| |||
|
|
||
|
|||
| |
|
Home > Security News > Security Bytes: Shockwave flaw fixed |
| |
|
|
|
|
| Security News: |
|
||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Macromedia Shockwave flaw fixed
Macromedia Shockwave is a multi-platform multimedia playback application that allows users to view interactive Web content from their browser. The San Jose, Calif.-based vendor said in an advisory that the flaw resides in the player's ActiveX installer. "During the installation process, malicious code on a Web site with Shockwave content could have taken advantage of a buffer overflow to allow the execution of arbitrary code," Adobe said. "For an attacker to exploit the vulnerability, users would have been directed to a page including malicious code that prompted the user to install Shockwave Player." Adobe said the ActiveX installer problem has been fixed. "Since the vulnerability occurs in the installer, no action needs to be taken by [Adobe customers]," Adobe said. "Customers downloading and installing the latest Shockwave Player are also no longer vulnerable with the updated Shockwave Player ActiveX installer." As an extra precaution, Danish vulnerability clearinghouse Secunia said, users should only install ShockWave Player directly from the vendor's Web site. McAfee employee data goes missing
The disc housed personal data on all current U.S. and Canadian McAfee workers hired before April 2005 and on about 6,000 former employees in the same region, MacDermott said. CNET News.com noted that the company has about 3,290 employees worldwide today. The data was not encrypted and potentially includes names, Social Security numbers and stock holdings in McAfee. "We notified our current and former employees last week and the week before," MacDermott said. "We have no reason to believe that any of the information has been accessed, and we are proactively protecting McAfee current and former employees with credit-monitoring services." Deloitte & Touche confirmed the data loss incident to CNET News.com, saying, "A Deloitte & Touche employee left an unlabelled backup CD in an airline seat pocket. We are not aware of any unauthorized access to this data in the two months since the CD was lost." McAfee has arranged for past and present U.S. employees to receive free services for up to two years from credit reporting agency Equifax. Similar arrangements are being made with a credit monitoring provider for Canadian employees. IT exec gets eight years for data theft
Between January and July 2003, the report said, Levine stole more than 1 billion records that included names, physical and e-mail addresses and phone numbers. The data belonged to Acxiom Corp., a firm that maintains a repository of personal, financial and company data, including customer information held for other companies, the news service reported. The DOJ said Levine used sophisticated decryption software to illegally obtain passwords and exceed his authorized access to Acxiom databases. So far, there is no indication that data stolen by Levine or others has been used in identity theft or credit card fraud schemes, the DOJ said. The news service reported that some of the data was resold to a broker for use in an advertising campaign.
|
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||
|
|||||||||||||||||||||||||||
| |||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||
