Showing posts sorted by date for query Mozilla. Sort by relevance Show all posts
Showing posts sorted by date for query Mozilla. Sort by relevance Show all posts

Debian Linux 7.0 Code Named 'Wheezy' Released & Available For Download

Posted by Avik Sarkar On 5/09/2013 04:30:00 pm

Debian Linux 7.0 Code Named 'Wheezy' Released & Added  Multiarch Support, Several Specific Tools

Once it was one of the most popular Linux distribution which have drawn the maximum attention, yes you are right I am talking about none other than Debian Linux. Now a days the craze of this flavor has became little fade but as the foundation for other, more popular Linux distributions, such as Mint, Ubuntu and few Pen Testing Distro, still the value of Debian exist. So the up-gradation and new release of this Linux flavor is  still very much important. And today I will talk about the new release of Debian Linux version 7.0 code named 'Wheezy'. After many months of constant development, the developers at Debian project proudly announced the general availability of the next version of this major Linux which is Debian 7.0 aka 'Wheezy'. According to the release note This new version of Debian includes various interesting features such as multiarch support, several specific tools to deploy private clouds, an improved installer, and a complete set of multimedia codecs and front-ends which remove the need for third-party repositories. Multiarch support, one of the main release goals for Wheezy, will allow Debian users to install packages from multiple architectures on the same machine. This means that you can now, for the first time, install both 32- and 64-bit software on the same machine and have all the relevant dependencies correctly resolved, automatically. The installation process has been greatly improved: Debian can now be installed using software speech, above all by visually impaired people who do not use a Braille device. Thanks to the combined efforts of a huge number of translators, the installation system is available in 73 languages, and more than a dozen of them are available for speech synthesis too. In addition, for the first time, Debian supports installation and booting using UEFI for new 64-bit PCs (amd64), although there is no support for Secure Boot yet. 

This Release Includes Numerous Updated Software Packages, Such as:-
  • Apache 2.2.22
  • Asterisk 1.8.13.1
  • GIMP 2.8.2
  • An updated version of the GNOME desktop environment 3.4
  • GNU Compiler Collection 4.7.2
  • Icedove 10 (an unbranded version of Mozilla Thunderbird)
  • Iceweasel 10 (an unbranded version of Mozilla Firefox)
  • KDE Plasma Workspaces and KDE Applications 4.8.4
  • kFreeBSD kernel 8.3 and 9.0
  • LibreOffice 3.5.4
  • Linux 3.2
  • MySQL 5.5.30
  • Nagios 3.4.1
  • OpenJDK 6b27 and 7u3
  • Perl 5.14.2
  • PHP 5.4.4
  • PostgreSQL 9.1
  • Python 2.7.3 and 3.2.3
  • Samba 3.6.6
  • Tomcat 6.0.35 and 7.0.28
  • Xen Hypervisor 4.1.4
  • The Xfce 4.8 desktop environment
  • X.Org 7.7

Along with these more than other 36,000 ready-to-use software packages, built from nearly 17,500 source packages also included in Debian Linux 7.0. So after reading all those cool features, what you are waiting for lets download the installation image via bittorrent (the recommended method), jigdo, or HTTP




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Controversial Cyber Security Bill CISPA Passed Again By The US House

Posted by Avik Sarkar On 4/23/2013 11:30:00 pm

Controversial Cyber Security Bill CISPA Passed Again By The US House

Couple of months ago we reported that the White House is planning for an executive cyber security order, from some official sources it has also come to know that the U.S. President Mr. Barack Obama has a special plan to re-introduce the Cyber Intelligence Sharing and Protection Act (CISPA). Today that deceleration get executed as the US House of Representatives has passed the controversial Cyber Information Sharing and Protection Act. This is the second time when CISPA have been passed by the White House, first it was rejected by the Senator while saying that the bill did not do enough to protect privacy. But yet again with the initiative of Obama and a substantial majority of politicians in the House backed the bill. Though there is a huge chance of getting rejected. According to some relevant sources it has been came to light that, this time also CISPA could fail again in the Senate after threats from President Obama to veto it over privacy concerns. Sources are saying that the main reason of re-introducing CISPA is the the President Barack Obama expressed concerns that it could pose a privacy risk. The White House wants amendments so more is done to ensure the minimum amount of data is handed over in investigations.  The law is passing through the US legislative system as American federal agencies warn that malicious hackers, motivated by money or acting on behalf of foreign governments, such as China, are one of the biggest threats facing the nation.  "If you want to take a shot across China's bow, this is the answer," said Mike Rogers, the Republican politician who co-wrote CISPA and chairs the House Intelligence Committee. 

