorer VML vgx.dll Use After Free

3. CVE-2011-1261: Microsoft Internet Explorer selection.empty Use After Free

4. CVE-2011-1262: Microsoft Internet Explorer Redirect Memory Corruption

5. CVE-2011-1963: Microsoft Internet Explorer XSLT Memory Corruption

6. CVE-2011-1964: Microsoft Internet Explorer Style Object Memory Corruption

7. CVE-2011-0094: Microsoft Internet Explorer CSS Use After Free Memory Corruption

8. CVE-2011-0038: Microsoft Internet Explorer 8 IESHIMS.DLL Insecure Library Loading

9. CVE-2011-0035: Microsoft Internet Explorer Deleted Data Source Object Memory Corruption

10. CVE-2010-3346: Microsoft Internet Explorer HTML Time Element Memory Corruption

11. CVE-2011-2110: Adobe Flash Player ActionScript Function Variable Arguments Information

12. CVE-2011-0628: Adobe Flash Player Remote Integer Overflow Code Execution

-News Source (PC-World)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">NSS Labs are Now Offering Rewards Money for Fresh Exploits"https://www.voiceofgreyhat.com/2011/10/nss-labs-are-now-offering-rewards-money.html</a>

Google Hackers Who Unleashed Hydraq/Aurora Trojan Strikes Again

Google Hackers Who Unleashed Hydraq/Aurora Trojan Strikes Again 

Computer security firm Symantec has unveiled, that a hacker group which unleashed the Hydraq or Aurora Trojan horse against Google and 34 other companies in 2009 has also been linked to attacks that have compromised systems at defense contractors, human rights organizations, and other large groups. According to the official blog of Symantec- they have been monitoring the activities of that hacker group since last three years and figure out that these attackers have used a large number of zero-day exploits against not just the intended target organization, but also on the supply chain manufacturers that service the company in their cross hairs. These attackers are systematic and re-use components of an infrastructure we have termed the "Elderwood Platform". The term "Elderwood" comes from the exploit communication used in some of the attacks. This attack platform enables them to quickly deploy zero-day exploits. The attacking methodology has always used spear phishing emails but we are now seeing an increased adoption of "watering hole" attacks (compromising certain websites likely to be visited by the target organization). The overall campaign by this group has been dubbed by the name "Elderwood Project".  

Serious zero-day vulnerabilities, which are exploited in the wild and affect a widely used piece of software, are relatively rare; there were approximately eight in 2011. The past few months however has seen four such zero-day vulnerabilities used by the Elderwood attackers. Although there are other attackers utilizing zero-day exploits (for example, the Sykipot, Nitro, or even Stuxnet attacks), we have seen no other group use so many. The number of zero-day exploits used indicates access to a high level of technical capability. Here are just some of the most recent exploits that they have used:

•  Adobe Flash Player Object Type Confusion Remote Code Execution Vulnerability (CVE-2012-0779)
•  Microsoft Internet Explorer Same ID Property Remote Code Execution Vulnerability (CVE-2012-1875)
•  Microsoft XML Core Services Remote Code Execution Vulnerability (CVE-2012-1889)
•  Adobe Flash Player Remote Code Execution Vulnerability (CVE-2012-1535) 

Symantec have published a research paper that details the links between various exploits used by this attacking group, their method of targeting organizations, and the Elderwood Platform. It puts into perspective the continuing evolution and sheer resilience of entities behind targeted attacks. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Google Hackers Who Unleashed Hydraq/Aurora Trojan Strikes Again"https://www.voiceofgreyhat.com/2012/09/Google-Hackers-Who-Unleashed-Hydraq-Trojan-Strikes-Again.html</a>

Flash Player Vulnerability in Google Chrome

Multiple vulnerabilities have been identified in Google Chrome, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system. The vulnerabilities are caused due to a bundled vulnerable version of Adobe Flash Player.

