March 28, 2024, 07:16:04 PM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: NEW CHILD BOARD CREATED IN THE POLITICAL SECTION FOR THE 2016 ELECTION
 
   Home   Help Login Register  
Pages: 1   Go Down
  Print  
Author Topic: Challenges with Scared Monkeys logging in etc  (Read 4367 times)
0 Members and 1 Guest are viewing this topic.
IBE
Monkey Junky
***
Offline Offline

Posts: 3554



« on: January 04, 2007, 05:21:12 PM »

I am starting this topic for many Monkeys have made postings of various problems they are having when logging on, posting, with the radio broadcasts, and various other areas dealing with the Scared Monkeys' site.

Some knew to email Tom, some didn't so I thought a dedicated Thread would be a place to deal with it for Monkeys to check in and for Tom also.

This way we will get ideas from all and be able, I hope, to decided whether it is our browsers, or an applet, java or QuickTime or just a full moon Laughing  Laughing

Of course, like the small print on medicines... consult your "computer doctor"  Laughing  for all of us are just volunteers and friends... although we do have some mighty smart Monkeys!
Logged

Freedom is not free: it also takes ethics, character, accountability, responsibility and courage! Freedom for Scared Monkeys: donate to Red's legal fees.
IBE
Monkey Junky
***
Offline Offline

Posts: 3554



« Reply #1 on: January 04, 2007, 06:09:01 PM »

OK here are some of my challenges lately here:

I click on the link to post a reply and get back to the main menu. Or after I post one time it takes me back there. This happens in both browsers.. Safari and Netscape so when it happens I have to switch browsers to post again and back and forth.

Yes, I know, use Firefox! but it's having bugs now too. IE always had them IMO. Netscape lets me see what sites are loading into the page in the bottom margin and I like that for then I can see them loading in.

I erase all my cookies and cache each session and sometimes mid=session when I remember. This used to be the catch=all of help, but doesn't seem to help as much lately.

Also, I get like some of you have posted... a message in 4 languages to reboot my computer.. when I try to log onto Scared Monkeys site... last night it froze my computer.

Have noticed, since I use two browsers here... that I can cut/paste and use the links above here ie: for bold, quote etc. but in Safari I have to manually put them in.

I run a firewall both for dial up and WiFi and have netscape set to show certificates. Certifcates... a message pops up on my screen and tells me if the URL it is going into isn't the registered one or some thing like that. I found the choice in the Preferences section. I don't know if other browers have it, but would think so.

Anna you posted about QuickTime putting us into sites and getting info we didn't plan on them getting. Maybe setting preferences to show Certificates would help. I hope Smarter Monkeys than I will log in and tells us here.

I looked at your French site that posted the bug. This bug had already been addressed by Apple and java Tues, I think, and I posted the patches and why on our Thread but it went down right after. I haven't saved the info but will go back and get it and post it here.

If I remember correctly it was a java programming applet that the baddies were using and putting into QuickTime to get un authorized info and you on sites you didn't know. It was called a worm, but the Apple geeks on a blog were calling it a phishing scam.. who knows.. anyway it was not good!

This was a big mess, I understand, for thousands using MySpace.
Firefox has posted some new bugs and of course so has IE.. you can tell I am not an IE fan!

We all have problems when the Web programmers program their pages for just one browser, usually IE. Those of us that use other browsers are in the minority but usually have good reasons to do so. Laughing

Will find the info I posted and put the links here.

Some of us have emailed Tom and I think it would be helpful if we have this Thread for him to see. IMO challenges are happening more often lately and we just never tell anyone, for we think we are the only ones it's happening to.

Thanks... IBE

PS.. suggestions that I don't always follow... keep your OS up to date. I personally haven't for I still like the security of the old one (Mac) and usually wait until they have version .1 or .2 out. Plus I don't want to learn a new one at the moment!

Keep QuickTime updated for your OS version and read the notes to see if you really want to updated, remember the Internet data flow in packets all over the place.. therefore, your dial up will buffer up then play, then buffer up etc when using 56k modem and listening live to something. I would guess on DSL and WiFi it would be in really real streaming time.

Subscribe to security alerts from places like Symantic, CERT, Purdue, your browser and OS system companies. Yeah.. like I do  Embarassed
Logged

Freedom is not free: it also takes ethics, character, accountability, responsibility and courage! Freedom for Scared Monkeys: donate to Red's legal fees.
Carnut
Monkey Junky
***
Offline Offline

Posts: 3882


« Reply #2 on: January 04, 2007, 06:20:36 PM »

Firefox has fewer bugs than any other browser choice.

Firefox is safer than any other browser choice.

Firefox can show the link info at the bottom of the page if you configure it to do so.