On the other hand CISPA has also secured the backing of several technology firms, including the CTIA wireless industry group, as well as the TechNet computer industry lobby group, which has Google, Apple and Yahoo as members. By contrast, some other big names like Mozilla, Reddit has been vocal in its opposition to the bill. In the beginning the social networking giant Facebook supported CISPA but later they took back its support. The American Civil Liberties Union has also opposed CISPA, saying the bill was "fatally flawed". The Electronic Frontier Foundation (EFF), Reporters Without Borders and the American Library Association have all voiced similar worries.


-Source (BBC)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Pwn2Own 2013 -Hack Major Browser, Adobe Reader, Flash or Java & Earn in Million Dollars

Posted by Avik Sarkar On 1/24/2013 06:58:00 pm


Pwn2Own 2013 -Hack Major Web-browser, Adobe Reader, Flash or Java & Earn in Million Dollars 

Since the last two years the Pwn2Own hacker contest has become an important fixture in the world of testing the security of software applications, operating systems and hardware devices. In last two years we have seen several hackers, security professionals have expressed their enthusiasm and joined Pwn2Own where four major and widely browser's security get compromised, in order to make applications, software more safe and secure. Last year we have reported how different hackers across the globe taken part in Pwn2Own and successfully hacked Google Chrome, IE & Firefox, and earned millions of dollars. But the contest of this year has some more twist than before as, HP TippingPoint and Google, sponsor of Pwn2Own, has made clear that it is expanding the focus of the competition beyond browsers. Also, Pwn2own 2013 will include $560,000 in prize money for demonstrations of exploits in the major web browsers, Adobe Reader, Adobe Flash or Oracle Java

Contest Dates:-

The contest will take place the 6th, 7th, and 8th of March in Vancouver, British Columbia during the CanSecWest 2013 conference. DVLabs blog post will be updated as the contest plays out and get real-time updates by following either @thezdi or @Pwn2Own_Contest on Twitter or search for the hash tag #pwn2own.

Rules & Prizes:-

HP ZDI is offering more than half a million dollars (USD) in cash and prizes during the competition for vulnerabilities and exploitation techniques in the below categories. The first contestant to successfully compromise a selected target will win the prizes for the category.
  • Web Browser
    • Google Chrome on Windows 7 ($100,000)
    • Microsoft Internet Explorer, either
      • IE 10 on Windows 8 ($100,000), or
      • IE 9 on Windows 7 ($75,000)
    • Mozilla Firefox on Windows 7 ($60,000)
    • Apple Safari on OS X Mountain Lion ($65,000)
  • Web Browser Plug-ins using Internet Explorer 9 on Windows 7
    • Adobe Reader XI ($70,000)
    • Adobe Flash ($70,000)
    • Oracle Java ($20,000)
The targets will be running on the latest, fully patched version of the Windows 7, 8, and OS X Mountain Lion. All targets will be installed in their default configurations, as this is how a majority of users will have them configured. As always, the vulnerabilities utilized in the attack must be unknown and not previously reported to the vendor. If a sandbox is present, a full sandbox escape is required to win. A given vulnerability may only be used once across all categories.
Upon successful demonstration of the exploit, the contestant will provide HP ZDI a fully functioning exploit and all the details of the vulnerability used in the attack. In the case that multiple vulnerabilities were exploited to gain code execution, details about all the vulnerabilities (memory corruption, infoleaks, escalations, etc.) leveraged and the sequence in which they are used must be provided to receive the prize money. The initial vulnerability utilized in the attack must be in the registered category.
Along with prize money, the contestant will receive the compromised laptop and 20,000 ZDI reward points* which immediately qualifies them for Silver standing. 

Full contest rules can be found at http://dvlabs.tippingpoint.com/Pwn2OwnContestRules.html, and may be changed at any time without notice.

Registration:-
Contestants are asked to pre-register by contacting ZDI via e-mail at zdi@hp.com. This will allow the organizer to ensure that they have the necessary resources in place to facilitate the attack. If more than one contestant registers for a given category, the order of the contestants will be drawn at random.






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Chrome 23 Closes 15 Security Vulnerabilities, Promises Longer Battery Life & Added Do Not Track (DNT)

Posted by Avik Sarkar On 11/09/2012 04:30:00 am

Chrome 23 Closes 15 Security Vulnerabilities, Promises Longer Battery Life & Added Do Not Track (DNT)

