Tag Archives: Full Disclosure

Computers

New vulnerability found in Java 7 opens door to 10-year-old attack, researchers say

Leave a comment

Security researchers from Polish vulnerability research firm Security Explorations claim to have identified a new vulnerability in Java 7 that could allow attackers to bypass the software’s security sandbox and execute arbitrary code on the underlying system.

The vulnerability was reported Thursday to Oracle along with proof-of-concept (PoC) exploit code, said Adam Gowdiak, the CEO and founder of Security Explorations, in a message to the Full Disclosure mailing list.

According to Gowdiak, the vulnerability is located in the Reflection API (application programming interface), a feature that was introduced in Java 7 and which has been the source of many critical Java vulnerabilities so far. Security Explorations confirmed that its PoC exploit code works against Java SE 7 Update 25 and earlier versions, he said.

The new issue identified by Security Explorations can allow hackers to implement a “classic” attack that has been known for at least 10 years, Gowdiak said.

To read this article in full or to leave a comment, please click here

…read more

Source: FULL ARTICLE at PCWorld

Automobiles

Video: Watch NASCAR racer Jeff Gordon put one over on a used car dealer… sorta

Leave a comment

By Zach Bowman

Pepsi Max ad with Jeff Gordon as disguised used car test driver - video screencap

Filed under:

Full Disclosure: in my younger days, I loved nothing more than tormenting passengers with my behind-the-wheel hijinks. Once, after a particularly artful handbrake turn on a two-lane at around 50 miles per hour, I left one backseat occupant crying in their own lap. This isn’t necessarily something to be proud of, but it gives you a glimpse into why it is that I find this ad from Pepsi so damn disappointing. The premise is beautiful. Take NASCAR legend Jeff Gordon, give him a disguise and set him loose upon some unsuspecting used car dealer. Hilarity ensues.

Except that this Pepsi Max commercial is so obviously staged, it can’t help but feel like some ham-fisted marketing fail. From the strategically placed aftermarket cupholder mounted mid-dash for the hidden camera to the fact that the supposed dealer Camaro is displayed as a 2009 model (Hint: Chevrolet didn’t make any), this clip is about as organic as a Twinkie. Still, we would never turn down a chance to watch Gordon thrash on a rental-spec coupe – only problem is, he probably didn’t even do the driving himself. Check it out below.

Continue reading Watch NASCAR racer Jeff Gordon put one over on a used car dealer… sorta

Watch NASCAR racer Jeff Gordon put one over on a used car dealer… sorta originally appeared on Autoblog on Wed, 13 Mar 2013 12:57:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

…read more
Source: FULL ARTICLE at Autoblog

Computers

Kaspersky acknowledges a bug that causes a system freeze

Leave a comment

Kaspersky Lab’s Internet Security 2013 product contains a bug that can be exploited remotely, especially on local networks, to completely freeze the operating system on computers running the software.

The bug can be attacked by sending a specifically crafted IPv6 (Internet Protocol version 6) packet to computers running Kaspersky Internet Security 2013 and other Kaspersky products that have the firewall functionality, security researcher Marc Heuse said this week in an advisory published on the Full Disclosure mailing list.

“A fragmented packet with multiple but one large extension header leads to a complete freeze of the operating system,” he said. “No log message or warning window is generated, nor is the system able to perform any task.”

IPv6 support is enabled by default for network interfaces in Windows Vista and later, as well as in many Linux distributions and in Mac OS. IPv6 adoption on the Internet is relatively low at the moment so the number of computers that are publicly accessible over IPv6 is not very high. However, most computers are accessible over IPv6 on local networks and have local IPv6 addresses assigned to them by default.

To read this article in full or to leave a comment, please click here

…read more
Source: FULL ARTICLE at PCWorld

Computers

Oracle's Java patch contains new holes, researchers warn

Leave a comment

Researchers from Security Explorations, a Poland-based vulnerability research firm, claim to have found two new vulnerabilities in Java 7 Update 11 that can be exploited to bypass the software’s security sandbox and execute arbitrary code on computers.

Oracle released Java 7 Update 11 last Sunday as an emergency security update in order to block a zero-day exploit used by cybercriminals to infect computers with malware.

Security Explorations successfully confirmed that a complete Java security sandbox bypass can be still be achieved under Java 7 Update 11 (JRE version 1.7.0_11-b21) by exploiting two new vulnerabilities discovered by the company’s researchers, Adam Gowdiak, the company’s founder, said Friday in a message sent to the Full Disclosure mailing list. The vulnerabilities were reported to Oracle on Friday, together with working proof-of-concept exploit code, he said.

According to Security Explorations‘ disclosure policy, technical details about the vulnerabilities will not be publicly disclosed until the vendor issues a patch.

To read this article in full or to leave a comment, please click here

Source: FULL ARTICLE at PCWorld

Articles of Interest

Video: Media Blackout: Secret Theater Shooting

Leave a comment

By Daniel Noe

“It brings back memories of the other theater shooting, and the elementary school shooting.” That’s what an eyewitness told MySanAntonio.com about a theatre shooting that occurred two days after the Sandy Hook Elementary School shooting in Connecticut and five months after the Batman movie massacre in Colorado. So why haven’t we heard about it before?

Related posts:

  1. Are Recent Shootings Really The Work Of “Lone Wolf” Gunmen? Ben Swann’s Full Disclosure looks at eyewitness accounts from the…
  2. Media Blackout: Oregon Mall Shooter Was Stopped By An Armed Citizen While the mainstream media is frenetically calling for the confiscation…

Source: FULL ARTICLE at Western Journalism