Skip to main content

Hey, HP laptop owners: click here to get hijacked

If you use a Hewlett-Packard laptop, chances are a hacker can hijack your machine simply by luring you to a malicious website.
The pwnage comes courtesy of "HP Info Center", which comes installed on most HP laptops, according to a post made Tuesday to Milw0rm.com. It turns out one of the ActiveX controls uses three insecure methods that leave users open to remote code execution and remote registry manipulation-based attacks.
The culprit is a component titled HPInfoDLL.dll, which by default is marked as "Safe for Scripting". It's at least the second critical flaw to be reported this year in an HP laptop, Ryan Naraine's Zero Day blog says.
There is no patch for the flaw at the moment, so the only way to block an attack is to exercise common sense. That means not clicking on suspicious links and installing an alternative to Internet Explorer, which is required for an exploit to work. In Firefox, using the NoScript extension is preferable. Other workarounds include manually settling kill-bit for a vulnerable ActiveX control, but that seems like overkill.The researcher offers this link to detect if an HP notebook is vulnerable, but we can't vouch for the safety of the link --Related hyperlinkshttp://www.theregister.co.uk/2007/12/12/hp_laptop_vuln/
Labels:

Popular posts from this blog

ALFA-­AWUS036H & ALFA-­AWUS050NH INSTALLING/UPDATING DRIVERS RTL8187, r8187, RT2800usb on UBUNTU

NOTE: For surfing Internet with ALFA-AWUS050NH on Ubuntu Jaunty with rt2870sta driver, you must use the Kernel "2.6.28-11-generic #42-Ubuntu", without change or updates the drivers modules. NOTE: The tutorial is not related to Ubuntu karmic. Driver RTL8187/Stacks-­mac80211 (ref. ALFA-­AWUS036h) ­- These drivers, for surfing Internet, are more stable than r8187, and fully compatible with Network-Manager 0.7 installed by default on Ubuntu 9.04. Network-Manager 0.7 installed by default on Ubuntu 9.04. ­- Supports all encryption without problems. (OPEN, WEP and WPA/WPA2) ­- With Compat-Wireless, the "injection" working, but for support “Fragmentation attack” (opt. -5) you need to install one patch. - The RX sensitivity and packets injection is less, related to drivers r8187. Driver r8187/Stacks-ieee80211 (ref. ALFA-AWUS036h) - This driver is recommended for use with the Suite of Aircrack-ng, but not particularly suitable for Internet connections, as less stable and disc...
Post a Comment
Read more

Sniffing SSL traffic using MITM attack / ettercap, fragrouter, webmitm and dnsspoof.

Before reading on this guide is for educational purposes only. I take no responsibility from what people do with this info. First thing is to get fragrouter. I don't know if you can use other tools provided with the backtrack, there are 100 ways to skin a cat and this is just my way. http://packetstormsecurity.nl/UNIX/IDS/nidsbench/fragrouter.html There are lots of things that you can do with fragrouter but we are going to use fragrouter to setup IP forwarding. We do this with this command : Code: fragrouter -B1Squash that window and put it to one side. Now open another shell and we will start dnsspoof with this command Code: dnsspoof -i ath0 (or whatever network interface you are using)Again put that window to one side and lets load up webmitm. Webmitm will issue our ssl cert to the victim so we can decrypt the traffic we capture. Start webmitm by typing Code: webmitm -dNow we can start the arp spoof. To start ettercap type Code: ettercap -T -M arp:remote /router addy/ /victim a...
Post a Comment
Read more

JoikuSpot Light v2.1 Beta S60v3 SymbianOS [Updated - 31st July '08]

JoikuSpot is FREE and SECURE Mobile HotSpot solution that turns Nokia phones to a WLAN HotSpot. JoikuSpot software is installed directly to the phone. When switched on, laptops and iPods can establish instant, secure and fast WLAN connection via smartphone's JoikuSpot HotSpot using phone's own 3G internet connection. Multiple devices can connect to JoikuSpot in parallel and seamlessly share the same 3G internet connection. You can use JoikuSpot to access internet e.g. on the train, car, sailing boat, summer cottage, hotel, while walking, or when at remote office...where ever you are! Release notes for JoikuSpot Light: -Landing page works with all operators -Encryption support with WEP including 128bit key generator -Battery threshold shutting down the client when battery level is too low -Default Access point setting -Support for secure SSH tunnels with Putty -MapSpot 1.0 support for GPS HotSpot location identification with external mapping services such as Google Maps All sett...
Post a Comment
Read more