Note: The Vulnerability (CVE-2011-2444) Is Currently Being Exploited In The Wild
Impact:-
Cross-Site Scripting
Remote Code Execution

System / Technologies Affected:-
Google Chrome 14.x
Solutions:-
Before installation of the software, please visit the software manufacturer web-site for more details. And update to version 14.0.835.186

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Flash Player Vulnerability in Google Chrome"https://www.voiceofgreyhat.com/2011/09/flash-player-vulnerability-in-google.html</a>

Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage

Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage

Earlier we haev discussed many times about one of the most famous and widely used exploitation framework named Metasploit. Yet again the Rapid 7 released another updated version of Metasploit. This update brings Metasploit to version 4.2.0, adding IPv6 support and virtualization target coverage. You'll also notice a new Product News section and update notification for our weekly updates. Since the last major release (4.1.0), added 54 new exploits, 66 new auxiliary modules, 43 new post-exploitation modules, and 18 new payloads. 

Brief About Metasploit:- 

The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.

Module Changes:-

•     Novell eDirectory eMBox Unauthenticated File Access

•     JBoss Seam 2 Remote Command Execution

•     NAT-PMP Port Mapper

•     TFTP File Transfer Utility

•     VMWare Power Off Virtual Machine

•     VMWare Power On Virtual Machine

•     VMWare Tag Virtual Machine

•     VMWare Terminate ESX Login Sessions

•     John the Ripper AIX Password Cracker

•     7-Technologies IGSS 9 IGSSdataServer.exe DoS

•     Microsoft IIS FTP Server <= 7.0 LIST Stack Exhaustion

•     DNS and DNSSEC fuzzer

•     CheckPoint Firewall-1 SecuRemote Topology Service Hostname Disclosure

•     CorpWatch Company ID Information Search

•     CorpWatch Company Name Information Search

•     General Electric D20 Password Recovery

•     NAT-PMP External Address Scanner

•     Shodan Search

•     H.323 Version Scanner

•     Drupal Views Module Users Enumeration

•     Ektron CMS400.NET Default Password Scanner

•     Generic HTTP Directory Traversal Utility

•     Microsoft IIS HTTP Internal IP Disclosure

•     Outlook Web App (OWA) Brute Force Utility

•     Squiz Matrix User Enumeration Scanner

•     Sybase Easerver 6.3 Directory Traversal

•     Yaws Web Server Directory Traversal

•     OKI Printer Default Login Credential Scanner

•     MSSQL Schema Dump

•     MYSQL Schema Dump

•     NAT-PMP External Port Scanner

•     pcAnywhere TCP Service Discovery

•     pcAnywhere UDP Service Discovery

•     Postgres Schema Dump

•     SSH Public Key Acceptance Scanner

•     Telnet Service Encyption Key ID Overflow Detection

•     IpSwitch WhatsUp Gold TFTP Directory Traversal

•     VMWare ESX/ESXi Fingerprint Scanner

•     VMWare Authentication Daemon Login Scanner

•     VMWare Authentication Daemon Version Scanner

•     VMWare Enumerate Permissions

•     VMWare Enumerate Active Sessions

•     VMWare Enumerate User Accounts

•     VMWare Enumerate Virtual Machines

•     VMWare Enumerate Host Details

•     VMWare Web Login Scanner

•     VMWare Screenshot Stealer

•     Capture: HTTP JavaScript Keylogger

•     Oracle DB SQL Injection via SYS.DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION

•     Asterisk Manager Login Utility

•     FreeBSD Telnet Service Encryption Key ID Buffer Overflow

•     Linux BSD-derived Telnet Service Encryption Key ID Buffer Overflow

•     Java Applet Rhino Script Engine Remote Code Execution

•     Family Connections less.php Remote Command Execution

•     Gitorious Arbitrary Command Execution

•     Horde 3.3.12 Backdoor Arbitrary PHP Code Execution

•     OP5 license.php Remote Command Execution

•     OP5 welcome Remote Command Execution

•     Plone and Zope XMLTools Remote Command Execution

•     PmWiki <= 2.2.34 pagelist.php Remote PHP Code Injection Exploit

•     Support Incident Tracker <= 3.65 Remote Command Execution

•     Splunk Search Remote Code Execution

•     Traq admincp/common.php Remote Code Execution

•     vBSEO <= 3.6.0 proc_deutf() Remote PHP Code Injection

•     Mozilla Firefox 3.6.16 mChannel Use-After-Free

•     CTEK SkyRouter 4200 and 4300 Command Execution

•     Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow

•     Icona SpA C6 Messenger DownloaderActiveX Control Arbitrary File Download and Execute

