Today Microsoft have released an emergency out-of-band update (2965111) to fix a zero day publicly disclosed vulnerability in Internet Explorer (Microsoft Security Advisory 2963983). The vulnerability could allow remote code execution if a user views a specially crafted webpage using an affected version of Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.
This security update is rated Critical for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers.
More info about the fix here: MS14-021 :Security update for Internet Explorer: May 1, 2014 The advance notification of the update lists Windows XP as among the affected platforms, indicating that it will be among the platforms patched, in spite of its support period ending weeks ago.
Users with Automatic Updates enabled do not have to do anything, although running Windows Update will apply the fix immediately.
Like me you have a fancy and expensive International Samsung Galaxy Note 3 SM-N9005 that conform specifications should be LTE/4G capable and nevertheless no LTE/4G ? It’s probably making you angry and mad, I assume you damn Sammy (again) for delivering a mobile phone that doesn’t do what it should do. Of course you have installed Android KitKat 4.4.2 but still no LTE option available via Start Screen > Apps > Settings > More Networks > Mobile Networks > Network Mode.
Normally in that Network Mode menu should be following options visible/available:
– LTE/WCDMA/GSM (auto connect)
– WCDMA/GSM (auto connect)
– WCDMA Only
– GSM only
At the moment the mentioned “LTE/WCDMA/GSM (auto connect)” option is missing you have a problem, you aren’t able to use LTE/4G. Don’t worry. there are several solutions/fixes to solve the lack of LTE/4G. Keep in mind that the solutions will only work with a rooted phone (up to you to take the risk of rooting, you will lose probably phone-guarantee because Knox counter will be tripped and security-wise there are also reservations).
The solutions (again, keep in mind my reservations about rooting your phone):
1. Change with a root explorer of your choice (e.g. Root Explorer, Solid Explorer or EF File Explorer) the value “false” in file persist.radio.lteon into “true” by way of build-in text editor of the root explorer. The file is located in root/data/property. Be sure permissions of persist.radio.lteon are set to rw, after altering the file save the file and make it read-only. Reboot your phone, now you will see and be able to pick the option “LTE/WCDMA/GSM (auto connect)” in Network Mode menu. Important: before altering ANY file on your phone be sure you have a copy of the original, unaltered file!!! Advantage of this solution: even after a phone reboot the option “LTE/WCDMA/GSM (auto connect)” will remain visible/activated.
2. When you are afraid or not tech-savvy enough to alter phone files you can download “Advanced Signal Status” on Google Play. Start the app, go into Advanced Info located on bottom of the app and subsequent choose LTE/GSM/CDMA auto (PRL) in the first sub-menu of Advanced Info. In phone Network Mode menu option “LTE/WCDMA/GSM (auto connect)” will still not be visible but nevertheless you will be able to use LTE/4G. Disadvantage of this solution will be that after every phone reboot you have to start “Advanced Signal Status app” and reactivate LTE/GSM/CDMA option.
Please remember that LTE/4G will only work in area’s with LTE and your phone data-plan includes the use of LTE. Good luck and have fun!
Regrettably I have to tell you that Smokey’s Security Forums isn’t ‘Site Member ASAP – Alliance of Security Analysis Professionals’ anymore, reason is simple: ASAP died.
I want to express my thanks to all the people dedicated to ASAP, this includes common and VIP-members as well ASAP Counsel and Site Owners.
A special Thank You to Corrine, (former) ASAP Secretary, she was the one keeping ASAP alive till the unavoidable happened.
It’s obvious that countless people are very disappointed that Microsoft has substitute MSN (Live) Messenger by Skype, most people just want to chat and don’t need all the whistles and bells of Skype at all.
Past days Messenger users received one of following messages:
A newer version is available. You must install the newer version in order to continue. Would you like to do this now?
A newer version has been downloaded and is available. You must install this newer version in order to continue. Would you like to do this now?
This is just an ordinary Microsoft attempt to force MSN Messenger users to what Microsoft is calling an ´upgrade´ to Skype, majority of the MSN Messenger users see it entirely different and are pissed they are not able anymore to use Messenger, the ´upgrade´ is a nightmare to them.
Don´t worry and be happy again, there´s a nice little piece of software that will allow you to use Messenger again: Messenger Reviver 2 by Jonathan Kay. I have tested the software on multiple PC’s and it will do what it promise: getting MSN (Live) Messenger back. To reach the aim of getting Messenger back, Messenger Reviver 2 will make some changes to your computer. These changes are harmless and can’t hurt your PC so use it without any risk.
Some info about Messenger Reviver 2 (grabbed from author’s weblog)
Messenger Reviver 2 automatically installs, repairs and/or modifies Windows Live Messenger 2012, 2011, 2009, and 2008 as well as Windows Messenger to continue signing in despite being blocked by Microsoft.
Reviver 2 supports modifying all language versions and can automatically install either 2009 or 2012 versions in 47 different languages.
