Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Bofra exploit hits The Register's ad serving supplier

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Bofra exploit hits The Register's ad serving supplier
Date: Mon, 22 Nov 2004 06:11:58 -0600 (CST) 
http://www.theregister.co.uk/2004/11/21/register_adserver_attack/

By Team Register
21st November 2004 

Important notice: Early on Saturday morning some banner advertising
served for The Register by third party ad serving company Falk AG
became infected with the Bofra/IFrame exploit. The Register suspended
ad serving by this company on discovery of the problem.

Bofra/IFrame is a currently unpatched exploit which affects Internet
Explorer 6.0 on all Windows platforms bar Windows XP SP2. If you may
have visited The Register between 6am and 12.30pm GMT on Saturday, Nov
20 using any Windows platform bar XP SP2 we strongly advise you to
check your machine with up to date anti-virus software, to install SP2
if you are running Windows XP, and to strongly consider running an
alternative browser, at least until Microsoft deals with the issue.

We have asked Falk for an explanation and for further details of the
incident, and pending this we do not intend to restart ad-serving via
the company. Falk will, we understand, be making a statement regarding
the matter on Monday.

Although the matter was beyond our direct control, we do not regard it
as acceptable for any Register reader to be exposed in this way, and
wish to apologise sincerely to anyone who was. Further information
about this particular exploit is available here [1] or here [2].

[1] http://www.theregister.co.uk/2004/11/04/ie_iframe_vuln/
[2] http://www.theregister.co.uk/2004/11/10/bofra_worm/



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - 
http://www.osvdb.org/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Bofra exploit hits The Register's ad serving supplier, InfoSec News <=
Previous by Date:  [ISN] Falk statement on Bofra attack, InfoSec News
Next by Date:  [ISN] Air Force to standardize Microsoft configurations, InfoSec News
Previous by Thread:  [ISN] Falk statement on Bofra attack, InfoSec News
Next by Thread:  [ISN] Air Force to standardize Microsoft configurations, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]