•     HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution

•     Viscom Image Viewer CP Pro 8.0/Gold 6.0 ActiveX Control

•     Java MixerSequencer Object GM_Song Structure Handling Vulnerability

•     MS05-054 Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution

•     MS12-004 midiOutPlayNextPolyEvent Heap Overflow

•     Viscom Software Movie Player Pro SDK ActiveX 6.8

•     Adobe Reader U3D Memory Corruption Vulnerability

•     Aviosoft Digital TV Player Professional 1.0 Stack Buffer Overflow

•     BS.Player 2.57 Buffer Overflow

•     CCMPlayer 1.5 m3u Playlist Stack Based Buffer Overflow

•     Free MP3 CD Ripper 1.1 WAV File Stack Buffer Overflow

•     McAfee SaaS MyCioScan ShowReport Remote Command Execution

•     Mini-Stream RM-MP3 Converter v3.1.2.1 PLS File Stack Buffer Overflow

•     MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow

•     Ability Server 2.34 STOR Command Stack Buffer Overflow

•     AbsoluteFTP 1.9.6 - 2.2.10 LIST Command Remote Buffer Overflow

•     Serv-U FTP Server < 4.2 Buffer Overflow

•     HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow

•     XAMPP WebDAV PHP Upload

•     Avid Media Composer 5.5 - Avid Phonetic Indexer Buffer Overflow

•     Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020000 Buffer Overflow

•     HP Diagnostics Server magentservice.exe Overflow

•     StreamDown 6.8.0 Buffer Overflow

•     Wireshark console.lua Pre-Loading Script Execution

•     Oracle Job Scheduler Named Pipe Command Execution

•     SCADA 3S CoDeSys CmpWebServer <= v3.4 SP4 Patch 2 Stack Buffer Overflow

•     Sunway Forcecontrol SNMP NetDBServer.exe Opcode 0x57

•     OpenTFTP SP 1.4 Error Packet Overflow

•     AIX Gather Dump Password Hashes

•     Linux Gather Saved mount.cifs/mount.smbfs Credentials

•     Multi Gather VirtualBox VM Enumeration

•     UNIX Gather .fetchmailrc Credentials

•     Multi Gather VMWare VM Identification

•     UNIX Gather .netrc Credentials

•     Multi Gather Mozilla Thunderbird Signon Credential Collection

•     Multiple Linux / Unix Post Sudo Upgrade Shell

•     Windows Escalate SMB Icon LNK dropper

•     Windows Escalate Get System via Administrator

•     Windows Gather RazorSQL Credentials

•     Windows Gather File and Registry Artifacts Enumeration

•     Windows Gather Enumerate Computers

•     Post Windows Gather Forensics Duqu Registry Check

•     Windows Gather Privileges Enumeration

•     Windows Manage Download and/or Execute

•     Windows Manage Create Shadow Copy

•     Windows Manage List Shadow Copies

•     Windows Manage Mount Shadow Copy

•     Windows Manage Set Shadow Copy Storage Space

•     Windows Manage Get Shadow Copy Storage Info

•     Windows Recon Computer Browser Discovery

•     Windows Recon Resolve Hostname

•     Windows Gather Wireless BSS Info

•     Windows Gather Wireless Current Connection Info

•     Windows Disconnect Wireless Connection

•     Windows Gather Wireless Profile

For additional information click Here. To Download Metasploit version 4.2.0 for windows & Linux click Here.

