Перейти к содержанию
View in the app

A better way to browse. Learn more.

IT2B - Технологии разведки для бизнеса

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Обновления клиентских программ и безопасность

Featured Replies

Опубликовано
  • Автор

рекомендуется отключить в Firefox поддержку IDN с помощью "about:config"

 

 

----------------------------------------------------------------------

 

TITLE:

Mozilla Firefox IDN Spoofing Security Issue

 

SECUNIA ADVISORY ID:

SA34096

 

VERIFY ADVISORY:

http://secunia.com/advisories/34096/

 

DESCRIPTION:

A security issue has been discovered in Mozilla Firefox, which can be exploited by a malicious people to conduct spoofing attacks.

 

The problem is caused due to the handling of IDN (International Domain Name) support, which can be exploited to spoof a URL via e.g.

a ".cn" domain containing certain international characters that resemble other commonly used characters (e.g. "/") in the sub-domain part.

 

This is related to:

SA14163

 

The security issue is confirmed in version 3.0.6. Other versions may also be affected.

 

SOLUTION:

Disable IDN support in "about:config".

 

PROVIDED AND/OR DISCOVERED BY:

Additional vector provided by Moxie Marlinspike.

 

ORIGINAL ADVISORY:

https://www.blackhat.com/presentations/bh-d...feating-SSL.pdf

 

OTHER REFERENCES:

SA14163:

http://secunia.com/advisories/14163/

 

----------------------------------------------------------------------

  • Ответов 79
  • Просмотры 24,6т
  • Создана
  • Последний ответ

Топ авторов темы

Опубликовано
  • Автор
----------------------------------------------------------------------

 

TITLE:

Opera Multiple Vulnerabilities

 

SECUNIA ADVISORY ID:

SA34135

 

VERIFY ADVISORY:

http://secunia.com/advisories/34135/

 

DESCRIPTION:

Some vulnerabilities have been reported in Opera, where one has an unknown impact and others can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system.

 

1) An unspecified error in the processing of JPEG images can be exploited to trigger a memory corruption.

 

Successful exploitation allows execution of arbitrary code.

 

2) An error can be exploited to execute arbitrary script code in a different domain via unspecified plugins.

 

3) An unspecified error has a "moderately severe" impact. No further information is available.

 

SOLUTION:

Update to version 9.64.

http://www.opera.com/browser/download/

 

PROVIDED AND/OR DISCOVERED BY:

1) The vendor credits Tavis Ormandy of the Google Security Team.

2) The vendor credits Adam Barth.

3) Reported by the vendor.

 

ORIGINAL ADVISORY:

http://www.opera.com/docs/changelogs/windows/964/

http://www.opera.com/support/search/view/926/

 

----------------------------------------------------------------------

Опубликовано
  • Автор

время обновить Firefox до 3.0.7

 

----------------------------------------------------------------------

 

TITLE:

Mozilla Firefox Multiple Vulnerabilities

 

SECUNIA ADVISORY ID:

SA34145

 

VERIFY ADVISORY:

http://secunia.com/advisories/34145/

 

DESCRIPTION:

Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, disclose sensitive information, or compromise a user's system.

 

1) Multiple errors in the layout and JavaScript engines can be exploited to corrupt memory and potentially execute arbitrary code.

 

2) An error in the garbage collection process when handling a set of cloned XUL DOM elements linked as a parent and child can be exploited to access freed memory and execute arbitrary code.

 

3) An error can be exploited via the "nsIRDFService" interface and a cross-domain redirect to bypass the same-origin policy and read XML data from another domain.

 

4) An error in libpng when handling out-of-memory conditions can be exploited to potentially execute arbitrary code.

 

For more information:

SA33970

 

5) An error when handling invisible control characters included in the location bar can be exploited to spoof a trusted URL.

 

The vulnerabilities are reported in versions prior to 3.0.7.

 

SOLUTION:

Update to version 3.0.7.