Reviver will automatically attempt to detect if Messenger is still installed, which versions are eligible for modification and if you need to run a repair or new installation to bring Messenger back (if Skype has removed it).
Windows XP, Windows Vista, Windows 7 or Windows 8.
.NET Framework 2.0 or higher (included with Windows Vista or newer), .NET 3.5 or 4.0 recommended
To revive Messenger, click Start in the Messenger Reviver 2 Screen and the process will automatically modify Messenger and restart it.
If Windows Live Essentials is not installed, you will presented with options to either install Messenger 2009 or 2012 in the language of your choosing. Reviver will attempt to guess which language you prefer based on your prior Windows and Essentials language settings.
Additionally if Essentials is still installed, but Skype has removed it, you will be offered to just repair your Essentials install.
If you wish to do a manual re-install or repair, you can select these options by clicking the Advanced button and choosing the function you would like.
I want to make clear again that the use of Messenger Reviver 2 will not damage your PC. Also that you have to say ‘Thank You’ to the author of the application, Jonathan Kay. His weblog and Reviver Support can be found here.
Downloadlinks Messenger Reviver 2 (0,5 MB, zipped)
Please report broken links, thanks in advance!
ExynosAbuse Exploit: obtaining root on Exynos4 based Samsung Android devices without ODIN flashing, malicious apps will be able to gain total control over the device by gaining root without asking and without any permissions on a vulnerable device.
Source: XDA Developers (alephzain, Chainfire)
Samsung solution status: unfixed
– Samsung Galaxy S2 GT-I9100
– Samsung Galaxy S3 GT-I9300
– Samsung Galaxy S3 LTE GT-I9305
– Samsung Galaxy Note GT-N7000
– Samsung Galaxy Note 2 GT-N7100
– Samsung Galaxy Note 2 LTE GT-N7105
– AT&T Galaxy Note 2 SGH-I317
– Verizon Galaxy Note 2 SCH-I605
– Samsung Galaxy Tab Plus GT-P6210
– Samsung Galaxy Note 10.1 GT-N8000, GT-N8010, GT-N8013, GT-N8020
Note: Google Nexus 10 not vulnerable, Exynos5.
Temporary patch (provided by Chainfire): http://forum.xda-developers.com/showthread.php?t=2050297
Note: Chainfire requested not to redistribute the patch, instead please link to http://forum.xda-developers.com/showthread.php?t=2050297
Update Dec 20 2012
Official Samsung Statement Exynos kernel vulnerability issue (in full)
“Samsung is aware of the potential security issue related to the Exynos processor and plans to provide a software update to address it as quickly as possible.
The issue may arise only when a malicious application is operated on the affected devices; however, this does not affect most devices operating credible and authenticated applications.
Samsung will continue to closely monitor the situation until the software fix has been made available to all affected mobile devices”
I will only mention Chainfire’s fix. It’s the only one that is secure. Both Supercurio’s and RyanZA’s method leave you with easily exploitable holes any serious malware author will abuse.
About Chainfire’s fix
Chainfire: “This is an APK that uses the ExynosAbuse exploit (by alephzain) to be able to do various things on your Exynos4 based device.
Features for non-rooters:
– Securely patch the exploit
Features for rooters:
– Root the device (SuperSU v0.99)
– Enable/disable the exploit at will
– Enable/disable patching the exploit at boot
– Unroot and cleanup (optionally leaving the exploit patch at boot in place)
Please note that patching the exploit may break camera functionality, depending on device and firmware. Also note that if use the patch method without rooting, or keep patching the exploit at boot enabled when unrooting, you need an alternate method to re-root the device to disable this feature (like CF-Auto-Root) – you cannot use ExynosAbuse to do this since it patched the exploit. Unlike other patch authors, I do not believe in keeping an invisible rooted process running in the background while pretending you aren’t rooted, to be able to unpatch this way.
While the exploit patches work (aside from possibly disabling your camera), these are more work-around than actual fixes. A proper patch would be a kernel fix, either from a third party or Samsung themselves”
Download the fix here: http://forum.xda-developers.com/showthread.php?t=2050297
Note: please do not redistribute the fix!
Internet Explorer 6 was released on August 27, 2001 so the browser is now 10 years old. Despite numerous campaigns to dissuade further use of IE6, 9% of the world is still using IE6 as browser.
The web has changed significantly over the past 10 years, regrettably IE6 not. It can’t handle new web technologies and is highly insecure. Besides, performance is really bad and there are also severe rendering issues.
It’s obvious that most of IE6 (corporate) users and IT Organizations aren’t interested at all to upgrade to a modern browser like IE8/IE9 or to use e.g. Opera 11, Firefox 7 or Chrome 15 browser instead. I know their argumentation to well however I can’t take it seriously anymore. Especially not because IE6 is End of Life (EOL) and the problems with the browser are on the rise.
