Flawed Programs
Twitter gets rid of flash updates over flaw
by admin on Jan.23, 2010, under Flawed Programs
Twitter cuts feature on site over security flaw
BOSTON (Reuters) – Twitter has temporarily disabled one of the features on its website after a security researcher warned of a programing flaw that left the login credentials of its users vulnerable to hackers.
Twitter co-founder Biz Stone said in an email that the company had temporarily cut off access to a feature that lets users display Twitter updates on their websites by using Flash technology.“Our team has disabled the Flash widget while we look into the problem,” Stone said.
Mike Bailey, a senior security analyst with Foreground Security of Orlando, Florida, said that the problem exploits a widely known vulnerability in Adobe Systems Inc’s Flash programing language.
Adobe has told programmers how to address the vulnerability, which was first discovered in 2006, Bailey added, but noted the operators of many websites have failed to respond to those warnings.
The microblogging site’s huge popularity has made it a prime target for hackers looking to spread malicious software to Twitter’s millions of users.
http://www.reuters.com/article/idUSTRE60L4AD20100122?type=technologyNews
RealPlayer has 11 critical vulnerabilities
by admin on Jan.23, 2010, under Flawed Programs
RealPlayer haunted by 11 critical vulnerabilities
A quick heads-up to any computer users out with RealPlayer installed: There are at least 11 critical vulnerabilities that expose Windows, Mac and Linux users to malicious hacker attacks.RealNetworks released an advisory to warn of the vulnerabilities, which could be exploited via rigged image and media files to launch remote code execution attacks.
The vulnerabilities also affect some versions of the Helix Player for Linux.
Here are the details from the RealNetworks alert:1. A heap overflow error when processing a malformed ASM Rulebook, which could be exploited to execute arbitrary code.
2. A heap overflow error when processing a malformed GIF file, which could be exploited to execute arbitrary code.
3. A buffer overflow error when processing a malformed media file, which could be exploited to execute arbitrary code.
4. A buffer overflow error when processing a malformed IVR file, which could be exploited to execute arbitrary code.
5. A heap overflow error when processing a malformed IVR file, which could be exploited to execute arbitrary code.
http://blogs.zdnet.com/security/?p=5344&tag=col1;post-5344