The searching giant Google finally included the Do Not Track (DNT) option into its first stable version of the company's browser which is Google Chrome 23. In February internet giant Google has agreed with the White House's Consumer Privacy Bill and here comes the result. Google has implemented the Do Not Track (DNT) header in its Chrome web browser.  Few months ago Microsoft made Do Not Track (DNT) facility available by default in Internet Explorer 10. Also the Redmond based software giant drew some criticism recently for its decision to enable Do Not Track by default in IE 10First it was Mozilla who proposed the Do Not Track mechanism, in Firefox in June 2011 when it released Firefox 5. The DNT option is disabled by default in Chrome and in order to turn it on, users need to go to the customization menu in the top right corner of the browser window. Then click on the Settings option in the left side and scroll down to open the Advanced Settings menu. Under the Privacy menu, check the box next to the "Send a 'Do Not Track' request with your browsing traffic" option. Once that option is enabled, the user will see a message explaining what the DNT system will do for them.
Not only DNT, with the release of Chrome 23, Google closes several security holes and promises to improve battery life for some users. For systems with dedicated graphics chips that support Chrome's GPU-accelerated video decoding, version 23 of the WebKit-based browser is said to significantly reduce power consumption. According to Google, batteries lasted on average 25% longer in its tests when GPU-accelerated video decoding was enabled compared to only using a system's CPU when streaming online videos. Version 23 of Chrome also addresses a total of 15 security vulnerabilities in the browser, 6 of which are rated as "high severity". These include high-risk use-after-free problems in video layout and in SVG filter handling, a integer bounds check issue in GPU command buffers and a memory corruption flaw in texture handling; a Mac-only problem related to wild writes in buggy graphics drivers has also been fixed. Eight medium-severity flaws including an integer overflow that could lead to an out-of-bounds read in WebP handling, and a low-risk have also been corrected. As part of its Chromium Security Vulnerability Rewards program, Google paid security researchers $9,000 for discovering and reporting these flaws. The update to Chrome also includes a new version of the Adobe Flash Player plugin which eliminates a number of critical vulnerabilities, all of which were discovered by the Google Security Team. Further information about the new features can be found in the release announcement, while a full list of security fixes is provided in a post on the Chrome Releases blog. Chrome 23.0.1271.64 is available to download for Windows, Mac OS X and Linux users. 


-Source (Google Chrome Blog, The-H & threatpost)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Mozilla Fixed Cross Site Ccripting (XSS) Flaws & Released Firefox Version 16.0.2

Posted by Avik Sarkar On 11/02/2012 03:28:00 am

Mozilla Fixed Cross Site Ccripting (XSS) Flaws & Released Firefox Version 16.0.2

Serious security hole in Mozilla Firefox has been fixed. Mozilla has announced availability of Firefox version 16.0.2, an emergency update to address a serious flaw in the way the browser treats the LocationObject. According to the advisory, successful exploitation of this flaw can result in cross site scripting or code execution. The bug was first discovered by security researcher Mariusz Mlynski, which  forced Mozilla developers to release the third emergency fix in a month since the introduction of version 16 of the popular browser. According to the Security Advisories of Mozilla Foundation -Mozilla has fixed a number of issues related to the Location object in order to enhance overall security. With Firefox 16.0.2 also the security bug in Firefox ESR 10.0.10, Thunderbird 16.0.2, Thunderbird ESR 10.0.10 & SeaMonkey 2.13.2 has been fixed. Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users. There is also the possibility of gaining arbitrary code execution if the attacker can take advantage of an add-on that interacts with the page content. Security researcher Antoine Delignat-Lavaud of the PROSECCO research team at INRIA Paris reported the ability to use property injection by prototype to bypass security wrapper protections on the Location object, allowing the cross-origin reading of the Location object. Users running older versions of Firefox are advised to update immediately using the auto-update feature built into the browser.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Whonix -Anonymous Operating System Based on Debian/GNU Linux & Tor

Posted by Avik Sarkar On 10/16/2012 07:34:00 pm

Whonix -Anonymous Operating System Based on Debian/GNU Linux & Tor 

Whonix, which is earlier called TorBOX or aos; now been reintroduced with a new style. This time we got a complete anonymous general purpose Operating System based on Virtual Box, Debian GNU/Linux and Tor.  According to the project wiki page - in Whonix IP and DNS leaks are impossible. Not even malware with root rights can find out the user's real IP/location. This is because Whonix consists of two virtual machines. One machine solely runs Tor and acts as a gateway, which we call Whonix-Gateway. The other machine, which we call Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible. 