 

PROVIDED AND/OR DISCOVERED BY:

The vendor credits:

1) Martijn Wargers, Jesse Ruderman, Josh Soref, Gary Kwong, and Timothee Groleau

2) an anonymous researcher, reported via ZDI

3) Georgi Guninski

5) Masahiro Yamada

 

ORIGINAL ADVISORY:

http://www.mozilla.org/security/announce/2...fsa2009-07.html

http://www.mozilla.org/security/announce/2...fsa2009-08.html

http://www.mozilla.org/security/announce/2...fsa2009-09.html

http://www.mozilla.org/security/announce/2...fsa2009-10.html

http://www.mozilla.org/security/announce/2...fsa2009-11.html

 

OTHER REFERENCES:

SA33970:

http://secunia.com/advisories/33970/

 

----------------------------------------------------------------------

Опубликовано
  • Автор

а теперь время обновить Windows

 

----------------------------------------------------------------------

 

TITLE:

Microsoft Windows SChannel Authentication Bypass

 

SECUNIA ADVISORY ID:

SA34215

 

VERIFY ADVISORY:

http://secunia.com/advisories/34215/

 

DESCRIPTION:

A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to bypass certain security mechanisms.

 

The vulnerability is caused due to insufficient validation of certain TLS (Transport Layer Security) handshake messages by the SChannel (Secure Channel) authentication component during certificate-based authentication. This can be exploited to bypass authentication using the public component of a user▓s authentication credential.

 

SOLUTION:

Apply patches.

 

Windows 2000 SP4:

http://www.microsoft.com/downloads/details...46-72fe7385c07c

 

Windows XP SP2:

http://www.microsoft.com/downloads/details...0a-70d9c34488f3

 

Windows XP SP3:

http://www.microsoft.com/downloads/details...0a-70d9c34488f3

 

Windows XP Professional x64 Edition (optionally with SP2):

http://www.microsoft.com/downloads/details...21-8a2c1a229472

 

Windows Server 2003 SP1/SP2:

http://www.microsoft.com/downloads/details...d8-8f00d91ad6a2

 

Windows Server 2003 x64 Edition (optionally with SP2):

http://www.microsoft.com/downloads/details...d2-32b681faf908

 

Windows Server 2003 with SP1/SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details...a3-fb81d0bfd7b3

 

Windows Vista (optionally with SP1):

http://www.microsoft.com/downloads/details...58-7fa63508102b

 

Windows Vista x64 Edition (optionally with SP1):

http://www.microsoft.com/downloads/details...09-5c8fa0339388

 

Windows Server 2008 for 32-bit Systems:

http://www.microsoft.com/downloads/details...c5-8703f6532615

 

Windows Server 2008 for x64-based Systems:

http://www.microsoft.com/downloads/details...6b-d3b3179aacc4

 

Windows Server 2008 for Itanium-based Systems:

http://www.microsoft.com/downloads/details...32-d4aa7005a9f8

 

PROVIDED AND/OR DISCOVERED BY:

The vendor credits:

* Secretaria da Fazenda do Estado do Rio Grande do Sul

* Cia de Processamento de Dados do Estado do Rio Grande do Sul

 

ORIGINAL ADVISORY:

MS09-007 (KB960225):

http://www.microsoft.com/technet/security/...n/MS09-007.mspx

 

----------------------------------------------------------------------

 

TITLE:

Microsoft Windows Multiple Kernel Vulnerabilities

 

SECUNIA ADVISORY ID:

SA34117

 

VERIFY ADVISORY:

http://secunia.com/advisories/34117/

 

DESCRIPTION:

Three vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to potentially compromise a user's system.

 

1) An input validation error when passing input from user-mode through the kernel component of GDI may potentially be exploited to run arbitrary code in kernel mode by e.g. tricking a user into viewing a specially crafted EMF or WMF image file hosted on a malicious website.

 

2) An error in the kernel when validating handles may be exploited by unprivileged users to run arbitrary code with escalated privileges.

 

3) An error in the kernel when handling certain invalid pointers may be exploited by unprivileged users to run arbitrary code with escalated privileges.

 

SOLUTION:

Apply patches.

 

Windows 2000 SP4:

http://www.microsoft.com/downloads/details...b7-06f15072a635

 

Windows XP SP2/SP3:

http://www.microsoft.com/downloads/details...b5-703d3a7dc33b

 

Windows XP Professional x64 Edition (optionally with SP2):

http://www.microsoft.com/downloads/details...c3-2455d7cf21c8

 

Windows Server 2003 SP1/SP2:

http://www.microsoft.com/downloads/details...31-507c2a406500

 

Windows Server 2003 x64 Edition (optionally with SP2):

http://www.microsoft.com/downloads/details...59-3a07e13957be

 

Windows Server 2003 with SP1/SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details...7a-e7a8156ede1c

 

Windows Vista (optionally with SP1):

http://www.microsoft.com/downloads/details...c0-50b901856ced

 

Windows Vista x64 Edition (optionally with SP1):

http://www.microsoft.com/downloads/details...7d-b7319282cf56

 

Windows Server 2008 for 32-bit Systems:

http://www.microsoft.com/downloads/details...15-181c260cf8cf

 

Windows Server 2008 for x64-based Systems:

http://www.microsoft.com/downloads/details...83-61c122ff1382

 

Windows Server 2008 for Itanium-based Systems:

http://www.microsoft.com/downloads/details...37-481d9876a5fe

 

PROVIDED AND/OR DISCOVERED BY:

1) The vendor credits Helmut Buhler.

