Be aware of websites that uses "iframes". "Iframes" are little HTML frames within a page that actually are another page embedded within the page. The web attacker kit which is installed on the web site's server figures out what browser you're using and then targets a specific exploit to that version of the browser. So no matter how up-to-date your machine is with the latest patches you could still get hit.
Running a firewall will not protect you because the VML (vector markup language) exploit looks like a normal legitimate internet request. The firewall will think the browser is downloading something new.
Sunbelt software was first to find the exploit, and they looked at the code that's implementing this buffer overflow. There's the actual exploit code, and then theirs the actual VGX DLL that has the bug in it.
It's not known how many websites actually use this kit. Eric Sites the VP of Research & Development of Sunbelt "says over a thousand sites". iDefense thinks the exploit been out there for about a week. Mr. Sites also says it was downloading 50 pieces of malware and tons of adware and keyloggers.
Microsoft hasn't released a patch for it as for now. The next patch cycle is in October. Disabling javascript won't help. But you can unregister the vgx.dll, the DLL that has the bug in it that these guys are using to exploit your system. Thats until a patch is released. The other solution is using a different browser like firefox or opera.
listen to Security Now with Leo Laporte and Steve Gibson for more info
Friday, September 29, 2006
Tuesday, September 19, 2006
Amazon.com lists Vista prices and ship date
You can preorder Microsoft Vista online; software to ship on January 30, 2007 according to retailer. Amazon.com lists prices for the three consumer versions of Windows Vista - home basic, premium and ultimate.
link to pcworld article click here
link to pcworld article click here
Subscribe to:
Posts (Atom)