We request our reader to See Security for a more comprehensive description, security features and threat model. You can even go through with full change log and also download the source code from github

Key Features:- 

  • Adobe Flash anonymously
  • browse the web anonymously
  • Anonymous IRC
  • Anonymous Publishing
  • Anonymous E-Mail with Mozilla Thunderbird and TorBirdy
  • Add a proxy behind Tor (Tor -> proxy)
  • Based on Debian GNU/Linux.
  • Based on the Tor anonymity network.
  • Based on Virtual Box.
  • Can torify almost any application.
  • Can torify any operating system
  • Can torify Windows.
  • Chat anonymously.
  • Circumvent Censorship.
  • DNSSEC over Tor
  • Encrypted DNS
  • Full IP/DNS protocol leak protection.
  • Hide the fact that you are using Tor/Whonix
  • Isolating Proxy
  • Java anonymously
  • Javascript anonymously
  • Location/IP hidden servers
  • Prevents anyone from learning your IP.
  • Prevents anyone from learning your physical location.
  • Private obfuscated bridges supported.
  • Protects your privacy.
  • Protocol-Leak-Protection and Fingerprinting-Protection
  • Secure And Distributed Time Synchronization Mechanism
  • Security by Isolation
  • Stream isolation to prevent identity correlation through circuit sharing
  • Virtual Machine Images
  • VPN/Tunnel Support
  • Whonix is produced independently from the Tor (r) anonymity software and carries no guarantee from  The Tor Project about quality, suitability or anything else.
  • Transparent Proxy
  • Tunnel Freenet through Tor
  • Tunnel i2p through Tor
  • Tunnel JonDonym through Tor
  • Tunnel Proxy through Tor
  • Tunnel Retroshare through Tor
  • Tunnel SSH through Tor
  • Tunnel UDP over Tor
  • Tunnel VPN through Tor
To Download Whonix-0.4.5 Click Here. Before download please note that Whonix is produced independently from the Tor anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else. 






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Google Added Do Not Track (DNT) Facility in Chrome (User Privacy Implemented)

Posted by Avik Sarkar On 9/15/2012 03:48:00 pm

Google Added Do Not Track (DNT) Facility in Chrome Web-Browser (User Privacy Implemented)

Few months ago Microsoft made Do Not Track (DNT) facility available by default in Internet Explorer 10. So here comes the turn for Chrome. In February internet giant Google has agreed with the White House's Consumer Privacy Bill and here comes the result. Google has implemented the Do Not Track (DNT) header in its Chrome web browser, while promising to respect DNT headers set by visitors to its web site. 

First it was Mozilla who proposed the Do Not Track mechanism, later it has been garnered support from all major browser makers and a majority of the technology industry. 
Users who want to take advantage of the new DNT capabilities in Chrome will have to install the latest "bleeding edge" developer build in the form of the Chrome Canary branch. However, this version is not recommended for use in production environments. Users who are running a stable version of the browser will have to wait some months for the feature to arrive in the mainstream version.
"Do Not Track" is a tool that allows browser users to restrict advertisers from collecting information about their online Web activities. It has the backing of the U.S. Federal Trade Commission. Browsers with "Do Not Track" turned on don't block cookies but send a message to advertisers that the user does not want to be tracked. Companies voluntarily decide whether to comply with "Do Not Track," much as they currently decide whether to comply with the "Do Not Call" registry. Microsoft's announcement that it would turn on "Do Not Track" by default in IE10 angered advertisers. "The Digital Advertising Alliance, a coalition that counts Microsoft as a member, said that the decision ran counter to the industry's agreement with the White House announced earlier this year to honor 'do not track' as long as it is not a default setting," many international standards bodies.


-Source (The-H)





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Mozilla Stand Against CISPA, Saying The Bill Will Infringes on Our Privacy

Posted by Avik Sarkar On 5/07/2012 06:13:00 pm

Mozilla Stand Against CISPA, Saying The Bill Will Infringes on Our Privacy
 
When almost 99% of leading IT Industry, software giant like Microsoft, Facebook, AT&T, Intel, Verizon has been either silent or quietly supportive of the controversial bill HR 3523 Act dubbed the Cyber Intelligence Sharing and Protection Act (CISPA). But here we get one exception late Tuesday, Mozilla’s Privacy and Public Policy lead sent me the following statement:-
"While we wholeheartedly support a more secure Internet, CISPA has a broad and alarming reach that goes far beyond Internet security. The bill infringes on our privacy, includes vague definitions of cybersecurity, and grants immunities to companies and government that are too broad around information misuse. We hope the Senate takes the time to fully and openly consider these issues with stakeholder input before moving forward with this legislation."
CISPA’s official supporters include Facebook, Microsoft, IBM, Intel, Oracle and Symantec among others–carriers including AT&T and Verizon have signed on, too. Despite reports that Microsoft had backed off its support for the bill citing privacy, a Microsoft spokesperson Monday told reporters that the company’s supportive position on CISPA remains “unchanged.”




