Reaper-X » Computer Security

Adware maker sues Anti Spyware maker

Reaper-X — Sun, 20 May 2007 02:38:29 +0000

I just never thought that Adware maker can also sues Anti Spyware maker because of their product (Spyware Doctor) helping people to solve their adware / malware problem on their computer (Full Story)

Zango Inc. v. PC Tools Pty Ltd.

5/15/2007 07-2-15844-8 CBC

Complaint for injunctive relief and tortious interference with business expectancy. The plaintiff’s software, which “has been consensually installed by millions of users,” is being destroyed by the defendant’s “Spyware Doctor Starter Edition” application. The application does not give users specific warning that Zango’s software will be deleted. The defendant’s product has been distributed as part of a “Google Pack” of software tools, causing the plaintiff “irreparable harm.” The plaintiff seeks at least $35 million in damages – via Spamnotes

They says that Spyware Doctor does not give users specific warning that Zango’s software will be deleted ?

Based on my experience when repairing or configuring someone else computer. I always ask them first if they want me to configure the anti spyware / antivirus product to automatically delete all kind of threat without warning / prompting the user first … all of them are saying “Yes” to that question … and i think you can guess why

But this ??? …. well … i think i’ve said enough ;)

0x87485B96 | Tags : Computer Security, Internet, Opinion, Personal, Tech News

Windows Update Downloader

Reaper-X — Tue, 20 Feb 2007 20:52:22 +0000

Windows Update Downloader is a small utility that allows you to download all of the current Windows critical updates. All updates are downloaded directly from microsoft.com to your computer with a single mouse click (few / several mouse clicks to be exact, if that matters)

In other words this small utility is useful to those who like to keep their windows system in top shape by updating their system frequently but still want to keep the downloaded update files as archives in your hard drive for later use and you can grab this amazing tool from here

In order to use this program, first you must make sure you’ve already installed .NET 2 Framework on your system or you can download it directly from Microsoft site. But if you already has .NET 2 Framework installed you can just simply run it

The first time you use this program, it’ll say that you’ll need to get an UL (Update Lists) first .. so get the appropiate update lists for your system first from the author page, as for the next step .. well .. you just simply choose which update files to download .. that’s it

0x87485B96 | Tags : Computer Security, Freeware, Software, Windows

RyanVM’s 2.1.7 and XUDPack 2.0.6 Released

Reaper-X — Sat, 17 Feb 2007 14:33:46 +0000

To those who likes to integrate various windows update files into their own Windows XP SP2 CD (like me for an example) so you wont have to install previous windows update files when you’re installing a fresh install of Windows XP can download the latest version of RyanVM’s XP SP2 Post-Update Pack version 2.1.7 (16 February 2007) and of course this is the best package you can get out there that contains many windows update files, although the file size is quite large 44.3 MB (at least for me)

Or to those who prefer a more light version that contains only high priority windows updates, you can try XUDPack (Xables Light Post XP-SP2 Update Pack) and the latest version of XUDPack you can get right now is version 2.0.6 (14 February 2007) and of course because XUDPack only contains high priority updates it’s filesize is only 29.5 MB

As for the steps to integrate it, you can choose whether you want to use nLite to slipstream the package of your choice into your Windows XP SP2 files or you can choose the RyanVM Integrator

0x87485B96 | Tags : Computer Security, Freeware, Software, Windows

Mozilla Firefox, PDF Files and XSS

Reaper-X — Thu, 04 Jan 2007 14:34:35 +0000

I read about this yesterday on BugTraq and within just one day i read another interesting news from Symantec (i found it via techmeme) regarding this new xss issue with pdf files

And what makes this interesting, because this problem only occur at Mozilla Firefox browser (with Adobe Reader 7 and below), and Internet Explorer 6 and 7 isn’t affected by this vulnerability issue as noted by Symantec :

This problem appears to be limited to the Firefox browser, which has a relatively large user base.