Once you 'submit' a post and see the message that the post was received, hit the back button twice and then do a refresh and you should see your new post and still be on the page you had been on.
Logged
IBE
Monkey Junky
***
Offline Offline

Posts: 3554



« Reply #3 on: January 04, 2007, 06:31:10 PM »

Thanks Carnut Wit all the snow.. was afraid you were stranded!
Logged

Freedom is not free: it also takes ethics, character, accountability, responsibility and courage! Freedom for Scared Monkeys: donate to Red's legal fees.
IBE
Monkey Junky
***
Offline Offline

Posts: 3554



« Reply #4 on: January 04, 2007, 06:33:35 PM »

Will download Firefox when I get downtown to WiFi otherwise it takes all night Laughing  Thanks
Logged

Freedom is not free: it also takes ethics, character, accountability, responsibility and courage! Freedom for Scared Monkeys: donate to Red's legal fees.
IBE
Monkey Junky
***
Offline Offline

Posts: 3554



« Reply #5 on: January 04, 2007, 07:01:07 PM »

Here are the articles I had downloaded and posted the info on the Thread that went down.. hope I didn't do it! I have added the bold print for faster reading, I hope!

Anna I put the first article here from summer 2006 for it starts to take about the flaws;

This month there is a group exploring all the flaws that might be in Apple so we will hear more soon.

 (c|net logo goes here)   http://www.news.com/
Apple patches QuickTime for Macs, Windows   By Joris Evers
http://earthlink.com.com, earthlink.com.com/Apple+patches+QuickTime+for+Macs%2C+Windows/2100-1002_3-6115076.html

 Story last modified Wed Sep 13 06:24:04 PDT 2006

Apple Computer on Tuesday released an update to its QuickTime media player software that fixes seven security flaws, all of them serious.

 The QuickTime vulnerabilities affect both Windows and Apple Mac OS X machines. Apple's update comes on the same day the company announced new digital music and video plans. Also, Microsoft on Tuesday released fixes for Office and Windows flaws.

 The security flaws in QuickTime are all due to the application's failure to properly check and sanitize files in several formats: H.264, QuickTime, FLC, FlashPix and SGI. An attacker could craft a malicious file in any of those formats which, when opened, would fully compromise a vulnerable system or cause QuickTime to crash.

"A successful exploit may result in a remote compromise of the underlying computer," Symantec said in an alert sent to users of its DeepSight security intelligence service.

 There are no known exploits for the flaws, Symantec said. This limits the threat. Apple regularly provides security updates for QuickTime, and often the flaws are in the handling of various file formats. Experts have said that cyberattackers are increasingly looking for flaws in applications.

 Apple repaired the flaws in version 7.1.3 of QuickTime, which is available via the company's Software Update service and frm the QuickTime Web site. (from IBE.... new article below)
Copyright ©1995-2007 CNET Networks, Inc. All rights reserved.

Next article from yesterday
http://earthlink.com.com, earthlink.com.com/QuickTime+zero-day+bug+threatens+Macs%2C+PCs/2100-1002_3-6146615.html
 http://www.news.com/

QuickTime zero-day bug threatens Macs, PCs By Joris Evers
http://earthlink.com.com, earthlink.com.com/QuickTime+zero-day+bug+threatens+Macs%2C+PCs/2100-1002_3-6146615.html

 Story last modified Wed Jan 03 05:59:40 PST 2007
A newly disclosed security vulnerability in Apple Computer's QuickTime software could put both Macs and Windows PCs at risk of cyberattacks, experts have warned.

 The publication on Monday of the vulnerability and detailed attack code kicks off the "Month of the Apple Bugs" project, which promises to feature a new Apple software bug each day in January.
The QuickTime vulnerability relates to how the media player software handles the Real Time Streaming Protocol, or RTSP, according to an advisory published on the Month of the Apple Bugs Web site. An attacker could create a special RTSP string in a rigged QuickTime file that would cause a buffer overflow, according to the advisory.

 "The risk is having your system compromised by a remote attacker, who can perform any operation under privileges of your user account," said LMH, the alias of one of the two security researchers behind the Month of the Apple Bugs. "It can be triggered via JavaScript, Flash, common links, QTL files and any other method that starts QuickTime."

 The vulnerability affects QuickTime 7.1.3, the latest version of the media player software released in September, on both Apple Mac OS X and Microsoft Windows, according to the Month of the Apple Bugs advisory. Previous versions could also be vulnerable, according to the advisory.

Here's the ref. to what Anna posted:
 Security-monitoring companies Secunia and the French Security Incidence Response Team, or FrSIRT, rate the QuickTime flaw as "highly critical" and "critical," respectively.

 In response to the publication of the QuickTime flaw, Apple spokesman Anuj Nayar said the company always welcomes feedback on how to improve security on the Mac, a standard company statement. Nayar did not comment on the specifics of the flaw or provide any indication of when Apple may deliver a patch.

