Slashdot Mirror

← Back to Domains

Domain: frsirt.com

Stories and comments across the archive that link to frsirt.com.

Stories · 7

  1. How Do You Handle New MS Word Vulnerabilities?

    Ask · Bug · · posted by Cliff · from the it-maybe-time-to-look-into-a-new-word-processor dept. · 157 comments
    chipperdog asks: "With yet another zero-day exploit of MS-Word document files, what are fellow system admins doing to protect themselves against these threats? I have been blocking all .doc and .dot at the mail and proxy servers until malware scanners have signatures to detect and block the malicious files. Of course, this caused a uproar with the users, as there were continuous calls like: 'When can I send and receive Word files again' and 'I can't get anything done if I can't send/receive Word files'. Any suggestion of sending documents in different formats (like rtf, html, txt, or pdf) results in even more creative user 'feedback'. Has anyone done anything creative in their handling of word files — like having qmail-scanner pipe all .doc attachments through something such as wv to convert them to a less exploitable format?"

  2. Firefox Exploit Adds Fuel to Browser Security Feud

    Tech · Mozilla · · posted by Zonk · from the patch-early-patch-often dept. · 510 comments
    An anonymous reader writes "Washingtonpost.com is reporting that a fairly nasty exploit has been released for a security hole that Firefox patched just yesterday. This is sure to add fuel to the ongoing heated debate over whether Mozilla is any safer the Internet Explorer." From the article: "This is not your run-of-the-mill proof of concept exploit code. It appears to be quite comprehensive, and would allow any attacker to use it with only slight modifications. According to the advisory, the code is designed to be embedded in a Web site so that anyone computer visiting the evil site with Firefox or Netscape would open up a line of communication with another Internet address of the attacker's choice, effectively letting the bad guys control the victim computer from afar."

  3. Internet Security Warnings

    It · Security · · posted by CmdrTaco · from the we-have-a-code-yellow-people-this-is-not-a-drill-omg-freak-out dept. · 296 comments
    Juha-Matti Laurio writes "Internet Storm Center's Diary reported today: Due to a number of very well working Windows exploits for this weeks patch set, and the zero-day Veritas exploit, we decided to turn the Infocon to yellow. The following Internet Threat Level meters are at level 2/4 because of Windows Plug and Play vulnerability's several exploit codes too: Symantec ThreatCon as a part of global DeepSight Threat Management System saying Increased alertness and Internet Security Systems X-Force with Increased vigilance at AlertCon."

  4. Linux Kernel 2.6.11.9 Released (Security Update)

    It · Security · · posted by timothy · from the small-change dept. · 26 comments
    GnuTer writes "Greg KH has just announced the availability of the newest Linux kernel release, 2.6.11.9. This version fixes various local vulnerabilities and exploits. You can get it from the usual mirrors at kernel.org/mirrors."

  5. Apple iTunes Hit With a New Critical Flaw

    It · Security · · posted by Zonk · from the watch-what-you-listen-to dept. · 44 comments
    Jameson writes "Apple has released a new iTunes version to correct a security vulnerability reported by Mark Litchfield. FrSIRT and Secunia marked the flaw as "critical", because it can be exploited by malicious people to compromise a user's system via maliciously-crafted MPEG4 file. iTunes 4.8 addresses this issue by improving the validation checks used when loading MPEG4 files."

  6. New Mozilla Firefox 1.0.3 Exploit

    Tech · Mozilla · · posted by CmdrTaco · from the happens-to-every-browser dept. · 596 comments
    An anonymous reader writes "News sources are reporting that a 'killer' new Firefox exploit has been revealed today by FrSIRT who warn that this 0day exploit/vulnerability (as yet unpatched) should be rated as critical. Summary of the exploit: If a user clicks anywhere on a specially crafted page, this code will automatically create and execute a malicious batch/exe file. Proof of concept code supplied by FrSIRT."

  7. New Mozilla Firefox 1.0.3 Exploit

    Tech · Mozilla · · posted by CmdrTaco · from the happens-to-every-browser dept. · 596 comments
    An anonymous reader writes "News sources are reporting that a 'killer' new Firefox exploit has been revealed today by FrSIRT who warn that this 0day exploit/vulnerability (as yet unpatched) should be rated as critical. Summary of the exploit: If a user clicks anywhere on a specially crafted page, this code will automatically create and execute a malicious batch/exe file. Proof of concept code supplied by FrSIRT."