Although some other people are getting different results (look at the comments), and if it’s for me .. i already tried this with Firefox 2.0.0.1 installed on Windows XP SP1 .. and i don’t find any problem with it .. and that’s because i already disabled the PDF / Adobe Reader Plugin for Firefox browser since a long time ago because of another reason (actually i don’t really like opening files directly from the web especially PDF because it can cause a big slowdown to my system)

As a note, if you’re using Firefox you might try reading the Symantec weblog about this issue to find the quick fix for this problem

0x87485B96 | Tags : Browsers, Computer Security, Hacking, Internet, Mozilla, Network and Security

Wordpress HTML Injection Vulnerability

Reaper-X — Mon, 01 Jan 2007 06:48:33 +0000

Wow .. i just got back .. and i read a very interesting news about the recent wordpress html injection vulnerability issue that is exists on several .. um .. almost all versions of wordpress below 2.0.6 (well i dont know anything about the 1.x series of wordpress because i never use it before)

Fortunately there is already a fix for this problem and you can do it by applying the latest patch from Wordpress Trac into the templates.php file in your wp-admin directory

As as a note, if you want to see a proof of concept regarding this wordpress issue, you can go to David Kierznowski homepage and see it by yourself

And yet another note, Wordpress 2.0.6 RC2 has been released (from the WP-Testers Mailing Lists) and this new release candidate already include a fix for this problem

0x87485B96 | Tags : Computer Security, Freeware, Network and Security, Open Source, PHP, Software, Wordpress

Firefox 2 Crash Script

Reaper-X — Sat, 02 Dec 2006 02:37:16 +0000

Even the most favorite browser for geek (well at least only some people know about it judging by the number of Internet Explorer users that is still high) known as Mozilla Firefox .. has some vulnerability issue .. and surprisingly this bug exists on the new Firefox 2 release …and just in case you want some proof about this .. then try opening this page and you’ll see Firefox 2 crashed .. the only solution for this :

Use NoScript Extension
Disable Javascript Completely on Firefox 2

Yep that’s all … by the way i just tested it with / without javascript enabled and the result is :

If you enabled Javascript in Firefox with / without additional extension .. you’ll see firefox crashed
If you disable Javascript .. then you can see the page without problem :D

And just in case you want to run it on your own computer without loading that page first .. here’s the script (copied from that page) :

Google Codesearch Launched and Another Problem has Arise

Reaper-X — Fri, 06 Oct 2006 23:08:56 +0000

Google just released Google Codesearch to public recently, and just like it’s main search engine … this new feature from Google can be used by malicious users to get sensitive data. For example, database password including it’s username, looking at the source code of malicious program, etc. And that’s all happening because most users always put their compressed backup file in the public directory that can be read by everyone including Google Codesearch and in this case is the public html directory of your server.

Fortunately Google always obey the robots.txt structure, unlike some major search engine. So the only solution to the Google Codesearch is by blocking access to that directory by using robots.txt, but because everyone can see your robots.txt file then it can cause problem too if the malicious users can see that directory. And the only solution i can think of to avoid this :

Create a robots.txt to block bot access the important directory and create another subdirectory under the important directory but do not put the subdirectory name in your robots.txt file because it can be seen by the malicious users, for example /public_html/important_directory/the_subdirectory
Create a .htaccess file to block everything including yourself to the important directory (don’t try this if you do not have access to FTP / File Manager)
and don’t forget to Disallow Directory listing, you can do it easily by using .htaccess

Although there’s alot of possible solution, the best thing to do is never put your very sensitive data in your public_html directory of your server (unless your server got totally hacked or there’s another exploit) especially your backup file which most not tech savvy users did. Anyway let’s just hope that Google Codesearch get fixed / modified and they’ll automatically filter some important stuff like that.