 -Source (rapid7)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage"https://www.voiceofgreyhat.com/2012/02/metasploit-420-released-with-ipv6.html</a>

Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned

Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned Only Safari Survived 

Couple of months ago we have talked about 'Pwn2Own 2013' hacking contest sponsored by HP TippingPoint, ZDI and Google where the most famous and widely used browsers have to face challenges. Now the result of this long awaited security competition has came which is showing that the entire browser security landscape can change in a single day, as browsers thought to be secure are proven to be otherwise. Of the Big Four browsers, only Apple's Safari has so far survived the onslaught of the browser-breakers where Chrome, Internet Explorer 10 and Firefox all fell to the mercy of the hackers. Not only browsers but also three other popular applications that is Adobe Reader, Flash Player and yet again Java fallen victim to hackers at 'Pwn2Own'. And for Java it was a true disaster as Java fell three times, though under the contest rules, only the first attacker was due to win the $20,000 prize. Vupen, a renowned security research firm based in France, cracked both Firefox and Internet Explorer. It roughly explained the attack in a tweet, “We’ve pwned Firefox using a use-after-free and a brand new technique to bypass ASLR/DEP on Win7 without the need of any ROP.” This bug hint leads them winning $100,000 for finding a huge hole. Again in a tweet, Security firm Vupen explained “We’ve pwned MS Surface Pro with two IE10 zero-days to achieve a full Windows 8 compromise with sandbox bypass.” Lastly, U.K.-based security firm MWR Labs cracked Chrome and also gained full control of the operating system, this time Windows 7. It also “demonstrated a full sandbox bypass exploit.” The company explained in a blog post that it found a zero-day in Chrome “running on a modern Windows-based laptop.” It was able to exploit the vulnerability by performing a very similar attack to what took down Facebook, Microsoft, and a number of other well-known companies: It had the laptop visit a malicious website. 

Now lets take look at the final score board of Pwn2Own 2013:

Wednesday:
1:30 - Java (James Forshaw) PWNED
2:30 - Java (Joshua Drake) PWNED
3:30 - IE 10 (VUPEN Security) PWNED
4:30 - Chrome (Nils & Jon) PWNED
5:30 - Firefox (VUPEN Security) PWNED
5:31 - Java (VUPEN Security) PWNED

Thursday:
12pm - Flash (VUPEN Security) PWNED
1pm - Adobe Reader (George Hotz) PWNED
2pm - Java (Ben Murphy via proxy) PWNED

The total damage to the prize fund comes out at a whopping $480k. With HP's announcement that everyone will get paid for each attack, the prize monies will be divvied up as follows:-

1. James Forshaw: Java = $20K
2. Joshua Drake: Java = $20k
3. VUPEN Security: IE10 + Firefox + Java + Flash = $250k
4. Nils & Jon: Chrome = $100k
5. George Hotz: Adobe Reader = $70k
6. Ben Murphy: Java = $20k

As you all know that the main motive of these contest is to make applications, software more safe and secure while figuring out hidden vulnerabilities  Here also for Pwn2Own the security holes figured out by the above experts have already been submitted and taken carefully by those organization  along with that, the expected patch for the browsers have already been released. Those who are still using the older version of those above applications are requested to update their system. So, stay tuned with VOGH and be safe on the Internet. 

-Source (HP, Naked Security) 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned"https://www.voiceofgreyhat.com/2013/03/Pwn2Own-2013-Result.html</a>

Apple Fixes OSX Revir-B Trojan Vulnerability

Apple has updated the bare-bones antivirus protection included with Mac OS X to detect a Trojan horse that poses as a PDF document. That Trojan, named "Revir.A" by Finnish security company F-Secure but "Revir.B" by others, masquerades as a PDF file . Unwary users who download and open the fake PDF actually start a malware chain reaction that infects a Mac with multiple pieces of attack code, including a "backdoor" designed to listen to a hacker-controlled server for further instructions. 

