VLC Player Not Safe !

Among all the media players that are available on the market, VLC is known to be one of the best for two reasons. First, it comes with a wide variety of video codecs, thus being the ideal tool for opening any file format, and second, it is free. Some philosopher from olden days said wine should have three qualities: it should come in large quantities, it should be good and it should be free. The analogy needs not be written.

The ‘perfect’ status of the player is, however, flawed, because of the security liabilities it was discovered to have in its latest versions. The vulnerabilities can be exploited by remote parties and leave the PC running VLC open to arbitrary code running, according to Secunia’s Luigi Auriemma.

Getting down to the nitty-gritty, the problem occurs whenever a subtitle file is loaded into the player, this action causing a buffer overflow easily exploited by mal intended individuals. Don’t be comfortable behind your Mac or Linux screen, used to most of the problems affecting the Windows Operating System, this vulnerability is platform independent, so beware!

The liability was first reported with the 0.8.6d version and the developers took it onto themselves to patch it up right away. Or at least that was the plan, the 0.8.6e version was supposed to be bug-free but it actually isn’t, although work was clearly done. Two fixes have come, first the format string error in the web interface listening on port 8080/tcp was resolved, and the "ParseMicroDvd()" boundary error was removed, but there are two other similar left and they’re rated Highly Critical by Secunia. Boundary errors in the "ParseSSA()", and "ParseVplayer()" functions when handling subtitles can be exploited to cause stack-based buffer overflows.

The solution, Luigi Auriemma says, is that everybody update to 0.8.6e and do not process untrusted subtitles using the VLC player.

Source: news.softpedia.com

Continue Reading >>>>>

Norton Antivirus Now Protects Yahoo Messenger

Yahoo Messenger 9 is expected to bring a totally new chating experience to all its fans out there and the Sunnyvale company really struggles to reach this goal.
Following the recent implementation of several new functions (embeddable clips displayed straight into the YM window, new contact list and others), the folks at Yahoo rolled out a brand new security function of the Yahoo Messenger users: automatic file scanning for consumers of Norton Antivirus 2007/2008 and Norton Internet Security 2007/2008, all of them for the Windows operating system.

The interoperability means that every time a user who installed one of the mentioned Symantec software solutions receives a file on Yahoo Messenger, it is automatically scanned in the background and, in case there's something dangerous, the access/execution is blocked. With a continuously growing number of computer infections attempting to spread themselves on instant messengers, this function should be expanded to other security vendors in order to protect a wider segment of users.

Please note that this auto-scanning functions only works with Norton Antivirus 2007/2008 or Norton Internet Security 2007/2008 and Yahoo Messenger 9.0.0.222 Beta or above.

"Chat is a great way to spontaneously get photos or other files from friends and family. It’s also an easy way to inadvertently get a virus or spyware onto your computer. Yahoo engineered Yahoo IM 9.0 with special antivirus integration capabilities. Symantec responded immediately by partnering with Yahoo to deliver a new, tighter level of integration between Yahoo IM 9.0 and Norton Internet Security 2007/2008 and Norton AntiVirus 2007/2008. Norton is the first and only antivirus software to take advantage of this new feature of Yahoo IM," the official page of the Symantec/Yahoo Messenger deal reads.

Source: news.softpedia.com

Continue Reading >>>>>