0x87485B96 | Tags : Computer Security, Google, Guide, Internet, Privacy, Tutorials

PCMAV Antivirus 1.0 RC 8

Reaper-X — Mon, 02 Oct 2006 07:40:57 +0000

I just uploaded the latest PCMAV Antivirus 1.0 RC 8, and just like the previous PCMAV release, this release contain several bugfixes and an update to the PCMAV Antivirus engine itself so it can detect and clean more virus from your computer. A more detailed list on what virus can be removed using the free antivirus can be read on the readme file. And here’s a list of new virus that can be detected by PCMAV Antivirus 1.0 RC 8 :

Aksika.msg-2
Alisa.D
Babat-B.C
Brontok-1.B
Brontok-1.C
Brontok-8
Brontok-12.G
Brontok-Sensasi.F
Buggie
FluBurung
FluBurung.msg
Leena
Moonlight-B.E
PatahHati.msg
Peta
Riyani
SomeFool.b64
SomeFool.dll
SomeFool.zip1
SomeFool.zip2
SomeFool.zip3
SomeFool.zipped
TamiFlu
Toy
Trojan.Dialer
Tsunami.B
Tsunami.C
Unmul.B

As for the rest you can read it directly in the readme file ;)

0x87485B96 | Tags : Computer Security, Freeware, Security Tools, Software, Windows

Apache mod_rewrite Security Flaw

Reaper-X — Wed, 23 Aug 2006 00:55:20 +0000

Yesterday i just read about the recent security flaw in mod_rewrite modules in Apache HTTP Server that can make the web server process crash or allow arbitrary code execution by a malicious user. And here’s the announcement from the Apache HTTP Security team :

CVE-2006-3747: An off-by-one flaw exists in the Rewrite module, mod_rewrite, as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0.

Depending on the manner in which Apache HTTP Server was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely. For vulnerable builds, the nature of the vulnerability can be denial of service (crashing of web server processes) or potentially allow arbitrary code execution. This issue has been rated as having important security impact by the Apache HTTP Server Security Team.

This flaw does not affect a default installation of Apache HTTP Server. Users who do not use, or have not enabled, the Rewrite module mod_rewrite are not affected by this issue. This issue only affects installations using a Rewrite rule with the following characteristics:

The RewriteRule allows the attacker to control the initial part of the rewritten URL (for example if the substitution URL starts with $1)

The RewriteRule flags do NOT include any of the following flags: Forbidden (F), Gone (G), or NoEscape (NE).

Please note that ability to exploit this issue is dependent on the stack layout for a particular compiled version of mod_rewrite. If the compiler used to compile Apache HTTP Server has added padding to the stack immediately after the buffer being overwritten, it will not be possible to exploit this issue, and Apache HTTP Server will continue operating normally.

So in the other words, every users should update their Apache installation immediately, especially for those who’s already using a blogging platform like Wordpress, because if you want to use the Permalink feature, you’ll have to use mod_rewrite function and the Wordpress installation included that by default (except it doesn’t have write access to the .htaccess file) but if you’re using your own computer as a server, then you should apply this update immediately

And here’s a link if you want to get more information about this issue :

0x87485B96 | Tags : Computer Security, Journal, Network and Security, Web Servers

Watch out for Powerpoint Presentation !

Reaper-X — Fri, 21 Jul 2006 22:26:13 +0000

Another zero-day exploit has been found on Microsoft Office Application which affect Microsoft Powerpoint 2000, 2002 / XP, 2003. This exploit can install keyloggers, adware, malware or any other malicious program (depending on what the attacker wants) on your computer when the exploited powerpoint presentation executed by the victims

So far there hasnt been any patch from the Microsoft. But Microsoft announced that the patch will be ready on 8 August 2006 or sooner as warranted. So until Microsoft already released the patch, do not open any powerpoint attachment (if its an email messages), or any powerpoint attachment that came from untrusted sources to prevent infection and always update your antivirus program.

0x87485B96 | Tags : Computer, Computer Security, Windows