Senior Post Whore
Moderator
meckano i dont know if you realise but a lot of us ran a project called DHEP. This requires java to run so we all updated - problems arose as we found various version some 1.4.2 as you say but also 1.4.4 and also 1.4.6 Later with ototeros advice some swapped to IBM java as it was the quickest.
Just thought i would point out there are newer verison than 1.4.2 that you provide links for in your post.
Member
Yes, my info is all Sun Java.
Do you have a link for IBM Java?
and links to the other versions of my Java?
Senior Post Whore
Moderator
IBM Java 1.4 is in our Downloads section
Senior Post Whore
Moderator
To All!
Keep an eye of this! :shockingzap:
"Be brief, for no discourse can please when too long".
Miguel de Cervantes (1547 - 1616); Spanish author & poet
- Weekly summary -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)
Madrid, March 26 2005 - Over the last week, Oxygen3 24h-365d has covered the following news stories -summarized below- which can be read in full at: http://www.pandasoftware.com/about/p...en3/oxygen.asp
- System downtime due to vulnerabilities will triple before 2008 (03/21/05).
According to Gartner, system downtime caused by software vulnerabilities will triple before 2008, if companies don't take proactive security steps. Companies that don't include security as a criterion when buying or developing software will witness downtime caused by security vulnerabilities increase from the 5 percent observed in 2004 to 15 percent in 2008.
- Drag and drop vulnerability in Thunderbird and Firefox. (03/25/05)
A vulnerability has been reported which affects both the Firefox browser and the Thunderbird mail client and which can be exploited by remote attackers to insert malware on a user's system. The problem is that images dragged and dropped from a web page to the desktop retain their name and extension. If the file has an executable extension, it could run instead of being opened by the corresponding multimedia application..
NOTE: The address above may not show up on your screen as a single line. This would prevent you from using the link to access the web page. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL.
------------------------------------------------------------
To unsubscribe from Oxygen3 24h-365d, please visit:
http://www.pandasoftware.com/unsubscribe.asp
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
__________________________________________________ ___________
"Experience does not err, it is only your judgment that errs"
Leonardo da Vinci (1452 - 1519); Italian artist and inventor.
- Drag and drop vulnerability in Thunderbird and Firefox -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)
Madrid, March 25, 2005- A vulnerability has been reported which affects both the Firefox browser and the Thunderbird mail client and which can be exploited by remote attackers to insert malware on a user's system.
The problem is that images dragged and dropped from a web page to the desktop retain their name and extension. If the file has an executable extension, it could be run instead of being opened by the corresponding multimedia application.
To exploit this vulnerability, an attacker would need to construct a valid image file which at the same time was executable. In Windows, this can be done using a hybrid of a GIF image and a batch file. The attacker then needs to trick the user into the dragging the image onto the desktop and double-clicking on it.
__________________________________________________ ___________
- Weekly report on viruses and intruders -
Virus Alerts, by Panda Software (http://www.pandasoftware.es)
Madrid, March 25h, 2005 - This week's report on viruses and intruders looks at two worms (Mydoom.BH and Crowt.B) and a Trojan, Downloader.BHV.
Mydoom.BH is an email worm which can also spread through the KaZaA P2P file sharing program. Once it has entered a computer and is run, it downloads a page from a website with code, which is saved to the Windows system directory as an executable file called TEMP1.EXE. It also displays a screen referring to an antivirus in order to distract users' attention.
To spread via email it sends itself to all contacts in the Outlook address book, using its own SMTP engine. The name that appears as the sender of the email is false and the message includes an attachment with malicious code.
In addition to using email, Mydoom.BH also creates a copy of itself in the shared KaZaA directory, which it obtains from the Windows registry. This copy has random file and extension names, selected from a list of names designed to attract KaZaA users.
Other users of this program could remotely access this shared directory, and voluntarily download to their computer files created by Mydoom.BH, thinking that they were actually interesting programs, etc. They would in fact, be downloading copies of the worm to their computers. When they run the downloaded file, these other computers would become infected by Mydoom.BH.
