ruder's blog - 部落格- 洋葱圈

Home

RSS阅读

部落格

ruder's blog

Fun: Crash Google Chrome Again
喔唷,崩溃啦!，我也来凑个数吧:) （汗，谁帮我搞定怎么显示html代码。。。）

http://ruder.cdut.net/attach/Googl ... hrome_crash_fun.html

程序代码： [ 复制代码到剪贴板 ]
[table id="obj"]
[script]
obj.createTFoot();
obj.deleteTFoot();
obj.focus();
obj.insertRow();
obj.insertRow();
[/script]

If you are using Softice, you will receive the following crash:
[Advisory]MS Messenger Remote Illegal Access Vul
Microsoft Windows Messenger Remote Illegal Access Vulnerability

by cocoruder(frankruder_at_hotmail.com)
http://ruder.cdut.net

Summary:

    A remote illegal access vulnerability exists in Microsoft Windows Live Messenger. A vicious attacker can control the Live Messenger via constructing a malicious web page, once the victim visits this page, the attacker can control the local Live Messenger, including disclosing personal sensitive information of Live Messenger, transferring local audio and video information to remote and so on.

Affected Software Versions:

    Microsoft Windows Live Messenger 4.7 on Windows XP and Windows Server 2003
    Microsoft Windows Live Messenger 5.1 on Windows 2000, Windows XP and Windows Server 2003


Details:

    When installing Windows XP, an old edition of MSN Messenger is installed automatically. The old edition opens the MSN API to develop as an ActiveX Control, and marks it with "safe".

    By using this ActiveX Control, we can control the local MSN Messenger, for instance: change state, gain current login ID, steal contact-person's information, send mail using the victim's name, and so on, all of these functions given by this feature can be considered to be security problems.

    Even the user installs a higher edition of MSN Messenger(Windows Live Messenger), this ActiveX control will not be removed. By using this we will still be allowed to visit the local Live Messenger.

Solution:

    Microsoft has released an advisory for this vulnerability which can be found at:

    http://www.microsoft.com/technet/security/bulletin/ms08-050.mspx

CVE Information:

    CVE-2008-0082

Disclosure Timeline:

    2007.05.31        Vendor notified
    2007.05.31        Vendor responded
    2008.XX.XX        Advisory delayed by the vendor many times
    2008.08.12        Coordinated public disclosure

--EOF--
上图
在国内没买到相机，这里相机又太贵了，将就用N73拍了几张～

机场，北京

附近house

中间那个是门:P

中间那栋高楼即是Metrotower，电线横飞～

无人驾驶的SkyTrain

Metropolis at MetroTown, BC省最大的购物广场

街头

丽晶广场&Hilton饭店。中间黄色的报纸箱。

香港庙街？

Free的草皮足球场，这个显示了资本主义的优越性

--to be continued...
[Advisory]RealPlayer Illegal Resource Reference
RealNetworks RealPlayer ActiveX Illegal Resource Reference Vulnerability

by cocoruder(frankruder_at_hotmail.com)
http://ruder.cdut.net

Summary:

    An illegal resource reference vulnerability exists in the ActiveX Control of RealNetworks RealPlayer. For exploiting the vulnerability, the attacker may build a special web page and entrap the victim into visiting it, if the local system has installed RealPlayer, the local resources (or any other illegal resources) will be accessed. This vulnerability may assist in exploitation of other vulnerabilities.

Affected Software Versions:

    RealPlayer 10.6 and previous versions
    (other versions may also be affected)

Details:

    Currently there is no details released.

Solution:

    The vendor has fixed this vulnerability, the vendor's advisory is available on:

    http://service.real.com/realplayer/security/07252008_player/en/

CVE Information:

    CVE-2008-3064

Disclosure Timeline:

    2006.12.19        Vendor notified
    2006.12.20        Vendor responded
    2008.07.23        Notified by the vendor that patch and advisory were coming
    2008.07.25        Vendor's advisory released
    2008.07.29        Advisory released

--EOF--
抵达Vancouver
太累了，整个脑子昏沉沉的，很多东西还难适应，有时间上图给大家哈。