Well...what can I said about the laptop batteries made by Sony explodes..it's kinda of sad to hear this incident. It shouldn't happen in the first place. Such a big and well-known electronic manufacturer should have known this problem. Dell and Apple, i guess this inceident must be a big 'hit' on them...I remembered my friends was initially wanted to buy Dell laptop because it is affordable and reliable and Apple, expensive yet design and quality is attractive and undeniable. Due to this incident, my friends told me that thanks gosh they didn't buy it...well, by right the 3 big company Sony, Dell and Apple should be more precaution about their products before releasing them because reputation creates confidence and security in the public's heart.
The codes posed by the hacker will not affect the IE Version 7. The 'Oday' meaning an exploit for a previously undisclosed vulnerability. According to HD Moore, the head of the Metasploit project, he wrote an automated ActiveX testing tool called AxMan that uncovered a handful of IE bugs, including the one exploited by on xsec.org.
The trouble affects users running IE 6 with Service Pack 1 on the Windows XP operating system running Service Pack 1 or the Windows 2000 operating system with Service Pack 4.
The problem occurs when visiting a Web site that uses a Web coding standard, HTTP 1.1, and compression according to Micorsoft.
The details are shown below:
*Vulnerability Identifier: CVE-2006-4777
*Risk: Critical
*Affected Software:
1)Microsoft Internet Explorer 6 (Microsoft Windows XP Service
Pack 2)
2)Microsoft Internet Explorer 6 Service Pack 1 (Microsoft Windows
2000 Service Pack 4)
*Description:
The attack on the IE is due to because there has been memory corruption error occured when processing a specially crafted HTML file containing an out-of-bounds value passed to the KeyFrame() method of a DirectAnimation.PathControl ActiveX object (daxctle.ocx). It can be exploited by a remote malicious user to either crash a vulnerable browser through denial of service (DoS) attacks or take complete control of an affected system through arbitrary code execution.
This attack on IE vulnerability is due to ONE thing only which is the ActiveX again....Previously the big issues was the IE Version 6 that was suddenly crash. So, now the worst nightmare comes to haunt us back..
Whoah!!!..this is way huge gap!...Hacker does not congregate spammer and spammer does not congregate hacker..Spammer uses the vulnerability of the MTA which does not recognize the sender even a fake ONES. The MTA only authenticate the recipients...So, which one poser more threat to DIGITAL SYSTEM?..HACKER OR SPAMMER???....
Hackers attack on the any digital system goes through various stages. Below list defines the outline of a generic hacker attack:
1)Inventory of the targets. Hackers identify the possible attack targets inside a network system.
2)Assess the vulnerability. Once they identify the targets, hackers will attempt to determine if the company has any vulnerability.
3)Estimate exploits against the vulnerability. Finding vulnerability does not mean a hacker can execute an attack. The person must create an exploit that can take advantage of the vulnerability.
4)Establish who can attack the target. The hacker determines the company players that can either use another person or be used themselves to execute the attack. Execute attack. A hacker breaks into the system.
5)Cover electronic tracks. Some criminals erase all traces of their presence in order to delay forensics or make forensics more complex.
Slashdot Mirror
Those who had bought the Dell Laptop,check out below info:
There are 4 models of affected Dell laptops: Dell Latitude(TM), Inspiron(TM), XPS(TM) and Dell Precision Mobile Workstation(TM) notebook computers.
These are potentially affected batteries were sold with the following models of Dell notebook computers or separately as secondary batteries:
Latitude: D410, D500, D505, D510, D520, D600, D610, D620, D800, D810
Inspiron: 500M, 510M, 600M, 700M, 710M, 6000, 6400, 8500, 8600, 9100, 9200, 9300, 9400, E1505, E1705
Precision: M20, M60, M70, M90
XPS: XPS, XPS Gen2, XPS M170, XPS M1710
Well...what can I said about the laptop batteries made by Sony explodes..it's kinda of sad to hear this incident. It shouldn't happen in the first place. Such a big and well-known electronic manufacturer should have known this problem. Dell and Apple, i guess this inceident must be a big 'hit' on them...I remembered my friends was initially wanted to buy Dell laptop because it is affordable and reliable and Apple, expensive yet design and quality is attractive and undeniable. Due to this incident, my friends told me that thanks gosh they didn't buy it...well, by right the 3 big company Sony, Dell and Apple should be more precaution about their products before releasing them because reputation creates confidence and security in the public's heart.
The codes posed by the hacker will not affect the IE Version 7. The 'Oday' meaning an exploit for a previously undisclosed vulnerability. According to HD Moore, the head of the Metasploit project, he wrote an automated ActiveX testing tool called AxMan that uncovered a handful of IE bugs, including the one exploited by on xsec.org. The trouble affects users running IE 6 with Service Pack 1 on the Windows XP operating system running Service Pack 1 or the Windows 2000 operating system with Service Pack 4. The problem occurs when visiting a Web site that uses a Web coding standard, HTTP 1.1, and compression according to Micorsoft. The details are shown below: *Vulnerability Identifier: CVE-2006-4777 *Risk: Critical *Affected Software: 1)Microsoft Internet Explorer 6 (Microsoft Windows XP Service Pack 2) 2)Microsoft Internet Explorer 6 Service Pack 1 (Microsoft Windows 2000 Service Pack 4) *Description: The attack on the IE is due to because there has been memory corruption error occured when processing a specially crafted HTML file containing an out-of-bounds value passed to the KeyFrame() method of a DirectAnimation.PathControl ActiveX object (daxctle.ocx). It can be exploited by a remote malicious user to either crash a vulnerable browser through denial of service (DoS) attacks or take complete control of an affected system through arbitrary code execution. This attack on IE vulnerability is due to ONE thing only which is the ActiveX again....Previously the big issues was the IE Version 6 that was suddenly crash. So, now the worst nightmare comes to haunt us back..
Whoah!!!..this is way huge gap!...Hacker does not congregate spammer and spammer does not congregate hacker..Spammer uses the vulnerability of the MTA which does not recognize the sender even a fake ONES. The MTA only authenticate the recipients...So, which one poser more threat to DIGITAL SYSTEM?..HACKER OR SPAMMER???....
Hackers attack on the any digital system goes through various stages. Below list defines the outline of a generic hacker attack: 1)Inventory of the targets. Hackers identify the possible attack targets inside a network system. 2)Assess the vulnerability. Once they identify the targets, hackers will attempt to determine if the company has any vulnerability. 3)Estimate exploits against the vulnerability. Finding vulnerability does not mean a hacker can execute an attack. The person must create an exploit that can take advantage of the vulnerability. 4)Establish who can attack the target. The hacker determines the company players that can either use another person or be used themselves to execute the attack. Execute attack. A hacker breaks into the system. 5)Cover electronic tracks. Some criminals erase all traces of their presence in order to delay forensics or make forensics more complex.