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

OpenBSD 5.1 Released With Better Hardware Support & Performance

Posted by Avik Sarkar On 5/03/2012 12:35:00 pm

OpenBSD 5.1 Released With Better Hardware Support & Performance
Last year we got both FreeBSD & PCBSD 9 after few months we got GhostBSD 2.5 Final version. Couple of moths ago a public beta of NetBSD 6.0 get released for testing purpose. Now its the turn of OpenBS, The OpenBSD project has made version 5.1 of its free BSD-based UNIX-like operating system available to download. The latest update to the distribution comes six months after the release of OpenBSD 5.0 and includes better hardware support, performance improvements and new features, as well as package upgrades. 
Some Highlights:-
  • GNOME 3.2.1 (fallback mode)
  • KDE 3.5.10
  • Xfce 4.8.3
  • MySQL 5.1.60
  • PostgreSQL 9.1.2
  • Postfix 2.8.8
  • OpenLDAP 2.3.43 and 2.4.26
  • Mozilla Firefox 3.5.19, 3.6.25 and 9.0.1
  • Mozilla Thunderbird 9.0.1
  • GHC 7.0.4
  • LibreOffice 3.4.5.2
  • Emacs 21.4, 22.3 and 23.4
  • Vim 7.3.154
  • PHP 5.2.17 and 5.3.10
  • Python 2.5.4, 2.7.1 and 3.2.2
  • Ruby 1.8.7.357 and 1.9.3.0
  • Tcl/Tk 8.5.11
  • Jdk 1.7
  • Mono 2.10.6
  • Chromium 16.0.912.77
  • Groff 1.21 
Along with these we are getting OpenSSH 6.0, Xenocara (based on X.Org 7.6 with xserver 1.11.4 + patches, freetype 2.4.8, fontconfig 2.8.0, Mesa 7.10.3, xterm 276, xkeyboard-config 2.5 and more), OpenSSL 1.0.0f, Bind 9.4.2-P2, Gcc 4.2.1, Perl 5.12.2, Lynx 2.8.7rel.2 with HTTPS and IPv6 support, Sudo 1.7.2p8 & so on.  For additional information & to see the release note click here.

To Download OpenBSD 5.1 Click Here




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Firefox 12 & 13 Beta Introduces Simpler Update Process, 85 Improvements to Developer Tools & SPDY

Posted by Avik Sarkar On 4/28/2012 02:55:00 pm

Firefox 12 & 13 Beta Introduces Simpler Update Process, 85 Improvements to Developer Tools & SPDY
Developers at Mozilla declared the availability of Firefox 12 as well as Firefox 13 beta. With these release Firefox also includes more than 85 improvements to built-in developer tools. For example, developers no longer need to reload the page to see messages in the Web Console, and Scratchpad adds Find and Jump to Line commands to the editor. Developers claimed that your experience while updateing Firefox will be easier and better. nstead of asking users for the required privileges via UAC, it now uses the Mozilla Maintenance Service to update program files. Firefox executes the service with system privileges when it is needed and closes it after the update. An Access Control Entry (ACE) in the update service allows Firefox to launch it with system privileges even though the browser itself does not have them.
In Firefox 13 beta we are getting SPDY, the faster alternative to HTTP, has been incorporated in Firefox, but disabled by default, since the introduction of Firefox 11. Firefox 13 will be the first release with it enabled by default. What is new in Firefox 13 Beta:- 
  • SPDY Support: Firefox Beta now supports SPDY by default. SPDY is a protocol designed as a successor to HTTP that reduces the amount of time it takes for websites to load. SPDY encrypts all communication with SSL, which makes browsing more secure. Users will notice quicker page load speeds on sites that support SPDY networking.
  • Developer Tool Updates: Firefox Beta includes a number of improvements to Web Developer Tools. Page Inspector now allows you to lock in CSS pseudo-classes on inspected page elements and Style Editor now saves CSS files loaded via file:// URLs without prompting to make the workflow for experimenting with CSS much quicker.

To Download Firefox 12 for Windows, Linux & Mac Click Here & For Firefox 13 Beta Click Here




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Flashback Trojan Infected Over 600,000 Mac-OS Users, Apple Pushes Out Fix Again