Apple added a signature for Revir on Friday to the detection engine called XProtect included with Mac OS X 10.6, aka Snow Leopard, and Mac OS X 10.7, better known as Lion. Since May, when Apple fought a weeks-long battle with makers of phony Mac security software -- usually called "scareware" or "rogueware" -- XProtect checks daily for new signature updates.
The new signature will detect Revir if a user downloads the fake PDF document using Safari, iChat or Mail -- Mac OS X's native email client -- and then displays a warning urging the user to toss the file into the Trash. On Monday, however, Mac-centric security company Intego said it had spotted a new piece of Mac malware disguised as an Adobe Flash installer.
Tagged "Flashback" by Intego, the Trojan installs itself when the fake Flash file is run, then deactivates the Mac outbound firewall Little Snitch , likely as an attempt to hide communication between the malware and its remote command-and-control server.
Flashback uses the same phony Flash distribution tactic as a Trojan horse named "QHost.WB" found by F-Secure in early August. Apple updated XProtect to detect QHost on Aug. Intego speculated that hackers may think the Flash installer trick will be effective because Lion, unlike earlier Mac OS X editions, does not come with the Adobe software pre-installed.
The French antivirus firm recommended that users download Flash Player only from Adobe's website, and if they're using Safari, to uncheck the box marked "Open 'safe' files after downloading" under the General tab to prevent fake installers like Flashback from running automatically. 

-News Source (Network World)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Apple Fixes OSX Revir-B Trojan Vulnerability"https://www.voiceofgreyhat.com/2011/09/apple-fixes-osx-revir-b-trojan.html</a>

Hackers are using Critical Flash Bug

Adobe said that the vulnerability, which it referred to by the identifier CVE-2011-2110 in its update, "could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via malicious web pages." Last week, Adobe released a series of security patches for their products, fixing a number of issues that included this vulnerability. 

More recently, security company Websense has discovered that this vulnerability is being used in two separate forms of attack. This includes so-called drive-by attacks, where users need only to visit a site in order to be served malware. The other form is spear-phishing, a targeted phishing attack that attempts to lure an internet user into clicking a malicious link by claiming to come from a legitimate business. The vulnerability only exists in versions of Flash which have yet to be patched with the latest security update. Websense recommends that all users patch the latest version as soon as possible. "As always, it's crucial that you install the latest version of Adobe Flash Player as soon as possible if you haven't done so already. The vulnerable versions are any version older than 10.3.181.26," said the company.

Hackers are using a critical security vulnerability in Flash to attack users despite a recent update from Adobe designed to fix the bug. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Hackers are using Critical Flash Bug"https://www.voiceofgreyhat.com/2011/06/hackers-are-using-critical-flash-bug.html</a>

5 "Uncommon" Linux Distributions

 CrunchBang

CrunchBang it's a minimalistic distribution based on Debian 6.
Why minimalistic ?
The default Desktop Environment it's Openbox, that for people used to Gnome or KDE it's a big difference, you don't have Icons, fancy graphical effects (compiz anyone? ) or even a menu in one of the corners that show all your programs.
You get a clean, black and white desktop, on the right side you have the live statistics of your resources usage, and the list of commands you can use (example, super + l to lock screen).
I've been amazed by the low use of resource of this distribution, 50 MB after you login into your desktop, so you can use all of your resource for your applications. It's also perfect for old computers with just 256 MB of Ram.
Così si pensa, ok, ma probabilmente sarà riempito con piccoli programmi inutili,niente mi può davvero usare per il mio ufficio / lavoro o tempo libero.
Wrong !
There is already a good number of software that you can use to do your usual things, like Chromium as browser or Gimp as Image Editor or VLC for the multimedia; also, as stated, this distribution is based on Debian 6, so you can have Openoffice, Mozilla 4 or many others programs.
If you have enough of the big Desktop environment this one is for you.

 Gentoo

I've fall in love with Gentoo in 2004, and we are still together.