Considering the never ending argumentation as well all con’s to use an outdated, insecure IE6 instead of a modern and safe browser, Smokey’s Security Forums will drop support for IE6 and will take the ultimate consequence by DENYING SITE ACCESS TO IE6 USERS STARTING 2012-01-01.
Sirte, Libya, October 20, 2011
According to the Libyan National Transitional Council (NTC), today former Libyan dictator Moammar Kadafi succumbed to gunshot wounds in his head and his legs. After his capture in Sirte, Libya, he was in critical condition carried off with an ambulance.
Kadafi was in a convoy trying to flee Sirte. NATO would have bombard the convoy. The death of the former dictator was confirmed by the Libyan top official Abdelmajid of the National Transitional Council.
U.S. President Barack Obama’s statement on Kadafi’s death:
“Today, the government of Libya announced the death of Moammar Gadhafi. This marks the end of a long and painful chapter for the people of Libya, who now have the opportunity to determine their own destiny and a new and democratic Libya. For four decades, the Gadhafi regime ruled the Libyan people with an iron fist. Basic human rights were denied, innocent civilians were detained, beaten and killed, Libya’s wealth was squandered. The enormous potential of the Libyan people was held back, and terror was used as a political weapon,. Today we can definitively say that the Gadhafi regime has come to an end. The last major regime strongholds have fallen. A new government is consolidating control over the country. One of the world’s longest serving dictators is no more.
“One year ago, the notion of a free Libya seemed impossible, but then the Libyan people rose up and demanded their rights. And when Gadhafi and his forces started going city to city, town by town to brutalize men, women and children, the world refused to stand idly by. Faced with the potential of mass atrocities and a call for help from the Libyan people, the United States and our friends and allies, stopped Gadhafi’s forces in their tracks. A coalition that included the United States, NATO and Arab nations persevered through the summer to protect Libyan civilians. Meanwhile, the courageous Libyan people fought for their own future and broke the back of the regime.
“This is a momentous day in the history of Libya. The dark shadow of tyranny has been lifted, and with this enormous promise, the Libyan people now have a great responsibility: to build an inclusive, tolerant and democratic Libya that stands as the ultimate rebuke to Gadhafi’s dictatorship. We look forward to the announcement of the
Country’s liberation, a quick formation of an interim government, and a stable transition to Libya’s first free and fair election. And we call on our Libyan friends to continue to work with the international community to secure dangerous materials and to respect the rights of all Libyans, including those who’ve been detained.
“We are under no illusions. Libya will travel a long and winding road to full democracy. There will be difficult days ahead. But the United States, together with the international community, is committed to the Libyan people. You have won your revolution. Now we will be a partner as you forge a future that provides dignity, freedom and opportunity. For the region, today’s events prove once more that the rule of an iron fist inevitably comes to an end. Across the Arab world, citizens have stood up to claim their rights. Youth are delivering a powerful rebuke to dictatorship. And those leaders who try to deny their human dignity will not succeed.”
Update 10-20-2011: according to the News Channel al-Arabiya is the body of Kadafi transferred to the city of Misurata.
Update 10-20-2011: Anees al-Sharif, spokesman for Tripoli’s military council, said Gadhafai’s son Muatassim and his chief of intelligence, Abdullah al-Senussi, also were killed.
Update 10-20-2011: statement U.S. President Barack Obama on Kadafi’s death.
(CNN – May 2, 2011) — Osama bin Laden, the mastermind of the worst terrorist attacks on American soil, is dead, officials said — almost 10 years after the attacks that killed about 3,000 people.
The founder and leader of al Qaeda was killed by U.S. forces Monday in a mansion in Abbottabad, north of the Pakistani capital of Islamabad, along with other family members, a senior U.S. official told CNN.
In an address to the nation Sunday night, U.S. President Barack Obama called bin Laden’s death “the most significant achievement to date in our nation’s effort to defeat al Qaeda.”
“Today, at my direction, the United States launched a targeted operation against that compound in Abbottabad, Pakistan,” Obama said. “A small team of Americans carried out the operation with extraordinary courage and capability. No Americans were harmed. They took care to avoid civilian casualties. After a firefight, they killed Osama bin Laden and took custody of his body.”
To satisfy the curiosity of many people, here the location of Osama bin Laden’s compound on Google Maps. The compound is located at 34°10′9″N 73°14′33″E, 2.5 miles (4 km) northeast of the center of Abbottabad and three-quarters of a mile (1.3 km) southwest of the Pakistan Military Academy (PMA).
Expect a flurry of e-mails, and likely black hat search engine operations trying to take advantage of the event to distribute malware. Be aware for the dangers of emails proclaiming to have information and searching for websites about his death. If you look-out for news about the death of Bin Laden and related issues, please only visit trusted news sites, also don’t click blindly on images related to the news.
Update May 2: there are reports the Bin Laden death scams are already all over Facebook.
Update May 3: malware is found on numerous sites optimized to show up on Web searches related to the event, also in scams on social networks like Facebook, Twitter & Co.