Posted by Avik Sarkar On 4/09/2012 12:38:00 pm

Flashback Trojan Infected Over 600,000 Mac-OS Users, Apple Pushes Out Fix Again 

Russian anti-virus vendor Dr. Web spotted a Trojan affecting nearly 600,000 Macs around the world. The near immune image of the Mac OS X has simply crumbled. So much for Macs being relatively safe against malware attacks. That idea took a punch to the stomach this week when the news broke about the Flashback trojan affecting more than half a million Macs worldwide. Flashback is essentially the malware equivalent of a smash-and-grab thief. Exploiting a Java vulnerability, the code installs and runs when the user visits a compromised or malicious website, intercepting private data, like passwords, and sending it back out over the internet. According to Doctor Web, sources claim that “links to more than four million compromised web-pages could be found on a Google SERP [search results] at the end of March. In addition, some posts on Apple user forums described cases of infection by [the latest variant] BackDoor.Flashback.39 when visiting dlink.com.” The trojan, Backdoor.Flashback.39, can infect computers via an infected web page. The vulnerability itself lies in Java, a product which is not Apple’s
About 57% of infected machines were in the US, 20% in Canada, 13% in UK and 6% in Australia. Apple has already issued patches that curb the vulnerability, but it does not necessarily mean that all users have applied the security patch on their Macs. Even Mozilla has block listed all the older and vulnerable Java plug-in from Firefox. Users are recommended to install the recent Apple Java update to close the hole which allows malicious web pages to drop the trojan onto a system and to always check which application is actually asking for your password when requested.

Update: To detect if a system is infected with Flashback, run each of the following commands in the Mac OS X Terminal:-
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read /Applications/Firefox.app/Contents/Info LSEnvironment

If all these commands respond with "The domain/default pair of ... does not exist", then there is no Flashback infection. Otherwise consult the F-Secure advisory for manual removal instructions.

If you’re running Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.3 and Lion Server v10.7.3, be sure to hit up Software Update in your System Preferences.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Mozilla Put Older & Vulnerable Versions of Java Into Firefox Blocklist

Posted by Avik Sarkar On 4/05/2012 08:43:00 pm

Mozilla Put Older & Vulnerable Versions of Java Into Firefox Blocklist

In the official blog post Mozilla confirmed that they have blacklisted unpatched versions of the Java plug-in from Firefox on Windows in order to protect its users from attacks that exploit known vulnerabilities in those versions. "The February 2012 update to the Java Development Kit (JDK) and Java Runtime Environment (JRE) included a patch to correct a critical vulnerability that can permit the loading of arbitrary code on an end-user’s computer. This vulnerability—present in the older versions of the JDK and JRE—is actively being exploited, and is a potential risk to users. To mitigate this risk, we have added affected versions of the Java plugin for Windows (Version 6 Update 30 and below as well as Version 7 Update 2 and below) to Firefox’s blocklist. A blocklist entry for the Java plugin on OS X may be added at a future date. Mozilla strongly encourages anyone who requires the JDK and JRE to update to the current version as soon as possible on all platforms. Affected versions of the Java plugin will be disabled unless a user makes an explicit choice to keep it enabled at the time they are notified of the block being applied."- Said Mozilla
Unlike Google's Chrome browser, which has a feature specifically aimed at disabling outdated plug-ins, Firefox relies on Mozilla developers deciding which plug-ins pose a risk to users. However, users retain the choice of preventing those plug-ins from being disabled. The Firefox blocklist has rarely been used to disable plug-ins from big software vendors like Oracle, but precedents do exist. In October 2009, Mozilla decided to add Microsoft's Windows Presentation Foundation (WPF) plug-in to the Firefox blocklist after Microsoft revealed that it had a vulnerability.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Internet Explorer & Firefox Also Became Victim To Hackers At Pwn2Own

Posted by Avik Sarkar On 3/12/2012 09:42:00 pm

Internet Explorer (IE 9) & Firefox 10.0.2 Also Became Victim To Hackers At Pwn2Own
At Pwn2Own contest the web-browsers are getting hacked in a series. First it was the turn of Google Chrome where Sergey Glazunov, a Russian security researcher has earned $60,000 by demonstrating how he could waltz past the security sandbox in Google's Chrome browser to run unauthorized code on fully-patched Windows 7 computers. Then the time came for Microsoft's Internet Explorer. A team from a French security firm managed to hack IE 9 on a fully patched Windows 7 SP1 machine. The group from Paris-based Vupen Security brought down IE9 running on Windows 7 by exploiting a pair of previously-unknown "zero-day" bugs that bypassed the operating system's defensive technologies to execute attack code, allowing that code to escape from IE's "Protected Mode," the browser's limited-rights anti-exploit system. They managed to bypass the browser's DEP and ASLR protection with a 0-day heap overflow vulnerability, and then used a separate memory corruption bug to break out of its Protected Mode, which is effectively a sandbox. According to VUPEN founder Chaouki Bekrar, these particular flows have existed in previous incarnations of the browser - all the way back to IE 6 - and will very likely work on the upcoming IE 10.
Then the turn of Firefox came. Mozilla’s Firefox is the latest browser to fall victim to hackers at this year’s Pwn2Own hacker contest. Two researchers working together – Willem Pinckaers and Vincenzo Iozzo — exploited a single zero-day vulnerability in the latest Firefox 10.0.2 on a fully patched Windows 7 SP1 PC to cart off a $30,000 cash prize.


