Weekend Tech Reading - tech
(hx) 01:56 AM CET - Dec,11 2003
- Post a comment
- Security Experts Warn of New Way to Attack Windows - Security
experts have found a new way to exploit a critical vulnerability in Windows
that evades a workaround and enables the attacker to compromise a number of
machines at one time. Microsoft Corp. issued a patch for the vulnerability in
November, but the security bulletin also listed several workarounds for the
flaw,
including disabling the Workstation Service and using a firewall to block
specific UDP and TCP ports. But penetration testers at Core Security
Technologies, a Boston-based security company, discovered a new attack vector
that uses a different UDP port. The attack takes advantage of several
characteristics of the UDP protocol. Unlike TCP, UDP is "connectionless,"
meaning that there is no TCP-style handshake, and you need not establish a
connection with a remote machine in order to send a UDP packet. Also, because
the Internet's DNS service uses the protocol, UDP packets usually have no
trouble traversing firewalls. If someone hasn't applied
the patch but blocked the ports as they should have, they're still
vulnerable," said Max Caceres, a product manager at Core Impact.
- IE bug lets fake sites look real -
A
vulnerability has been identified in Internet Explorer, which can be
exploited by malicious people to display a fake URL in the address bar. The
vulnerability is caused due to an input validation error, which can be
exploited by including the "%01" URL encoded representation after the username
and right before the "@" character in an URL. Successful exploitation allows a
malicious person to display an arbitrary FQDN (Fully Qualified Domain Name) in
the address bar, which is different from the actual location of the page. This
can be exploited to trick users into divulging sensitive information or
download and execute malware on their systems, because they trust the faked
domain in the address bar.
- Group wants P2P files to pay - The Content Reference Forum is
hoping
to create a kind of intelligent file that can be distributed through
file-sharing networks like Kazaa, Web pages, e-mail or almost anywhere else
online. Instead of containing a song or movie itself, the file would set up a
process that automatically delivers files in the right format and potentially
triggers an automatic payment system that could be changed moment to moment by
the content distributor.
- Sun sets Solaris x86 free - Starting this week, Sun has
removed the $20 price-tag for the OS - versions 8 and 9, replacing it with
a red FREE sign instead. A fair number of Sun users have kept a close eye on
this saga and will remember that it was way back in Jan. of 2002 when Sun
first said it would halt development on Solaris x86 only to buckle and bring
the OS back at cost.
- P4 chipset prices dip below US$10, sources say - Seeking the number
two position in the Pentium 4 (P4) chipset market, VIA Technologies is said to
be
quoting some of its P4 chipsets to first-tier motherboard makers at below
US$10, according to local industry sources.
- Sony DRU-530A 8x DVD Burner review - ExtremeTech has posted
a review on the Sony DRU-530A 8x DVD Burner.
- Windows Longhorn Preview - Windows-Help.NET has published
a review on the PDC build of Windows Longhorn.
- BattleStar Galactica Trailers - Scifi.com has posted
the
first trailers for the new BattleStar Galactica miniseries the remake of
1980's hit show.
- Visual Boy Advance v1.7 beta 4 -
Visual Boy Advance (download)
is a GBA and GB emulator that runs with Windows systems. According to the
offical website, this will be the last 1.7 beta and contains numerous fixes to
the GUI problems since the GUI migration. It also reverts some of the timing
back to 1.6a timing due to problems caused by the new timing. Also, several
Gameboy bugs are now fixed.
- DVD Backup Guide - Techimo have published their new two part DVD
Backup Guide (part
#1 ~
part #2).
- UltraEdit-32 v10.10b (SHW) -
UltraEdit-32 is a Windows text editor with support for unlimited file
sizes, a spell checker, drag and drop, full HEX editing capabilities, user
configurable syntax highlighting (pre-configured for HTML, Java, C/C++, VB,
Perl), column editing, sorting, and a configurable toolbar
- 7-Zip 3.12 -
7-Zip is a file archiver with a high compression ratio. The program
supports 7z, ZIP, RAR, CAB, GZIP, BZIP2, and TAR formats. Compression ratio in
the new 7z format is 30-50% better than ratio in ZIP format. It also
compresses to ZIP 2-10% better than PKZip and WinZip. It has an additional
powerful command line version and FAR Manager support.
- Oficial ForceWare Drivers 53.04 for Win9x/ME - For those who
haven't noticed, NVIDIA has released also new
ForceWare
Drivers v53.04 for Win9x/WinME.
|
Updated:03:04 PM CEST Jun,20
(new)
