js/exploit packed.c.gen

Wednesday, September 2nd, 2009

I see users of McAfee are seeing a lot of complaints by their antivirus about this js/exploit packed.c.gen. One user is reporting that the weather underground site is raising a flag about this virus. I’m seeing indications that this may be a false positive.    Send article as PDF   

WordPress Stats plugin not updating – fix

Monday, April 7th, 2008

There are a lot of good things to like about the newer versions of wordpress. It seems to keep getting better. One of the really cool plugins is the WordPress.com stats plugin. This lets you have a nice simple stats interface accessible from your Dashboard on your wordpress blog. (It uses wordpress.com to track stats, [...]

Firefox 2.0

Tuesday, October 24th, 2006

Mozilla has released the 2.0 release of the Firefox web browser. Among the new features is built in spellcheck and javascript 1.7 support. However, there are critiques that are critical of the User Interface. (The blank bar, I thought, was the bookmarks toolbar folder area where you could put bookmarks of rss feeds or most [...]

Firefox zero-day vulnerability (or is it?)

Sunday, October 1st, 2006

I saw a comment somewhere else that zero-day was overused and in essense ANY previously unknown vulnerability in open source software is technically zero day… the intent here though is to use the word in this context…. “vulnerability has been released without giving the vendor an opportunity to patch…” Yes, the fun vulnerability weekend seems [...]

Internet Explorer 0-day (take 2 of the last few days…)

Wednesday, September 20th, 2006

The last zero day (activeX) seems to be less interesting than this NEW zero-day that really made a news splash in the last day. It looks as though this NEW 0-day affects VML… Incidents.org has good coverage here. Microsoft has an advisory up and they expect to release a patch on the next scheduled patch [...]

Nasty Javascript attack possibilities

Friday, August 4th, 2006

There were demonstrations of some nasty javascript attacks at Black Hat as well (as if the wireless driver issues wasn’t a big enough problem…) Javascript is a powerful language and can be used for many things, but in these demonstrations, it was used to track recently visited sites (by the browser victim) and identify the [...]

Web 2.0 could lead to virus 2.0…

Tuesday, June 13th, 2006

The last couple days, there’s been a virus spreading making use of yahoo mail’s interface. Usually web mail is considered a fairly safe way to get email, but in this case all that was done was the user clicking on a malicious email and the virus ran. It appears that javascript/AJAX/Web 2.0 applications are going [...]

Cross browser javascript vulnerability

Thursday, June 8th, 2006

It sounds like this vulnerability would take a great deal of user interaction, but cio-today is reporting on a browser vulnerability that affects pretty much every javascript enabled browser. According to Symantec …. “This issue is triggered by utilizing JavaScript ‘OnKeyDown’ events to capture and duplicate keystrokes from users,” and is a way that the [...]

More discussion on the Firefox 1.5.0.3 “image bug”

Wednesday, May 17th, 2006

There’s quite a bit more discussion on a DOS bug in Firefox 1.5.0.3, the link goes to a site where they’ve confirmed the issue and there is a link there to a POC, so be cautious. It turns out that using javascript, image tags can be made to have a mailto: link which can automatically [...]

Network Security guide for the home or small business network – Part 14 – Alternative software

Monday, December 26th, 2005

There are ways that risks can be avoided. Recently, there was what was called a zero-day exploit for Internet Explorer. As I write this, the exploit surfaced 3 weeks ago and tomorrow there will be a patch. The vulnerability would allow remote code execution through a vulnerability in the way javascript is handled. So, for [...]

Google
 
Web www.averyjparker.com

Switch to our mobile site