CompuWorld » bugs found

Your Adobe Flash Player Has A Security Vulnerability

Salman — Tue, 15 Mar 2011 13:41:00 +0000

Adobe has a vulnerability (again) in Flash Player that they say will not be fixed before next week. As per the security advisory Adobe Flash Player has a security vulnerability for all platforms which actually means the entire Internet population.

Affected Software Versions

Adobe Flash Player 10.2.152.33 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
Adobe Flash Player 10.2.154.18 and earlier for Chrome users
Adobe Flash Player 10.1.106.16 and earlier for Android
The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.

Adobe has confirmed that the vulnerability is being actively exploited in the wild with the help of a .swf file embed within Excel spreadsheet.

Description

This vulnerability (CVE-2011-0609) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment. Adobe is not currently aware of attacks targeting Adobe Reader and Acrobat. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing.

Users can follow the Adobe PSIRT blog if they are keen on updating the vulnerability as soon as the fix is available.

Tags: adobe bugs

Google Pulls Down Android Malware, Will ‘Remote Kill’ Malicious Apps That Were Already Downloaded

Salman — Sun, 06 Mar 2011 08:24:44 +0000

The very openness of Android is what makes it a double edged sword. Recently news popped in regarding malicious apps being present in Android Market and in no time Google removed all the infected apps from the Android Marketplace. Unfortunately, around 260,000 devices had already download the infected apps which actually is a huge number. Understanding the seriousness of the situation Google has decided to remote kill the apps without any user intervention. Though Google will soon clean up all the devices that are using the infected apps yet they won’t be able to fix the security hole which caused this attack as it is system issue which needs to be fixed at carrier level. This surely will take a lot of time.

Although Google says that the malware can download device specific information only but experts doubt that the malware has the ability to download literally any code from the device. This makes the malware highly dangerous. All infected users will be sent emails regarding the same. Google comments that the security flaw has been fixed on higher versions of Android and the vulnerability exists on Android 2.2.1 and lower. As of now many Android based devices use older versions itself resulting into the huge number of devices getting affected.

Below is the email sent to Android users:

You are receiving this message to inform you of a critical issue affecting your Android Market account.

Hello,

We recently discovered applications on Android Market that were designed to harm devices. These malicious applications (“malware”) have been removed from Android Market, and the corresponding developer accounts have been closed.

According to our records, you have downloaded one or more of these applications. This malware was designed to allow an unauthorized third-party to access your device without your knowledge. As far as we can determine, the only information obtained was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device).

However, this malware could leave your device and personal information at risk, so we are pushing an Android Market security update to your device to remove this malware. Over the next few hours, you will receive a notification on your device that says “Android Market Security Tool March 2011” has been installed. You are not required to take any action from there, the update will automatically run. You may also receive notification(s) on your device that an application has been removed. Within 24 hours of receiving the update, you will receive a second email confirming its success.

To ensure this update is run quickly, please make sure that your device is turned on and has a strong network connection.

For more details, please visit the Android Market Help Center.

Regards,
The Android Market Team

Tags: android bugs

Chrome says ‘google.com’ is fake!

Salman — Fri, 13 Aug 2010 13:36:33 +0000

Though Google Chrome is the best browser that I have ever used still I will have to commit that it does goof up things at times and the outcome is so weird that anyone would get confused. Some time back my friend tried to open the Google Search home page and as he is located in India so google.co.in is saved in his browsing history which should have opened up by default. Somehow he was sent to Google’s global home page google.com and chrome could not understand this redirection. The end result was the warning page shown below:

The warning page said:

You attempted to reach google.co.in but instead you actually reached a server identifying itself as www.google.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit (and potentially harmful) version of google.co.in. You should not proceed.

Well, it is weird to see that Google Chrome considers www.google.com as harmful. Really weird!

Tags: chrome bugs

Website Not Opening In Google Chrome

Salman — Sun, 14 Mar 2010 13:06:47 +0000

Is the above image quiet familiar for you? Are you amongst those users who regularly use Google Chrome due to the multiple features that it carries yet are frustrated due to its irresponsible behavior with some websites? And, does the below line seems familiar?

Oops! This link appears to be broken in Google Chrome

One way out is referring to the Support Page created by Google. It will ask you to refresh your cache, scan your system for silly malwares, and delete unwanted cookies. But, I am pretty sure that all this just won’t solve your problem. Once you are done experimenting with different Google suggested methods then I will request you to try playing with the internal Google Chrome settings.

See the checkbox inside the bright red oval in the image above? Well, that is the key to unlock your lock. Go to (see image below) Tools > Options (which is Preferences on Mac) > Under The Hood Tab and uncheck the checkbox next to “Use DNS pre-fetching to improve page load performance.” This will help Google Chrome load some of the websites that usually aren’t loaded and will also increase the website load time by very few microseconds (which you won’t notice).

Happy Chroming!!