In Gentoo the binary packages are not available (there are some exceptions for big package). Each package must be downloaded and compiled on the PC of the user with the flags he has choose, so that you get from each package the best performance, or at least this is the theory.

While in the years I've saw that some of my programs have better start up time respect of precompiled distributions this is usually due to the fact that you can select every single aspect of each package, so as example you could choose that your Multimedia player support avi,ogg and divx only, so probably you have fast performance and a quick startup time but less codec; so for me the main attractive of Gentoo is total customization, and after that speed.
In any case, the good thing is that each new update is released when available. This approach makes Gentoo a distribution always updated, this distribution don't has release cycle like Ubuntu and Fedora, but is called "rolling" it means that it's constantly updated.

For example i keep the same installation from 2004 to 2008 on my previous computer, just updating packages when they come out, and during all that time i moved from kernel 2.4 to 2.6 and made a lot of change in every package, still the distribution keeped it's consistency.

The package management is efficient and easy to use. On the other hand, the installation of newsystems and large packages can be very tedious, even with a very fast processor, so if you want to approach this great distro...take your time, be patient and at the end you'll have learnt a lot more of GNU/Linux.

 Pinguy OS

 

it's more or less the opposite of Gentoo, a distribution to make things easy to the beginners.

This OS is for people that have never used Linux before or for people that just want an out-of-the-box working OS without doing all the tweaks and enhancements that everyone seems to do when installing a fresh copy of Ubuntu or other Linux based Distro's. 

So all the programs in Pinguy OS have been chosen because of their ease of use and functionality, I also changed every file type to open with the right program, like for some reason by default .iso are opened with Archive Manager so I changed that to Brasero Disc Burner.

All the multimedia codecs are there. So there is Oracle Java and Adobe Flash player.

Pinguy OS also helps reduce your carbon footprint because it runs Granola in the background. Granola is a free tool that helps reduce the power consumption of your computer without affecting its performance. 

So this distro is really suggested if you are not used to Linux or don't want to spend time in tweaking/configuration

Aptosid

 

is an operating system based on the Debian GNU/Linux unstable branch, codenamed sid. The project stems from criticism by users of Debian Linux newbies (too difficult toinstall, configure and maintain, requiring the use of console commands or editing configuration files) are the basis of Aptosid, whose purpose is to offer tools and support to make Debian Sid easy to configure and stable enough for the user desktop for the professional. Aptosid supports 32 and 64 bit architectures, graphical user interface KDE or Xfce, lite or full version.

The full ISO is around 2gb, but it has really everything, both for new and expert users. Despite its size, loading from a live dvd is really fast and stable, just like his distro "mother" Debian.

if you like Debian, but want updated software this is a good choice for sure.

Bodhi Linux

 

This is a fresh new project, Bodhi is a minimalistic, enlightened (the Desktop Environment), Linux desktop. Bodhi is built on top of an Ubuntu 10.04 core, using the latest, elegant Enlightenment desktop, all accessed by the light weight LXDM login manager. Bodhi uses dpkg and apt-get for package management.
Bodhi Linux is a very minimal Ubuntu based Linux distro with Enlightenment(E17) as the default desktop(window manager). Standard ISO size is just around 350MB and the latest release is based on Ubuntu 10.04 "Lucid Lynx". System requirements will tell you the whole story. Bodhi Linux requires just 1.5GB HD space, 300mhz i386 Processor and just 128MB of RAM! Thats how minimal things can get.
One of the first things you are going to notice while logging into Bodhi Linux is a prompt that will ask you to choose the theme and the applications you would like to have in your desktop as default.
Dock application at the bottom is called “Shelf” and like Docky or AWN, Shelf is quite easy to use and configure. Bodhi Linux has Nautilus as the default file browser and also has Synaptic Package Manager as a default option. Nautilus in Bodhi Linux is already powered by awesome Nautilus Elementary hack.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">5 "Uncommon" Linux Distributions"https://www.voiceofgreyhat.com/2011/05/5-uncommon-linux-distributions.html</a>