2) The vendor credits Thomas Garnier, SkyRecon.

3) Reported by the vendor.

 

ORIGINAL ADVISORY:

MS09-006 (KB958690):

http://www.microsoft.com/technet/security/...n/MS09-006.mspx

 

----------------------------------------------------------------------

 

----------------------------------------------------------------------

 

TITLE:

Microsoft Windows DNS / WINS Multiple Spoofing Vulnerabilities

 

SECUNIA ADVISORY ID:

SA34217

 

VERIFY ADVISORY:

http://secunia.com/advisories/34217/

 

DESCRIPTION:

Some vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to poison a DNS cache and conduct spoofing attacks.

 

1) An error in the Windows DNS server may cause it to not properly reuse cached responses. This can be exploited via specially crafted DNS queries to poison the DNS cache and thus redirect network traffic.

 

2) An error in the Windows DNS server may cause it to not properly cache DNS responses. This may increase the predictability of subsequent transaction IDs and can be exploited to poison the DNS cache via specifically crafted queries sent to the DNS server.

 

3) The Windows DNS server does not properly validate who can register WPAD entries when dynamic update is used and ISATAP and WPAD are not already registered in DNS. This can be exploited to conduct MitM

(Man-in-the-Middle) attacks by registering "WPAD" in the DNS database pointing to a desired IP address.

 

4) The Windows WINS server does not properly validate who can register WPAD or ISATAP entries. This can be exploited to conduct MitM (Man-in-the-Middle) attacks by registering WPAD or ISATP in the WINS database pointing to a desired IP address.

 

Vulnerabilities #3 and #4 may be related to:

SA27901

 

SOLUTION:

Apply Patches.

 

DNS server on Microsoft Windows 2000 Server SP4 (961063):

http://www.microsoft.com/downloads/details...63-3adba6ac0116

 

WINS server on Microsoft Windows 2000 Server SP4 (961064):

http://www.microsoft.com/downloads/details...15-c0b3b86b4462

 

DNS server on Windows Server 2003 SP1 and SP2 (961063):

http://www.microsoft.com/downloads/details...23-9e07e2369878

 

WINS server on Windows Server 2003 SP1 and SP2 (961064):

http://www.microsoft.com/downloads/details...fd-4a54833e6bf2

 

DNS server on Windows Server 2003 x64 Edition and SP2 (961063):

http://www.microsoft.com/downloads/details...43-0459561d22d0

 

WINS server on Windows Server 2003 x64 Edition and SP2 (961064):

http://www.microsoft.com/downloads/details...3f-33ce45c32428

 

DNS server on Windows Server 2003 with SP1 and SP2 for Itanium-based Systems (961063):

http://www.microsoft.com/downloads/details...cc-5a415bec6c59

 

WINS server on Windows Server 2003 with SP1 and SP2 for Itanium-based Systems (961064):

http://www.microsoft.com/downloads/details...1f-cdb87efa4dcf

 

DNS server on Windows Server 2008 for 32-bit Systems (961063):

http://www.microsoft.com/downloads/details...5c-3afb44895f08

 

DNS server on Windows Server 2008 for x64-based Systems (961063):

http://www.microsoft.com/downloads/details...91-e85931ed610f

 

PROVIDED AND/OR DISCOVERED BY:

Reported by the vendor.

 

ORIGINAL ADVISORY:

MS09-008 (KB962238, KB961063, KB961064):

http://www.microsoft.com/technet/security/...n/MS09-008.mspx

 

OTHER REFERENCES:

SA27901:

http://secunia.com/advisories/27901/

 

----------------------------------------------------------------------

Опубликовано
  • Автор

вот и вышел патч к Adobe Reader - нажмите "Check for Updates" в нем :smile3:

Для публикации сообщений создайте учётную запись или авторизуйтесь

Account

Navigation

Поиск

Поиск

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.