This Metasploit module exploits a stack-based buffer overflow vulnerability in BulletProof FTP Client 2010, caused by an overly long hostname. By persuading the victim to open a specially-crafted .BPS file, a remote attacker could execute arbitrary code on the system or cause the application to crash. This Metasploit module has been tested successfully on Windows XP SP3.
Monthly Archives: January 2015
Mandriva Linux Security Advisory 2015-005
Mandriva Linux Security Advisory 2015-005 – A NULL pointer dereference flaw was found in the way mod_dav_svn handled REPORT requests. A remote, unauthenticated attacker could use a crafted REPORT request to crash mod_dav_svn. A NULL pointer dereference flaw was found in the way mod_dav_svn handled URIs for virtual transaction names. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash.
EMC Documentum Web Development Kit XSS / CSRF / Redirection / Injection
Documentum Web Development Kit (WDK) and WDK-based clients contain cross site scripting, cross site request forgery, URL redirection, insufficient randomness, and frame injection vulnerabilities.
Ubuntu Security Notice USN-2451-1
Ubuntu Security Notice 2451-1 – Serge Hallyn discovered that cgmanager did not consistently enforce proper nesting when modifying cgroup properties. A local attacker in a privileged container could use this to set cgroup values for all cgroups.
Debian Security Advisory 3119-1
Debian Linux Security Advisory 3119-1 – Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this flaw, an attacker needs to be able to find a way to provoke the program into trying to make a buffer chunk larger than what will fit into a single size_t or off_t.
Boomers and Seniors Feel Technology Companies Talk Down to Them
AMSTERDAM and SAN FRANCISCO – January 6, 2014 – Over two fifths (43%) of those over 50 feel patronized by technology companies. So say the results of the latest study by AVG Technologies N.V. (NYSE: AVG), the online security company™ for 188 million active users, which surveyed almost six thousand people over the age of 50 about their technology habits and opinions as part of its ongoing AVG Digital Diaries research.
With CES kicking off this week in Las Vegas and many companies expected to launch their latest devices to what is an increasingly competitive market, the research highlighted that older customers can feel that they are treated as technologically illiterate by technology companies.
Further complaints among those who felt patronized related to technology companies talking down to them (39%) and treating all those over a certain age the same (32%). This treatment is far from justified, as only 16% of respondents labelled themselves as novice technology users while the majority (76%) ranked themselves as average users of tech.
The research, which provided further insights into the device and application use of those over 50, also highlighted some ongoing security and privacy concerns:
- 87% of respondents admitted to having some security and privacy concerns over their online activity
- 66% worry about the security of their data and files
- 44% worry about keeping their personal information private
“Technology companies should think hard before they risk isolating older customers,” said Judith Bitterli, Chief Marketing Officer at AVG Technologies. “This is an audience that is expanding, has more spending power and is actively using devices and apps. For example, our research found 83% use apps on their devices. While it is important to address their privacy and security concerns, this must be done in a manner that is considered, not condescending.”
Bitterli, who regularly blogs on tech topics for Boomers and Seniors on Now AVG, will share further insights from the study in her talk “The Privacy Fear Factor” at the 2015 CES Lifelong Tech Summit taking place at the Venetian today.
###
Note to Editors
Methodology:
AVG commissioned an online survey interviewing 5,907 respondents over the age of 50 to identify device ownership and usage, and attitudes towards technology in the following markets; Australia, Brazil, Canada, Czech Republic, France, Germany, New Zealand, the United Kingdom and the United States. Fieldwork was carried out during November 2014. The market research company Research Now carried out the fieldwork using its proprietary panels.
About AVG Technologies (NYSE: AVG)
AVG is the online security company providing leading software and services to secure devices, data and people. AVG has over 188 million active users, as of September 30, 2014, using AVG’s products and services including Internet security, performance optimization, and personal privacy and identity protection. By choosing AVG’s products, users become part of a trusted global community that engages directly with AVG to provide feedback and offer mutual support to other customers.
All trademarks are the property of their respective owners.
Judith Bitterli, Chief Marketing Officer
Contacts:
US
Katie Han
Waggener Edstrom for AVG
+ 1 (212) 551 4807
UK
Samantha Woodman
Waggener Edstrom for AVG
+ 44 (0)20 7632 3840
Handling The Problems In Biometrics
This paper describes some of the common problems faced in biometrics and possible solutions to these problems.
Pirelli Router P.DG-A4001N WPA Key Reverse Engineering
This is proof of concept code that demonstrates reverse-engineering of the default WPA key generation algorithm used in ADB broadband Pirelli routers in Argentina. Model P.DG-A4001N is affected.