Domain: talosintel.com
Stories and comments across the archive that link to talosintel.com.
Comments · 9
-
Like ALL antiviruses? It's full of security bugs
See subject & http://blog.talosintel.com/2016/08/vulnerability-spotlight-multiple-dos.html/ http://blog.talosintel.com/2016/09/vulnerability-spotlight-kaspersky.html/ http://www.dshield.org/diary/Kaspersky+Anti-Virus+Products+Remote+Heap+Overflow+Vulnerability/719/ https://firstlook.org/theintercept/2015/06/22/nsa-gchq-targeted-kaspersky/ http://slashdot.org/submission/4787123/former-employees-accuse-kaspersky-lab-of-faking-malware/ http://www.theregister.co.uk/2015/09/08/kaspersky_0day/
* FAR from a complete list mind you...
APK
P.S.=> APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ has no bugs, is lighter on resources & less moving parts complexity for exploit + makes you faster (& is native to the IP stack (no filtering drivers) vs. "Bolt on 'MoAr'" stupidity)... apk
-
Like ALL antiviruses? It's full of security bugs
See subject & http://blog.talosintel.com/2016/08/vulnerability-spotlight-multiple-dos.html/ http://blog.talosintel.com/2016/09/vulnerability-spotlight-kaspersky.html/ http://www.dshield.org/diary/Kaspersky+Anti-Virus+Products+Remote+Heap+Overflow+Vulnerability/719/ https://firstlook.org/theintercept/2015/06/22/nsa-gchq-targeted-kaspersky/ http://slashdot.org/submission/4787123/former-employees-accuse-kaspersky-lab-of-faking-malware/ http://www.theregister.co.uk/2015/09/08/kaspersky_0day/
* FAR from a complete list mind you...
APK
P.S.=> APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ has no bugs, is lighter on resources & less moving parts complexity for exploit + makes you faster (& is native to the IP stack (no filtering drivers) vs. "Bolt on 'MoAr'" stupidity)... apk
-
Like ALL antiviruses? It's full of security bugs
See subject & a list: http://blog.talosintel.com/2016/08/vulnerability-spotlight-multiple-dos.html/ http://blog.talosintel.com/2016/09/vulnerability-spotlight-kaspersky.html/ http://www.dshield.org/diary/Kaspersky+Anti-Virus+Products+Remote+Heap+Overflow+Vulnerability/719/ https://firstlook.org/theintercept/2015/06/22/nsa-gchq-targeted-kaspersky/ http://slashdot.org/submission/4787123/former-employees-accuse-kaspersky-lab-of-faking-malware/ http://www.theregister.co.uk/2015/09/08/kaspersky_0day/
APK
P.S.=> APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ has no bugs, is lighter on resources, has less moving parts complexity for exploit + makes you faster & is native to the IP stack (no filtering drivers) vs. "Bolt on 'MoAr'" stupidity... apk
-
Like ALL antiviruses? It's full of security bugs
See subject & a list: http://blog.talosintel.com/2016/08/vulnerability-spotlight-multiple-dos.html/ http://blog.talosintel.com/2016/09/vulnerability-spotlight-kaspersky.html/ http://www.dshield.org/diary/Kaspersky+Anti-Virus+Products+Remote+Heap+Overflow+Vulnerability/719/ https://firstlook.org/theintercept/2015/06/22/nsa-gchq-targeted-kaspersky/ http://slashdot.org/submission/4787123/former-employees-accuse-kaspersky-lab-of-faking-malware/ http://www.theregister.co.uk/2015/09/08/kaspersky_0day/
APK
P.S.=> APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ has no bugs, is lighter on resources, has less moving parts complexity for exploit + makes you faster & is native to the IP stack (no filtering drivers) vs. "Bolt on 'MoAr'" stupidity... apk
-
Re:So how do you open ZIP files these days?
They have not fixed it, and the developer says he won't.
I guess you didn't read all the way to the end of TFA, where it states that both vulnerabilities were addressed in v16.00. Also, see Igor Pavlov's reply to a post on this exact question in the v16.00 announcement, where he explicitly states that both bugs have been fixed in v16.00. So your second assertion, "the developer says he won't", is false. To be fair, I haven't seen confirmation of the fix by independent security researchers, so if you have support for your first assertion, "They have not fixed it", I'm sure we'd all be interested in seeing it.
He gave some excuse about not being able to tell what the target of the drop point was until the extraction was done. I believe it was bullshit in 2010, and it's almost certainly bullshit now.
https://sourceforge.net/p/seve...
Your link is to some problem with how Windows Explorer reports drag-and-drop targets to the source application. From the Talos analysis, the two vulnerabilities in question appear to be unrelated to Windows Explorer drag-and-drop. Did you link to the wrong old post?
I haven't manually coded a Windows Explorer drag-and-drop in nearly a decade, so I don't remember enough about it to tell if Igor's response in your link qualifies as "bullshit". Normally, I would go refresh my knowledge of the relevant COM interfaces, but your post already appears to be off base, so I'd say the onus is on you to cite the MSDN documentation supporting your accusation of "bullshit".
- T
-
MOD PARENT UP you imbecile
As usual, I'm right! Hosts stop this malvertiser working blocking its C&C domains of wizzuniquify.com, wizztraksys.com, auhazard.com .
Proof's RIGHT here http://blog.talosintel.com/201... from the security research itself on it...
APK
P.S.=> You know something? You moron AC trolls are REALLY "reaching" now, aren't you?? Telling utter lies really "takes the cake"... what a pitiful pack of idiots! apk
-
Re:Missing from the summary
The blog post gives some information on this, including the "no EULA" bit as well.
-
Re:Missing from the summary
The link to TALOS is in the article. http://blog.talosintel.com/201... Go read it. Course forgot this is Slashdot, most do not read beyond the summary........
-
Re: When you let anyone run code on your machine