Tags: general chrome, google bugs, tips tricks and hacks

WARNING: Alexa Delivering A Trojan Program To Your Computer

Salman — Sun, 31 May 2009 16:06:41 +0000

Well, this looks to be unusual but true. My licenced Kaspersky Internet Security 2009 (updated database) displays a securiy warning whenever I open Alexa to check rank of any website. Just check the screenshot below.

The object which seems to contain the trojan is heroestelevision.com/favicon.ico. Name of the trojan was “Trojan-Downloader.JS.Iframe.bag”. Kaspersky was quick to deny the loading of this object but everybody might now have Kaspersky with them. Watch out guys!

Tags: alexa bugs

FireFox 3.0.3 Released 3 Days After 3.0.2

Salman — Sat, 27 Sep 2008 10:17:01 +0000

Three days after the release of FireFox 3.0.2 a new update has been launched. FireFox 3.0.3 is all set to be used. Somehow, in previous release users couldn’t retrieve saved passwords or save new passwords. Although I was also using the same release but I didn’t face any problems.

I am sure some out there might have faced this problem of not able to recover saved passwords and hence for them FireFox 3.0.3 becomes a must download. Mostly, your FireFox will update itself on its own but if it dosen’t then I guess you should do it manually so that your passwords are remembered.

Features of 3.0.3 which are common with 3.0.2 are:

Fixed several theme issues that affected right-to-left locales.
Fixed several stability issues.
Fixed a number of minor issues with the layout of certain web pages.
Official releases for Sinhala and Slovene are now available.
Beta releases for Bengali, Galician, Hindi, Icelandic, Kannada, Marathi, Telugu, and Thai are available for testing.
Add new Extended Validation (EV) roots to Firefox 3.0.2.
Fixed several hangs and crashes that occurred when using screen readers.

Tags: firefox bugs, firefox news

Google Reader Count Not Showing Up In My RSS Feeds (Again!)

Salman — Fri, 15 Aug 2008 11:20:56 +0000

This has happened before (here and here) since Google took over Feedburner and still Google didn’t learn anything of this? Just check the images below.

Lets see if this comes back up tomorrow.

Tags: feedburner glitch, google

Google’s Feedburner Messes It Up Again!

Salman — Sun, 06 Apr 2008 13:40:23 +0000

This isn’t the first time when Feedburner has provided wrong stats for my feeds. Last time many big bloggers were hit when Google acquired feedburner and the RSS feed stats for most of them changed to zero!

Later on again the problem came up when many bloggers complained that their Google Reader stats were not being counted and this resulted in their feed stats falling down but luckily I was on the safer side in that second glitch.

Now it looks like Google had remembered that they had spared me the last time and so this time my feed burner stats have gone down by over a 100 just because my email subscribers aren’t being counted. Irritating and true!

Any of you face the same problem or is it just me?

Tags: feedburner glitch, google bugs

Microsoft Internet Explorer Multiple Vulnerabilities

Salman — Wed, 20 Feb 2008 11:00:33 +0000

Secunia has released a “highly critical” vulnerability for various versions of Internet Explorer.

Versions Affected?

Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 6.x
Microsoft Internet Explorer 7.x

How can this vulnerability be exploited?

An error in the way HTML with certain layout combinations is interpreted can be exploited to corrupt memory via a specially crafted web page.
An error in the way the “by” property of an “animateMotion” SVG element is handled can be exploited to corrupt memory via a specially crafted web page assigning other DOM elements to the property.
An error in the argument validation when processing images can be exploited to corrupt memory via a specially crafted web page.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

Solution

Microsoft has released patches to fight the vulnerability.

ELSE USE FIREFOX and surf the internet without any problems.

Tags: IE bugs

30 Days & Microsoft Fails To Deliver A Security Update

Salman — Tue, 19 Feb 2008 11:00:38 +0000

It’s been almost a month when Microsoft announced a security breach in various versions of Microsoft Excel. They wrote about some details of the vulnerability but didn’t explain clearly about the solutions. Updates were promised after some research was over and it has now been more then a month since the research process is on. Someone knows when will they be releasing the update?

Software Affected

Microsoft Office Excel 2003 Service Pack 2.
Microsoft Office Excel Viewer 2003.
Microsoft Office Excel 2002.
Microsoft Office Excel 2000.
Microsoft Excel 2004 for Mac.

Software NOT Affected

Microsoft Office Excel 2007.
Microsoft Excel 2008 for Mac.
Microsoft Office Excel 2003 Service Pack 3.

How it works

The vulnerability can be exploited if an attacker uses a specially crafted Excel file with malformed header information. Successful exploitation allows execution of arbitrary code on victims computer.

Solution

Not yet released! Although as a precaution whenever you get some Excel file as an attachment do confirm about the attachment with the sender before opening the file. And do keep a check on this page to see when a patch is released.

More: Read about some more highly critical bugs found in our archives.

Tags: ms office bugs