Lockdown.co.uk - The Home Computer Security Centre

LockDown is the source for security information and resources for the home computer user.




Web www.lockdown.co.uk   

Vista Can Be Taken Down by an Animated Cursor

Filed under: March 30, 2007

From BetaNews:

“In what could be the most embarrassing exploit to impact Windows Vista since its commercial launch in January, security engineers at McAfee’s Avert Labs confirmed today – and posted the video to prove – that the operating system can be caused to enter an interminable crash-restart-crash loop, by means of a buffer overflow triggered by nothing more than a malformed animated cursor file.”

Read the full article at BetaNews

IE7: Are we right back where we started from?

Filed under: October 27, 2006

Michael Mullins writes at TechRebublic:

“…But a mere 24 hours later, the first security flaw had already surfaced—sort of. Secunia Advisory 22477 classified it as an IE7 vulnerability, but Microsoft holds that the problem—a flaw in Outlook Express that can purportedly affect many browsers, not just IE7—has been exaggerated.”

Read the full article at TechRepublic

Quickest Patch Ever

Filed under: September 08, 2006

Bruce Schneier has an excellent article over at Wired News about the way Microsoft rushed to path a hole in it’s software… and it’s not a security hole that the average person would worry about…

“But to Microsoft, this vulnerability is a big deal. It affects the company’s relationship with major record labels. It affects the company’s product offerings. It affects the company’s bottom line. Fixing this “vulnerability” is in the company’s best interest; never mind the customer.”

Read the full article at Wired News

Microsoft warns of exploit code for dial-up bug

Filed under: June 27, 2006

From Network World

The exploit code targets a vulnerability in the Remote Access Connection Manager (RASMAN) service, used by Windows to create network connections over the telephone. The bug, which was patched June 13, is rated critical by Microsoft, the most severe rating available.

Read the full article at Network World

Another IE Spoofing Flaw

Filed under: April 07, 2006

Secunia has an advisory about a new security problem with microsofts Internet Explorer browser.

Hai Nam Luke has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks.

The vulnerability is caused due to a race condition in the loading of web content and Macromedia Flash Format files (“.swf”) in browser windows. This can be exploited to spoof the address bar in a browser window showing web content from a malicious web site.

Read the full advisory here, you can also check if your browser is vulnerable here.

Test shows how vulnerable unpatched Windows is

Filed under: March 10, 2006

A test has revealed that a Linux server is far less likely to be compromised. In fact, unpatched Red Hat and SuSE servers were not breached at all during a six-week trial, while the equivalent Windows systems were compromised within hours.

Read the full article at Techworld

Apple Safari Browser Automatically Executes Shell Scripts

Filed under: February 21, 2006

Heise Online reports

Shortly after reports of the first virus for Mac OS X, a new security flaw has surfaced. The culprit is the option “Open ‘safe’ files after downloading” in Apple’s Safari web browser. This feature is activated by default.

Read the full article (in English) at Heise Online

New Batch of WMF Flaws Flagged

Filed under: January 10, 2006

Just days after the release of Microsoft’s out-of-cycle WMF patch, researchers publish details—and exploit code—for two new denial-of-service vulnerabilities. Redmond is investigating.

Read the full article at eWeek.com

Two new windows bugs found

Techworld reports: Two new flaws have been found in Windows, just days after Microsoft rushed out a patch covering the same part of the operating system.

Another 10 holes in Microsoft software

Microsoft have released another of their monthly monster patches, this time they’re patching quite a few remote code execution vulnerabilties which are kind of scary.

See this knowledge base article for more info and details of where to get the patches.