- Worst of the lot: PCConnection and PCMall
- 10 ways the Chinese Internet is different
- Hacker writes rootkit for Cisco's routers
- Cisco loses $2 million order to Nortel
- Enterasys, Extreme hooking up?
BitTorrent blocking; SQL injection attack. Listen now!
Hacker writes Cisco rootkit; Microsoft launches online telescope. Listen now!
Learn how network-wide routing and CoS traffic visibility can help ensure your CoS traffic and converged IP service delivery
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
IT professionals like the idea of consolidating hundreds of servers into only a few, but it takes a lot more to cost effectively consolidate and virtualize servers. Watch this six-chapter webcast, "Reduce Complexity and Cost - Windows Server Consolidation with Virtualization" to learn how to effectively consolidate your Windows environment. One of the themes explored includes the characteristics of an orchestrated data center, which includes: Resource management, dynamic provisioning, job management, policy management, accounting and auditing and real-time availability. Learn more about orchestration and much more today. Register below to learn more and be entered to win an Archos 605 Portable Media Player.
f**k.me, bang.me, suck.me, etc. etc...- Anonymous
A security think tank says it has found a vulnerability in Apple's QuickTime multimedia player that can be exploited remotely to compromise Windows Vista PCs upgraded to Service Pack 1, as well as XP SP2.
From the scant details published on the GNUCitizen's blog, the exploit involves a maliciously crafted media file. When a user opens the file, which can be hosted on a Web site, the vulnerability in QuickTime allows the hacker to take complete control of the machine, according to Petko D. Petkov, known to the hacking community as "pdp." (Compare Patch and Vulnerability Management products)
Petkov doesn't think users are in danger of being attacked as of yet.
"I highly doubt that anyone knows how to exploit this vulnerability," Petkov said. "I haven't shared the details with anyone, and the actual vulnerability is different enough to be rather challenging for even some of the most gifted hackers out there."
In a video with a thumping techno beat, Petkov shows a QuickTime file sitting on the desktop of a PC running XP SP2. If a user opens the malicious file, Petkov then has control of the PC, demonstrated by the way the applications Paint, Calculator and Notepad are seen launching, apparently without further user intervention. The demonstration is repeated on a PC running Windows Vista inside a virtual machine.
Attacking vulnerabilities in applications is becoming increasingly favored by hackers, as finding problems in operating systems becomes increasingly harder, said Alan Paller, director of research for the SANS Institute, last week at the Infosec conference in London.
Petkov said Monday that he has notified Apple of the problem.
The company did not respond to a request for comment.
QuickTime has proved to be one of the more porous applications. Apple, which doesn't have a regular patching schedule like Microsoft, patched the application for at least the sixth time earlier this month, fixing 11 vulnerabilities.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
