Adobe issued a new security advisory yesterday, warning of a critical vulnerability (CVE-2010-2884) in several of its products, including Flash Player 10.1.82.76 and earlier versions for Windows, Mac, Linux, and Solaris, as well as Flash 10.1.92.10 for Android. The bug also affects Adobe Reader 9.3.4 for Windows, Mac, and Unix, along with Adobe Acrobat 9.3.4 and earlier on Windows and Mac.
The company has received reports that Flash users on Windows have been attacked, but there is no word of Adobe Reader or Acrobat being exploited in the wild - at least not yet anyway. Adobe is rushing to get a patch out for Flash on all the mentioned platforms, and that's due sometime during the week of September 27. Reader and Acrobat won't be fixed until the following week of October 4.
============================================================
HDCP master key leak could help kill DRM
The HDCP master key, which permanently unlocks the DRM protocol on Blu-ray players, set-top boxes, and displays with HDMI inputs, was supposedly leaked by Twitter user IntelGlobalPR (via Engadget). If the key is indeed legitimate, there could be major consequences for the film industry since HDCP is built into the HDMI spec.
"Master HDCP key released: http://bit.ly/aM84GD (please mirror and RT!) #drm #hdcp #defectivebydesign," the tweet exclaims with a link to a Pastebin page that describes the key as "a forty times forty element matrix of fifty-six bit hexadecimal numbers."
Most legally purchased HD content currently requires HDCP DRM technology to play. HDCP DRM works by embedding keys to encrypt and decrypt protected data in the devices and ports; both the input (say a Blu-ray player) and the output (say an HDTV) need to be compliant. The technology allows for banning individual HDCP keys in the event that they're compromised, but this master key would let anyone to create their own source and sink key, thereby permanently bypassing the DRM protocol. In other words, users could play high-quality pirated content and the authorities would not be able to throw the kill-switch via another firmware update.
It's still not clear whether the key is indeed legitimate, and if so, how it was found. It has been proposed, however, that as few as 50 keys to different devices could let one find the master key via reverse engineering (but a straight out leak is also possible). Still, for now it means that only those technically competent enough to flash the firmware of HDCP compliant devices could render their protection ineffective.
============================================================
Scammers create 57,000 new bogus pages every week
Scammers are trying harder than ever to trick unsuspecting users with fake websites, according to a new study by PandaLabs. The security firm estimates that cybercriminals create around 57,000 new pages every week and use SEO techniques to position them well on search engines, inevitably luring people to click through and execute malicious code or enter login credentials.
PandaLabs found that 65% of bogus sites target online bankers and 27% go after online shoppers. Another 2.3% pose as sites from other financial institutions and 1.9% look like government organizations. Here's a top 10 breakdown of the most impersonated brands:
1. eBay 23.21%
2. Western Union 21.15%
3. Visa 9.51%
4. United Services Automobile Association 6.85%
5. HSBC 5.98%
6. Amazon 2.42%
7. Bank of America 2.29%
8. PayPal 1.77%
9. Internal Revenue Service 1.69%
10. Bendigo Bank 1.38%
No comments:
Post a Comment