QuickTime users can protect themselves against the vulnerability by disabling support for RTSP. The SANS Internet Storm Center, which tracks Internet threats, provides instructions on how to do this for both Windows PCs and Macs.

 The Month of the Apple Bugs is meant to uncover security flaws in different Apple software and other applications for Mac OS X, according to the project Web site. "We can expect certainly many more critical issues being released during the month," LMH said.

 "A positive side effect, probably, will be a more concerned user base and better practices from the management side of Apple," LMH and Kevin Finisterre, an independent security researcher, wrote on the Month of the Apple Bugs Web site.

 On Tuesday, LMH and Finisterre published the second bug as part of their project. This time the flaw is not in Apple code but in the VLC Media Player, an open-source program available for Mac OS X and Windows. By supplying a specially crafted string, a remote attacker could cause an arbitrary code execution, LMH and Finisterre wrote in an alert.

 In November, LMH started the "Month of Kernel Bugs" project, which also included some Apple software bugs. That initiative was inspired by the "Month of Browser Bugs" in July.


Copyright ©1995-2007 CNET Networks, Inc. All rights reserved.

 
Now going to the SANS Internet Storm Center for instructions for the patch
http://isc.sans.org/diary.php?storyid=1993
The first bug is in the handling of RTSP URL's within Quicktime, leading to arbitrary code execution on both Windows and Mac OS. You can find the advisory here:
http://projects.info-pull.com/moab/MOAB-01-01-2007.html.

From IBE: Be sure to notice the "small print" at the bottom of the patch:
Update 3: Our thanks to Rosyna from Unsanity.org who pointed out that the above fix for OSX may not be sufficient due to the round-about fashion in which QTL files are handled by OSX (it doesn't use the RTSP handler, hence disabling it isn't a complete fix). She points to this application package as a fix: http://landonf.bikemonkey.org/code/macosx/MOAB_Day_1.20070102060815.15950.zadder.local.html . NOTE: this fix requires a third party application to be loaded which may introduce its own set of issues and vulnerabilities!
-tk

From IBE Heck... a wing and a prayer might help. Now I am glad I haven't updated QuickTime, but I have been with Apple for 25 years so have no doubt they will fix this ASAP. Remeber there are many baddies out there on the Internet and will hack the heck out if it, if given the chance. One of the Good points is this site... which is for Natalee and IMO making history
Logged

Freedom is not free: it also takes ethics, character, accountability, responsibility and courage! Freedom for Scared Monkeys: donate to Red's legal fees.
IBE
Monkey Junky
***
Offline Offline

Posts: 3554



« Reply #6 on: January 04, 2007, 07:01:24 PM »

Here are the articles I had downloaded and posted the info on the Thread that went down.. hope I didn't do it! I have added the bold print for faster reading, I hope!

Anna I put the first article here from summer 2006 for it starts to take about the flaws;

This month there is a group exploring all the flaws that might be in Apple so we will hear more soon.

 (c|net logo goes here)   http://www.news.com/
Apple patches QuickTime for Macs, Windows   By Joris Evers
http://earthlink.com.com, earthlink.com.com/Apple+patches+QuickTime+for+Macs%2C+Windows/2100-1002_3-6115076.html

 Story last modified Wed Sep 13 06:24:04 PDT 2006

Apple Computer on Tuesday released an update to its QuickTime media player software that fixes seven security flaws, all of them serious.

 The QuickTime vulnerabilities affect both Windows and Apple Mac OS X machines. Apple's update comes on the same day the company announced new digital music and video plans. Also, Microsoft on Tuesday released fixes for Office and Windows flaws.

 The security flaws in QuickTime are all due to the application's failure to properly check and sanitize files in several formats: H.264, QuickTime, FLC, FlashPix and SGI. An attacker could craft a malicious file in any of those formats which, when opened, would fully compromise a vulnerable system or cause QuickTime to crash.

"A successful exploit may result in a remote compromise of the underlying computer," Symantec said in an alert sent to users of its DeepSight security intelligence service.

 There are no known exploits for the flaws, Symantec said. This limits the threat. Apple regularly provides security updates for QuickTime, and often the flaws are in the handling of various file formats. Experts have said that cyberattackers are increasingly looking for flaws in applications.

 Apple repaired the flaws in version 7.1.3 of QuickTime, which is available via the company's Software Update service and frm the QuickTime Web site. (from IBE.... new article below)
Copyright ©1995-2007 CNET Networks, Inc. All rights reserved.

Next article from yesterday
http://earthlink.com.com, earthlink.com.com/QuickTime+zero-day+bug+threatens+Macs%2C+PCs/2100-1002_3-6146615.html
 http://www.news.com/

QuickTime zero-day bug threatens Macs, PCs By Joris Evers
http://earthlink.com.com, earthlink.com.com/QuickTime+zero-day+bug+threatens+Macs%2C+PCs/2100-1002_3-6146615.html

 Story last modified Wed Jan 03 05:59:40 PST 2007
A newly disclosed security vulnerability in Apple Computer's QuickTime software could put both Macs and Windows PCs at risk of cyberattacks, experts have warned.

