Well… I said, more legs than a centipede for this one…. It looks as though the uninstaller from Sony is an activex control that may have some SEVERE security implications. The ActiveX invokes a command to reboot the computer (RebootMachine). (Which is likely remotely exploitable). Also it appears to use an (InstallUpdate) download which could be exploitable AND if that’s not enough, a n ExecuteCode function which could crash the browser. It should be noted that the ActiveX uninstaller REMAINS ON THE SYSTEM after the SONY DRM ROOTKIT is removed, meaning that these functions would be available for remote exploit even after the XCP software is uninstalled.
Author: Avery
-
New Sober virus variant coming
This is unusual, but there is advance notice from the Bavarian Police warning about a new variant on the Sober worm which will be released tomorrow. More information can be found at f-secure, as well as sunbeltblog.
-
$100 notebooks for schoolkids around the world likely will run linux
I was reading that Apple had offered free copies of OSX for the $100 laptop project aimed at bringing cheap laptops to schoolkids in the developing world and in some cases even here in the US. They don’t have the price down to $100 yet, but OSX was rejected because it isn’t open source, apparently the designers want an Open Source OS to work with so they can tweak and tinker with it.
-
VNC or Tightvnc for remote pc access
I was surprised to do a search and find that I haven’t mentioned tightvnc before (or even merely VNC as a useful tool.) Ok – here’s the scenario, you need a way to get remote pc access, or remotely view a desktop, maybe it’s a Windows machine and you’re using a Mac? Or Maybe it’s a Mac and you have a linux desktop? Or a Linux server from a Windows machine? Most of the time in the Windows to Windows remote control area the choice becomes either Remote Desktop, or PCAnywhere. There are other options though. One that I’m particularly found of is TightVNC, which is an implementation of the VNC protocol (VNC stands for Virtual Network Computing).
-
Part 2 of the Mandrake or Mandriva 2006 review
I’m still not used to the name Mandriva, Mandrake is just what I remember… anyway, mandrake.tips.4.free.fr has the second part of their mandriva 2006 review up. It sounds as though in the last week the iso’s of the free edition are now publicly available as well. This time around special attention is paid to hardware support, and multimedia capabilites focusing on image handling/editing software.
-
CJB sites spawning spyware downloads?
You might be cautious visiting the free sites at cjb.net according to the sunbelt blog many of them are unwittingly providing spyware downloads to users. The download is for a 180solutions pest. If you have a free cjb site, you would be well served to test your page to see for yourself what your visitors may be greeted with.
-
Winrar and rar updated to patch vulnerabilities
Incidents.org is reporting on the release of a new version of winrar and rar (3.51) to address security issues discovered by secunia.
As always if you use it, go get the update.
-
Top 10 linux sysadmin utilites
There is an interesting article at Linux.com on the top ten administrator utilities in linux. Titled “My sysadmin toolbox” it goes into some detail on some of the good standby’s that if you’re interested in learning command line linux, you ought to take a look at. The one that I hesitate on is pwgen which is a utility for generating random passwords. I’ve always read that if you can create the password with a program, it can be broken the sameway. However, I bet the passwords generated with pwgen are better than those that most users pick out (fred or mynewcar for example…)
-
Linux livecd 6 month followups
If you’ve ever given away linux livecd’s and wondered if they were ever tried, you might be interested in reading this newsforge article about a guy that followed up with several livecd recipients about 6 months on. It’s interesting to see what he found. There were a limited number, but it is interesting.
-
Some companies unable to secure your data
It’s sad, but true. Some companies are just plain irresponsible with your data. Whether it be credit card information, or address and phone number there are those that aren’t good about keeping their databases private. The securityfix is reporting that a recent survey found 12% of people had been notified by companies that they did business with over a breach of security resulting in data loss. Apparently 20% of those, closed accounts subsequently.