This is not the biter is the sprinkler soaked up to his neck in drowning. There are some days, the researcher Tavis Ormandy Security Google got its hands on a huge security vulnerability in Trend Micro antivirus, to remotely hack the computer where it was installed.
Since a website, an attacker could execute arbitrary code without requiring interaction from the user. For example: install a malware, uninstall the antivirus, erase the hard drive, etc. He could also recover plain all web identifiers stored in the password manager of Trend Micro. To carry out these attacks, it was sufficient that the user clicks on a booby-trapped web link. That’s all.
The worst part is that this flaw was not difficult to find. Tavis Ormandy says putting “exactly 30 seconds” to complete execution of arbitrary code remotely. The problem is in the password manager of Trend Micro. It is written in Javascript and freely accept a lot of queries through an application programming interface (API) remarkably poorly written. Tavis Ormandy According to “nearly 70 API” were accessible from the web. They included, inter alia, the copy of the database of passwords as well as its distance to decryption. Rarely piracy will have been so easy!
And that’s not all. Incidentally, Tavis Ormandy discovered that the onboard navigator Trend Micro, called “Secure Browser” is actually an old version of Chromium (41) in which the sandbox – a basic security feature in browsers – was disabled by default. “It’s the most ridiculous thing I’ve ever seen” , said the security researcher. Very polite in his replies, publisher Trend Micro has obviously recognized his mistakes. He has released a patch that is highly recommended to download
.
Gilbert Kallenborn
Reporter
<- pub -> <- /> pub ->
‘)!; // cross-browser addListener var listener = function (obj, eventName, listener) {if (obj.addEventListener) obj.addEventListener (eventName, listener, false); obj.attachEvent else (“on” + eventName, listener); }; onAdPlayerReady function (evt) {var adPlayer vp_inpage.getAdPlayer = (); console.log (vp_inpage.getAdPlayer ()) adPlayer.addEventListener (‘mouseover’, function () {vp_inpage.setVolume (1);}, false); adPlayer.addEventListener (‘mouseout’, function () {vp_inpage.setVolume (0);}, false); } // When ad player is ready addListener (document, “AdLoaded” onAdPlayerReady); } $ (‘.nav-Left’) mouseenter (function () {$ (‘.art-left’) show ();.}). $ (‘.nav-Left’) mouseleave (function () {$ . (‘.art-left’) hide ();.}) $ {$ (‘.art-right’) show () (‘.nav-right’) mouseenter (function (.).}) $ (‘ .nav-right ‘) mouseleave (function (). {$ (‘ .art-right ‘) hide ();.})});
No comments:
Post a Comment