 The publication on Monday of the vulnerability and detailed attack code kicks off the "Month of the Apple Bugs" project, which promises to feature a new Apple software bug each day in January.
The QuickTime vulnerability relates to how the media player software handles the Real Time Streaming Protocol, or RTSP, according to an advisory published on the Month of the Apple Bugs Web site. An attacker could create a special RTSP string in a rigged QuickTime file that would cause a buffer overflow, according to the advisory.

 "The risk is having your system compromised by a remote attacker, who can perform any operation under privileges of your user account," said LMH, the alias of one of the two security researchers behind the Month of the Apple Bugs. "It can be triggered via JavaScript, Flash, common links, QTL files and any other method that starts QuickTime."

 The vulnerability affects QuickTime 7.1.3, the latest version of the media player software released in September, on both Apple Mac OS X and Microsoft Windows, according to the Month of the Apple Bugs advisory. Previous versions could also be vulnerable, according to the advisory.

Here's the ref. to what Anna posted:
 Security-monitoring companies Secunia and the French Security Incidence Response Team, or FrSIRT, rate the QuickTime flaw as "highly critical" and "critical," respectively.

 In response to the publication of the QuickTime flaw, Apple spokesman Anuj Nayar said the company always welcomes feedback on how to improve security on the Mac, a standard company statement. Nayar did not comment on the specifics of the flaw or provide any indication of when Apple may deliver a patch.

QuickTime users can protect themselves against the vulnerability by disabling support for RTSP. The SANS Internet Storm Center, which tracks Internet threats, provides instructions on how to do this for both Windows PCs and Macs.

 The Month of the Apple Bugs is meant to uncover security flaws in different Apple software and other applications for Mac OS X, according to the project Web site. "We can expect certainly many more critical issues being released during the month," LMH said.

 "A positive side effect, probably, will be a more concerned user base and better practices from the management side of Apple," LMH and Kevin Finisterre, an independent security researcher, wrote on the Month of the Apple Bugs Web site.

 On Tuesday, LMH and Finisterre published the second bug as part of their project. This time the flaw is not in Apple code but in the VLC Media Player, an open-source program available for Mac OS X and Windows. By supplying a specially crafted string, a remote attacker could cause an arbitrary code execution, LMH and Finisterre wrote in an alert.

 In November, LMH started the "Month of Kernel Bugs" project, which also included some Apple software bugs. That initiative was inspired by the "Month of Browser Bugs" in July.


Copyright ©1995-2007 CNET Networks, Inc. All rights reserved.

 
Now going to the SANS Internet Storm Center for instructions for the patch
http://isc.sans.org/diary.php?storyid=1993
The first bug is in the handling of RTSP URL's within Quicktime, leading to arbitrary code execution on both Windows and Mac OS. You can find the advisory here:
http://projects.info-pull.com/moab/MOAB-01-01-2007.html.

From IBE: Be sure to notice the "small print" at the bottom of the patch:
Update 3: Our thanks to Rosyna from Unsanity.org who pointed out that the above fix for OSX may not be sufficient due to the round-about fashion in which QTL files are handled by OSX (it doesn't use the RTSP handler, hence disabling it isn't a complete fix). She points to this application package as a fix: http://landonf.bikemonkey.org/code/macosx/MOAB_Day_1.20070102060815.15950.zadder.local.html . NOTE: this fix requires a third party application to be loaded which may introduce its own set of issues and vulnerabilities!
-tk

From IBE Heck... a wing and a prayer might help. Now I am glad I haven't updated QuickTime, but I have been with Apple for 25 years so have no doubt they will fix this ASAP. Remeber there are many baddies out there on the Internet and will hack the heck out if it, if given the chance. One of the Good points is this site... which is for Natalee and IMO making history
Logged

Freedom is not free: it also takes ethics, character, accountability, responsibility and courage! Freedom for Scared Monkeys: donate to Red's legal fees.
IBE
Monkey Junky
***
Offline Offline

Posts: 3554



« Reply #7 on: January 04, 2007, 07:03:08 PM »

Sorry about the double posts.
Logged

Freedom is not free: it also takes ethics, character, accountability, responsibility and courage! Freedom for Scared Monkeys: donate to Red's legal fees.
Pages: 1   Go Up
  Print  
 
Jump to:  

Use of this web site in any manner signifies unconditional acceptance, without exception, of our terms of use.
Powered by SMF 1.1.13 | SMF © 2006-2011, Simple Machines LLC
 
Page created in 2.385 seconds with 20 queries.