- +
Worm fears shut down Skype video feature 23 January, 2008 10:41:58
Skype has disabled a video-sharing feature because of security concerns.Skype has been forced to turn off a video-sharing feature in its software because it could be misused to launch a self-copying worm attack against Skype users, security researchers said Tuesday.
Click here for case studies, whitepapers and other useful vendor content Newsletter Subscription
Security researcher Aviv Raff has published code that would allow someone to take control of a computer running Internet Explorer, but there's a catch. He's not saying exactly where he's hidden the attack.
"Somewhere in my blog, I embedded a proof-of-concept code which exploits this 0day vulnerability," Raff wrote in a Wednesday blog posting. A 0day attack is a previously undisclosed software flaw that has not been fixed by the software maker.
The bug, which affects Internet Explorer 7 and IE 8, could allow an attacker to run unauthorized software on a victim's computer. Raff informed Microsoft of the flaw on Tuesday and the software vendor has not yet patched it, Raff said.
Microsoft didn't get much time to fix the bug, but Raff said he didn't feel that Microsoft would address the issue quickly unless he went public with the vulnerability.
When he has followed Microsoft's responsible disclosure guidelines in the past, the company has been too slow to fix bugs, he said via instant message. "The last time I used their Responsible Disclosure policy it took them six months to fix one line of code."
For Raff's attack to work, the hacker would first have to put a small amount of HTML code on a Web site and then persuade the victim to use a specific Internet Explorer feature on that site, he said.
The Israeli hacker said that the idea of disclosing his attack in a treasure hunt came from a local custom of playing such games during Israel's Independence Day, which falls on Thursday.
Raff has put the code on his own Web site, and he will offer clues as to what people must do to trigger the flaw over the next few days. When triggered, Raff's proof-of-concept code launches two copies of Microsoft's calculator software on the victim's computer, but it could be altered to do something malicious.
Next Wednesday, he will release full details of the bug along with his proof-of-concept code.
Microsoft was unable to immediately comment for this story.
ARN Member Login
ARN Panel Sessions: Day 3The last of our panel sessions recorded live at CeBIT 2008. Today, the topic is storage. Data is growing at an enormous rate, so what does the future hold?
Weekly Tech News Update: 7th October, 2008This week we're coming to you from the Ceatec show in Japan. It's a showcase for gadgets and gizmos galore from all of Japan's biggest electronics companies and this week we're going to be showing you the best of what the show has to offer.
Brian's bloopersIt takes a long time to produce an episode of Channel Watch. Maybe you'll understand why after watching this...
When an IT disaster occurs, how handy it would be to push a button and start again as if nothing had happened.
Discover and learn more about CA XOSoft today.
Multimedia Technology signs exclusive National distribution agreement with Freecom 07 October, 2008 14:30:00
Symantec State of Spam Report - October 2008 07 October, 2008 11:58:00
AIIA to Reward Sustainability and Green IT Champions at the 2009 iAwards 07 October, 2008 11:56:00
WD Unveils Affordable, High-Capacity Network Storage For Small Offices And Homes 07 October, 2008 11:40:00
Yellowfin Achieves BI Success with Asia Pacific Telcos 07 October, 2008 09:46:00
Dataract increases e5 Workflow performance with Microsoft® Windows Server® 2008
Since upgrading to Windows Server 2008 from Windows Server 2003, Dataract have made visible improvements in their workflow calculations and image presentation performance.
Subscribe to ARN
