Google Talk connects at random intervals (about once every day or so
in testing) to dl.google.com via HTTP and fetches a .txt file
lists the current version of Google Talk, as well as a digital
signature of the new installer executable. If the version number is
greater than the version currently running, Google Talk will download
the .exe and, after checking its authenticity, execute it to
Assuming a user's DNS cache can be poisoned, a denial of service
attack is possible. Thanks to the digital signature, malware will not
execute. Yet, it is possible to force Google Talk to download a large
file which it will then analyze to determine whether the signature
matches. This will consume 100% CPU and large amounts of memory,
resulting in an unstable machine which requires a reboot in some
cases. It is also possible to plant incriminating files on a user's
machine, as the files are at first downloaded and saved to the
"Temporary Internet Files" directory before they are verified and
moved to Google Talk's data directory
comment it is not that simple to set up a DNS spoof, but once it is said you can oblige each computer in that zone with Google talk to download a file that would be trojan or just a too big file that would hung or crash the compuers
idea too much vulnerabilities, following one after another, maybe the honeymoon is over and the real battle begins or is Google still in the honeymoon and is it still lax on the security of its products and services. Wake up, big Google
and the poc http://www.computerterrorism.com/research/ie/poc.htm
and you will find some other proof of concepts here
The mistake was found as a functional bug in may and due to the problems with patching it for an universal tool als internet explorer wasn't patched. Nobody thought you could execute code remotely this way. We know better know.
It also proves the necessity of Internet Explorer 7 but also the mistake Microsoft makes by limiting these defenses to only xp. Every computer should have secured Internet Explorer. The only way to do this is to make a light and secure Internet Explorer for websurfing that doesn't have any links to interior programs or does downloads directly to the root but only to a seperate folder and that doesn't make any changes to any registry or other code at your computer without asking your approval.
On www.securingit.tk you will find more freeware tools to put on your computer to make your computer and surfing more secure.
Microsoft also tells that it is important that you should use a simple user account when possible and that if you use Outlook (express) that you should have installed the latest security patch. http://go.microsoft.com/fwlink/?LinkId=33334 or go to www.windowsupdate.com
There si an exploit in the wild and the code is published even if nobody has already used it, but any person or organisation with hacking or spyware intentions can now use this method in spam or on websites. So be very very very prudent in the coming weeks on what you open or what you visit
What's it mean? Well, since the DNS Server location is now also changing at will, taking down an attackers (phishing, spyware, scam, botnet) operation by contacting legitimate DNS providers will no longer work quickly, if at all. How effective is this attack methodology in the real world? Well, it isn't a "flash" attack, but it is very effective.
because the dns server and domainnames and so on change all the time.
example careerbuilder scam http://isc.sans.org/diary.php?storyid=861
coordination at the government level together with the ISP's and other CERT centers is the only way foreward
http://uptime.netcraft.com/up/graph?site=www.sp.be IS 6. 2003
http://www.cdv.be was running Apache on Linux
Apache/1.3.33 (Debian GNU/Linux) PHP/4.3.10-12 mod_ssl/2.8.22
http://www.vld.be was running Microsoft-IIS on Windows 2000 when last queried at 15-Nov-2005 11:52:20 GMT
http://www.nva.be was running Apache on Linux when last queried at 18-Nov-2005 23:53:40 GMT Apache/1.3.12 Cobalt (Unix) mod_ssl/2.6.4 OpenSSL/0.9.5a PHP/4.0.3pl1 mod_auth_pam/1.0a FrontPage/126.96.36.199 mod_perl/1.24
http://www.meerspirit.be was running Apache on Linux when last queried at 18-Nov-2005 23:54:26 GMT Apache/1.3.23 (Unix) Debian GNU/Linux mod_jk/1.1.0
http://www.mr.be was running Apache on Linux when last queried at 18-Nov-2005 23:55:14 GMT Apache/1.3.26 (Unix) Debian GNU/Linux PHP/4.1.2
http://www.ps.BE was running Microsoft-IIS on Windows 2000 when last queried at 18-Nov-2005 Windows 2000 Microsoft-IIS/5.0
http://www.cdh.be was running Apache on Linux when last queried at 18-Nov-2005
Apache/1.3.26 (Unix) PHP/4.0.6
http://www.ecolo.be was running Apache on Linux when last queried at 18-Nov-2005
Apache/1.3.29 Sun Cobalt (Unix) mod_jk mod_ssl/2.8.16 OpenSSL/0.9.6m PHP/4.3.2 FrontPage/188.8.131.520 mod_perl/1.26
http://www.groen.be was running Microsoft-IIS on Windows Server 2003
OpenSSL vulnerabilities are not patched here http://secunia.com/advisories/17151/
http://secunia.com/search/?search=PHP 2018 vulnerabilities
http://secunia.com/product/72/ apache vulnerabilities and some have an older version here
and yeah running windows 2000 and IIS 5 on a server of a political server is just stupid.
Francis-Macrae was arrested minutes before he could carry out a threat to crash Britain’s internet system using his army of 200,000 zombie computers
so who will clean up the infected computers or will they just be taken in by another zombie-master ?