Tag: exploit

W32.Flamer: Enormous Data Collection | Symantec Connect Community

Alberto Scotti

Articolo originale qui: W32.Flamer: Enormous Data Collection | Symantec Connect Community.

Una interessante analisi dei lab Symantec riguardo quali genere di informazioni il virus / worm “Flame” riesca a recuperare e rubare da un computer. E’ importante tenere presente che la stragrande maggioranza dei malware eseguono questo tipo di data harvesting dai computer infetti.
Guardate un po’ cosa rileva:

1_original
2_original
3_original
4_original

 

Adobe’s fix for Photoshop CS5 security issue? Buy Photoshop CS6 (via Naked Security blog)

Alberto Scotti

via Adobe’s fix for Photoshop CS5 security issue? Buy Photoshop CS6

A vulnerability exists in version CS5 and earlier that could be exploited by a malicious attacker who tricks you into opening a boobytrapped .TIF file in order to take control of your computer.
The only fix that Adobe is making available is for users to upgrade to the latest version of Adobe Photoshop CS6. And that’s going to cost users $199 or more. (If you aren’t eligible for the upgrade, it will cost $600).
Adobe has no plans to publish a free security fix because Photoshop “has historically not been a target for attackers” the risk level doesn’t make it worthwhile to produce a fix that users don’t have to pay for.

 adobe-advice
Non ho parole per descrivere l’idiozia di Adobe in merito alla sicurezza informatica dei loro prodotti, trovo che sia un comportamento veramente scandaloso.
Chissà se pensavano che anche Flash Player e Acrobat Reader (due prodotti notoriamente oggetto di exploit causa innumerevoli bug) have historically not been a target for attacker.
Aggiornamento del 16/05/2012 : Adobe, dopo la pioggia di critiche su questa scellerata decisione, ha fatto sapere che rilascerà una patch per chiudere la vulnetabilità gratuitamente.

Skype: user IP address disclosure

Alberto Scotti

The guys over at skype-open-source found this interesting “howto” on pastebin regarding how to obtain the IP address (both public and internal IPs) of every Skype user: it even works if the “victim” is not on the “attacker” contact list, and vice-versa.
Here is the relevant info:

  1. Downloading this patched version of Skype 5.5: http://skype-open-source.blogspot.com/2012/03/skype55-deobfuscated-released.html
  2. Turn on debug-log file creation via adding a few registry keys: https://github.com/skypeopensource/skypeopensource/wiki/skype-3.x-4.x-5.x-enable-logging
  3. Make "add a Skype contact" action, but not send add request, just click on user, to view his vcard(general info about user). This will be enough.
  4. Take look in the log of the desired skypename.
  5. The record will be like this for real user ip: -r195.100.213.25:31101
  6. And like this for user internal network card ip: -l172.10.5.17

The original post is here Skype user IP-address disclosure – Pastebin.com.

Mac & Windows Targeted Attacks: East of Java « Mac Virus

Alberto Scotti

The attacks are launched by a web-hosted malicious Java applet exploiting CVE-2011-3544 (an elderly, already-patched vulnerability in Java) to download and install a persistent (i.e. remaining active after reboot) backdoor Trojan with botnet-like C&C (command-and-control) capability, connecting to the server dns.assyra.com (100.42.217.73).

via Mac & Windows Targeted Attacks: East of Java « Mac Virus.

Ricordatevi di aggiornare Java Runtime Environment, se lo usate.