更多弱點發現了; 受影響的更多平臺

嚴肅： 高

2007年10月26日，

更新：

在星期一10月22日，我們出版了 戒備 關於在窗口影響RealPlayer 10.5和RealPlayer 11 beta賽跑的一個嚴肅的弱點。 通過誘惑你的一名用戶到一個惡意網站，攻擊者在您的用戶的計算機可能利用這個弱點執行代碼，以您的用戶的特權。 在最壞的情景，攻擊者能取得總對受害者的個人計算機控制。 RealNetworks發布了補丁給問題的固定。 然而，看起來更新指示了RealNetwork安全孔起點。

晚昨天， RealNetwork發布了第二批 安全更新 這個星期，這次在他們的傳媒播放裝置產品系列的固定六個嚴肅的弱點。 這什麼您需要知道新的缺點。

新的缺點比更加早期的缺點，包括在OS x和Linux跑的產品影響許多產品。 受影響的產品現在包括：

• RealPlayer 8， 10， 10.5， 11為窗口， Mac和Linux
• RealOne球員v1和v2為窗口和RealOne球員屬於Mac
• RealPlayer企業
• 螺旋球員10.0.x為Linux。

雖然這些新的缺點與互相技術上不同，他們分享許多相似性。 例如，全部六個缺點介入 緩衝溢出弱點 觸發，當RealPlayer

Here’s a friendly reminder about our special promotion this Wednesday, October 17 for Telosa Basic! Exceed 2.0 fundraising software. Learn more about the promotion and this software’s powerful donor management tools at http://www.techsoup.org/stock/promo

 

Eligible nonprofits will be able to place orders for specially discounted Telosa Exceed! Basic fundraising software for only $90. After the special offer ends, our standard administrative fee of $299 will apply. This offer will be open for 8 hours only on October 17, from 8 am to 4 pm Pacific time (11 am to 7 pm Eastern time).

 

This extra-generous discount is available for a limited time thanks to Telosa. Learn more about the special offer at http://www.techsoup.org/stock/promo

 

ELIGIBILITY

This special offer is available to U.S. 501(c)(3) nonprofits, Canadian charitable organizations, and public libraries (U.S.

and Canada) with annual operating budgets less than or equal to US$500,000. For details on eligibility requirements, visit:

http://ga0.org/ct/C1LRaAn184Y4/

 

HOW TO PLACE YOUR PRODUCT REQUEST

Visit http://www.techsoup.org/stock/promo and place your product request at TechSoup Stock for 8 hours only on October 17, from 8 am to 4 pm Pacific time (11 am to 7 pm Eastern time).

 

IMPORTANT: Make sure your organization’s email address and mailing address is up-to-date in our records. To view or update your organization’s profile, follow these instructions on this web page: http://ga0.org/ct/VpLRaAn184YX/

 

Hacked GOP Site Infects Visitors with Malware
The now-infamous Storm Trojan horse is using new distribution methods to attack unsuspecting victims. Where it once used e-mail attachments or embedded links in spam, it has now turned to website exploits, recently infecting PC users through a Republican party website in Wisconsin, USA.

Read More

Germany Arrests 10 in Global Internet Scam Raids
After an 18-month probe, German police have arrested 10 people in Russia, Ukraine, and Germany in connection with an international Internet scam that may have cost hundreds of thousands of Euros from victims. The accused used phishing techniques to lure bank customers into answering fake Ebay or Deutsche Telekom e-mails, and then installed a Trojan horse to record their personal data.

Read More

Great Firewall of China More Like Chain-Link Fence
Researchers at the University of California at Davis and the University of New Mexico have proven that banned terms can slip through the government-imposed firewall for Internet surfing in China. Even with the occasional slip in security, most citizens still avoid searching for banned terms and concepts for fear that their Internet activity is being monitored by the Chinese government.

Read More

Financially Motivated Malware Thrives
As malware becomes more and more lucrative, software programs are being released that allow any unskilled hacker to earn a living sending spam. In September, a group of Russian hackers released a malware kit for $200 U.S. with information on how to become a master spammer.

Read More

They are sleek, they are powerful, and they are a wish list standard.  Smartphones, like iPhone and BlackBerry, are creating a collective buzz that can be heard worldwide.

The hype is well deserved.  Mobile devices have matured and with their coming of age we now have capabilities that seemed far-fetched only a few years ago.  For employees and executives the world over, smartphones make corporate data and applications available anytime, anywhere.

But just as a smartphone is now capable of downloading data and applications wirelessly, so can it download viruses, spyware, even pornographic content, without a user’s consent.  The use of flash memory cards on some phones opens yet another door for malware to spread to these devices.

The threat is real and growing.  A recent PC World article reports that malware writers are ramping up their activity in the mobile arena, learning from proof-of-concept threats and fine-tuning the amount of user interaction required to propagate the damage.

According to SMobile Systems, a company that specializes in mobile security, there are over 400 wireless threats currently, and more are predicted to arise by year’s end.  The threats can take many forms.  Among the attacks are those that attempt to delete data, those that record a user’s phone calls, and those that send SMS text messages with links to malicious web sites.

It is a simple equation:  greater use equals greater exposure.  The explosion in smartphone use and the productivity gains that come with it have increased the security risks for corporations.  Given their functionality,

“We suspect an unauthorized transaction on your account.  To ensure that your account is not compromised, please click the link below and confirm your identity.”

An e-mail communication that reads like this has probably appeared in your inbox recently.  Sounds official, doesn’t it?  Judging from the header on the e-mail, a trusted source has sent it – a government agency, your bank, your Internet service provider.

What will you do?

Anytime you receive an online request for personal information, you should treat it with a healthy dose of suspicion.  What appears to be a trusted source may, in fact, not be what it claims to be.  Chances are high that you have become a target of a highly individualized and persuasive attempt to steal your personal information for malicious purposes.  Phishing, as this type of attack is called, has become increasingly common.

A phishing attack can originate when personal data is stolen. Not much is required.  Bits of data can be simple enough, such as your e-mail address, telephone number and birthday. But those bits hold the potential for creating a profile of you that can be easily expanded through access to other sources of online information.

Resumes and CVs are a reservoir of useful data.  As recently as August of this year, resumes and CVs were the target of an attack on Monster, a popular employment website.  The attack, which began with stolen login credentials, enabled hackers to gain access to the Monster site and gather the personal information of over a million