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage

Posted by Avik Sarkar On 2/24/2012 10:32:00 pm

Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage
Earlier we haev discussed many times about one of the most famous and widely used exploitation framework named Metasploit. Yet again the Rapid 7 released another updated version of Metasploit. This update brings Metasploit to version 4.2.0, adding IPv6 support and virtualization target coverage. You'll also notice a new Product News section and update notification for our weekly updates. Since the last major release (4.1.0), added 54 new exploits, 66 new auxiliary modules, 43 new post-exploitation modules, and 18 new payloads. 
Brief About Metasploit:- 
The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.
Module Changes:-
  •     Novell eDirectory eMBox Unauthenticated File Access
  •     JBoss Seam 2 Remote Command Execution
  •     NAT-PMP Port Mapper
  •     TFTP File Transfer Utility
  •     VMWare Power Off Virtual Machine
  •     VMWare Power On Virtual Machine
  •     VMWare Tag Virtual Machine
  •     VMWare Terminate ESX Login Sessions
  •     John the Ripper AIX Password Cracker
  •     7-Technologies IGSS 9 IGSSdataServer.exe DoS
  •     Microsoft IIS FTP Server <= 7.0 LIST Stack Exhaustion
  •     DNS and DNSSEC fuzzer
  •     CheckPoint Firewall-1 SecuRemote Topology Service Hostname Disclosure
  •     CorpWatch Company ID Information Search
  •     CorpWatch Company Name Information Search
  •     General Electric D20 Password Recovery
  •     NAT-PMP External Address Scanner
  •     Shodan Search
  •     H.323 Version Scanner
  •     Drupal Views Module Users Enumeration
  •     Ektron CMS400.NET Default Password Scanner
  •     Generic HTTP Directory Traversal Utility
  •     Microsoft IIS HTTP Internal IP Disclosure
  •     Outlook Web App (OWA) Brute Force Utility
  •     Squiz Matrix User Enumeration Scanner
  •     Sybase Easerver 6.3 Directory Traversal
  •     Yaws Web Server Directory Traversal
  •     OKI Printer Default Login Credential Scanner
  •     MSSQL Schema Dump
  •     MYSQL Schema Dump
  •     NAT-PMP External Port Scanner
  •     pcAnywhere TCP Service Discovery
  •     pcAnywhere UDP Service Discovery
  •     Postgres Schema Dump
  •     SSH Public Key Acceptance Scanner
  •     Telnet Service Encyption Key ID Overflow Detection
  •     IpSwitch WhatsUp Gold TFTP Directory Traversal
  •     VMWare ESX/ESXi Fingerprint Scanner
  •     VMWare Authentication Daemon Login Scanner
  •     VMWare Authentication Daemon Version Scanner
  •     VMWare Enumerate Permissions
  •     VMWare Enumerate Active Sessions
  •     VMWare Enumerate User Accounts
  •     VMWare Enumerate Virtual Machines
  •     VMWare Enumerate Host Details
  •     VMWare Web Login Scanner
  •     VMWare Screenshot Stealer
  •     Capture: HTTP JavaScript Keylogger
  •     Oracle DB SQL Injection via SYS.DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION
  •     Asterisk Manager Login Utility
  •     FreeBSD Telnet Service Encryption Key ID Buffer Overflow
  •     Linux BSD-derived Telnet Service Encryption Key ID Buffer Overflow
  •     Java Applet Rhino Script Engine Remote Code Execution
  •     Family Connections less.php Remote Command Execution
  •     Gitorious Arbitrary Command Execution
  •     Horde 3.3.12 Backdoor Arbitrary PHP Code Execution
  •     OP5 license.php Remote Command Execution
  •     OP5 welcome Remote Command Execution
  •     Plone and Zope XMLTools Remote Command Execution
  •     PmWiki <= 2.2.34 pagelist.php Remote PHP Code Injection Exploit
  •     Support Incident Tracker <= 3.65 Remote Command Execution
  •     Splunk Search Remote Code Execution
  •     Traq admincp/common.php Remote Code Execution
  •     vBSEO <= 3.6.0 proc_deutf() Remote PHP Code Injection
  •     Mozilla Firefox 3.6.16 mChannel Use-After-Free
  •     CTEK SkyRouter 4200 and 4300 Command Execution
  •     Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow
  •     Icona SpA C6 Messenger DownloaderActiveX Control Arbitrary File Download and Execute
  •     HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution
  •     Viscom Image Viewer CP Pro 8.0/Gold 6.0 ActiveX Control
  •     Java MixerSequencer Object GM_Song Structure Handling Vulnerability
  •     MS05-054 Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution
  •     MS12-004 midiOutPlayNextPolyEvent Heap Overflow
  •     Viscom Software Movie Player Pro SDK ActiveX 6.8
  •     Adobe Reader U3D Memory Corruption Vulnerability
  •     Aviosoft Digital TV Player Professional 1.0 Stack Buffer Overflow
  •     BS.Player 2.57 Buffer Overflow
  •     CCMPlayer 1.5 m3u Playlist Stack Based Buffer Overflow
  •     Free MP3 CD Ripper 1.1 WAV File Stack Buffer Overflow
  •     McAfee SaaS MyCioScan ShowReport Remote Command Execution
  •     Mini-Stream RM-MP3 Converter v3.1.2.1 PLS File Stack Buffer Overflow
  •     MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow
  •     Ability Server 2.34 STOR Command Stack Buffer Overflow
  •     AbsoluteFTP 1.9.6 - 2.2.10 LIST Command Remote Buffer Overflow
  •     Serv-U FTP Server < 4.2 Buffer Overflow
  •     HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow
  •     XAMPP WebDAV PHP Upload
  •     Avid Media Composer 5.5 - Avid Phonetic Indexer Buffer Overflow
  •     Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020000 Buffer Overflow
  •     HP Diagnostics Server magentservice.exe Overflow
  •     StreamDown 6.8.0 Buffer Overflow
  •     Wireshark console.lua Pre-Loading Script Execution
  •     Oracle Job Scheduler Named Pipe Command Execution
  •     SCADA 3S CoDeSys CmpWebServer <= v3.4 SP4 Patch 2 Stack Buffer Overflow
  •     Sunway Forcecontrol SNMP NetDBServer.exe Opcode 0x57
  •     OpenTFTP SP 1.4 Error Packet Overflow
  •     AIX Gather Dump Password Hashes
  •     Linux Gather Saved mount.cifs/mount.smbfs Credentials
  •     Multi Gather VirtualBox VM Enumeration
  •     UNIX Gather .fetchmailrc Credentials
  •     Multi Gather VMWare VM Identification
  •     UNIX Gather .netrc Credentials
  •     Multi Gather Mozilla Thunderbird Signon Credential Collection
  •     Multiple Linux / Unix Post Sudo Upgrade Shell
  •     Windows Escalate SMB Icon LNK dropper
  •     Windows Escalate Get System via Administrator
  •     Windows Gather RazorSQL Credentials
  •     Windows Gather File and Registry Artifacts Enumeration
  •     Windows Gather Enumerate Computers
  •     Post Windows Gather Forensics Duqu Registry Check
  •     Windows Gather Privileges Enumeration
  •     Windows Manage Download and/or Execute
  •     Windows Manage Create Shadow Copy
  •     Windows Manage List Shadow Copies
  •     Windows Manage Mount Shadow Copy
  •     Windows Manage Set Shadow Copy Storage Space
  •     Windows Manage Get Shadow Copy Storage Info
  •     Windows Recon Computer Browser Discovery
  •     Windows Recon Resolve Hostname
  •     Windows Gather Wireless BSS Info
  •     Windows Gather Wireless Current Connection Info
  •     Windows Disconnect Wireless Connection
  •     Windows Gather Wireless Profile
For additional information click Here. To Download Metasploit version 4.2.0 for windows & Linux click Here.