The second worm in this report, Crowt.B, has backdoor functionalities and sends itself by email using its own SMTP engine. It gets the addresses to which it sends itself from a list of contacts stored on the user's computer.
It allows remote commands to be executed on the compromised computer and information to be extracted from it. It also carries an additional danger, as it acts as a keylogger, recording keystrokes and stealing passwords entered. In order to conceal itself, Crowt.B, injects its code into other programs.
Finally, we will look at the Downloader.BHV Trojan. This malicious code downloads and installs adware programs on the infected computer.
Downloader.BHV needs the intervention of an attacker in order to propagate and cannot spread by itself automatically. Various propagation channels are used, including floppy disks, CDs, e-mail messages with attachments, Internet downloads, FTP file transfers, IRC channels, P2P file-sharing networks, etc.
When it is run, it downloads from a range of websites 5 executable files disguised as GIF files, which it runs on the infected system. To prevent detection, it uses some very basic techniques (some text strings are composed while the code is running).
For further information about these and other computer threats, visit Panda Software's Encyclopedia: http://www.pandasoftware.com/virus_info/encyclopedia/
NOTE: The address above may not show up on your screen as a single line. This would prevent you from using the link to access the web page. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL.
Sesurite greetings from Lagu
Once an AMDuser always an AMD user
Senior Post Whore
Moderator
its gd but remember the company sending this produce virus products and various protection so they want to scare you into purchasing their newest most advanced package.
Member
Agreed, Firefox ver. 1.0.1 fixed the drag and drop problem.
Senior Post Whore
Moderator
I newer bought after such alarm. I have already theirs product and it is enough. Perhaps other peoples will run to an reseller and upgrade or change antivirus. I think many in this forum is as smart that they dont is thinking to get panic.
You all can swim silent!
Lagu
Once an AMDuser always an AMD user
Senior Post Whore
Moderator
i guess you are right lagu,
some people are reading that would go and buy panda's antivirus though
Senior Post Whore
Moderator
New secury report.
Madrid, April 4 2005 - Security Tracker has reported, at http://www.securitytracker.com/id?1013616, a vulnerability discovered in Linux kernel futex functions that could allow local users to cause denial of service conditions.
The problem stems from the fact that certain functions of the Linux kernel futex search for environment data with "get_user()" calls while holding the "mmap_sem" function for reserving memory for reading. If the get_user() call fails while another thread is in "mmap", the system can block.
The functions affected are in the 'kernel/futex.c' in Linux version 2.6. This vulnerability could be used by a local user to crash the system.
The fix for this error is available on the "Linux Kernel Mailinglist" page at: http://lkml.org/lkml/2005/2/22/185.
__________________________________________________ _________________________________________________
Madrid, April 5, 2005 - A vulnerability has been detected in Mozilla Suite and Firefox that could be exploited by an attacker to access sensitive user data. The problem lies in the JavaScript engine of these applications and can be exploited to access parts of the content of the memory used by the browser, which could contain sensitive user data.
This vulnerability is confirmed in Mozilla 1.7.6 and Firefox 1.0.1 and 1.0.2, although other versions could also be affected.
Until a patch is released, a temporary solution is to disable the JavaScript support, although this preventive measure could affect the functioning of some web pages or may prevent them from being correctly displayed.
More information is available on the developer's website at https://bugzilla.mozilla.org/show_bug.cgi?id=288688 and on the following websites:
http://cubic.xfo.org.ru/index.cgi?read=53004
http://www.securitytracker.com/alert...r/1013635.html
http://secunia.com/advisories/14820/
Lagu
Once an AMDuser always an AMD user
Member
Another way to block this is to disable Lmhosts lookup. This method is simple, free and extremely effective. LmHosts is an ancient method thats seldom used today and in my opinion, should not be enabled in the first place.
Posting Permissions
Reply With Quote