 -Source (rapid7)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Ubuntu 10.04.4 (Lucid Lynx) LTS Released By Canonical

Posted by Avik Sarkar On 2/18/2012 11:52:00 pm

Ubuntu 10.04.4 (Lucid Lynx) LTS Released By Canonical
Ubuntu lovers I have a very good news for you. Canonical and the Ubuntu developers officially announced the availability Ubuntu 10.04.4 LTS the fourth maintenance update to Ubuntu's 10.04 LTS release. This release includes updated server, desktop, alternate installation CDs and DVDs for the i386 and amd64 architectures. Parallely the Kubuntu team made Kubuntu 10.04.4. LTS available which again includes updated images for the desktop and alternate installation CDs and DVDs for the i386 and amd64 architectures. The most notable change is that Firefox has been updated to Firefox 9 and will track Mozilla's rapid release updates. This is the last planned maintenance release for the 10.04 LTS series. Future security updates and bug fixes will be individually downloadable from the Ubuntu archive in the same way as before, but no further updates to installation media will be provided for 10.04 LTS. The next LTS release, 12.04 LTS, will be released in April 2012.  
Earlier in 2011 Ubuntu team has released both version 11.10 code named "Oneiric Ocelot" & 12.04 LTS code named "Precise Pangolin". In the last month they made 12.04 LTS (Precise Pangolin) Alpha 2 available. 

To Download the Desktop Edition of Ubuntu 10.04.4 LTS Click Here & For Server Edition Click Here


 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search