OS9USER Newsroom
TOP STORIES




#BREAKING : Alleged plot to kidnap and potentially kill Michigan Governor Gretchen Whitmer and overthrow the state government




LIVE COVERAGE
Amy Coney Barrett's Supreme Court confirmation hearings | Day 3



Windows 10 October 2020 Update
5 biggest changes



Fox Host Confronts Trump On Existence Of UFOs



North Korea unveils 'monster' intercontinental missile


OS9USER NEWS ROOM News Map

GRAB a Copy of OS9USER Newsroom Map For Your Website


Apple to release four new iPhones



Apple Top Free Apps





CLASSIFIED REPORT

Leaking Classified NSA Information



Billie Winner-Davis, Reality Winner's mother, told Business Insider on Tuesday that President Donald Trump's former lawyer, Michael Cohen, is attempting legal representation to aid the former Air Force language analyst contractor and Kingsville native Reality Winner with her case.

Winner pleaded guilty in 2018 to leaking classified National Security Agency information on Russia's alleged efforts to interfere with the 2016 election. She was found guilty of violating the U.S. Espionage Act and sentenced to five years in prison at the Federal Medical Center-Carswell in Fort Worth, Texas.

In 2016 following her separation from six years of active duty, Winner was hired by Pluribus International Corporation under an NSA contract to work out of Fort Gordon, Georgia.

According to ABC News, Winner printed a classified report detailing how Russian hackers allegedly “executed cyber espionage operations” on local election systems and mailed the documents to The Intercept.

She was arrested on June 3, 2017.


Michael Cohen, who pleaded guilty to campaign violations and tax fraud in 2018, began serving his sentence in May 2019 at the federal penitentiary in Otisville, New York.

He has been under house arrest since July over coronavirus concerns.

Military.com stated that Reality’s mother sent a Twitter message that said “Cohen has asked another attorney to look at the case and for opportunities to help.”



Announcements

We encourage anyone to reach out to discuss potential news stories that may be in the public interest. You can reach us via email or by phone at 603-483-3900 with the understanding that the information you provide might be used in our
LIVE broadcasts or other stories.

Grab our Feed



September 13, 2007




A London security analyst working with the open source group GNUCitizen has discovered a potentially serious exploit that could affect users of the Firefox browser and Apples QuickTime movie and music player especially iTunes customers on Windows XP based machines.

Petko D. Petkov wrote yesterday, he discovered that JavaScript code appearing in the {embed} tag of an HTML file could launch a new Web browser instance, feeding it any kind of default code that is not checked before being executed.

Unfortunately, the exploit is so simple in concept that the most general description of how it works may give some clues as to how to try it, but of course, Petkov gives a more complete explanation for the benefit of anyone interested in trying to put a stop to it.

On an XP based system where Firefox is the default browser, when an {embed} tag references a file whose type is handled by QuickTime, it then passes the name of that file to QuickTime in trying to launch it, even if the file does not really exist. For the exploit to work, the file should not exist.

In launching QuickTime, the browser then can pass JavaScript code to the plug-in using what are called chrome privileges. This is a privilege class that was created with special elevation in order to allow either the plug-in or third parties to attach code to enable skins or special settings, so that the plug-in appears and behaves according to user's preferences. That code is apparently not checked beforehand, so it is possible to embed JavaScript code within it that creates and launches another instance of Firefox. That instance may then be passed another swatch of JavaScript code, which is also apparently not checked.

The exploit works only when Firefox is the default browser. It does not work when Internet Explorer 7 is the default browser. However, when Firefox is the default, the exploit does work anyway even if IE7 contains the embedded link. So you could still be seeing an IE7 Web page, click on the link to the false file, have it pull up QuickTime, and watch helplessly as QuickTime instantiates a copy of Firefox, from which the havoc may then take place. If IE7 is the default browser, we discovered, QuickTime will instantiate a new IE7 window, but it will not execute the second swatch of embedded code. This is on XP systems with the latest Microsoft security updates for Windows and IE7.

Also, the exploit does not work when Windows Media Player is the handler for the false file, whether the embedded link is viewed through Firefox or IE7.

Tests of the exploit in Windows Vista, the exploit failed even when Firefox was set to be the default browser. In all cases, Vista generated an error message saying it could not locate the element in question, and then revealed the content of that element the potentially malicious code.

This is far from the first exploit discovered involving the triggering of malicious code from Firefox by means of unchallenged chrome privileges given to a plug-in.

Late yesterday, Mozilla acknowledged the severity of the exploit itself, posting a notice on its Security Blog saying, Petkov provided proof of concept code that may be easily converted into an exploit, so users should consider this a very serious issue. Mozilla is working with Apple to keep our users safe and we are also investigating ways to mitigate this more broadly in Firefox.

You can follow our work in bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=395942

Labels:




0 Comment(s) on this Article

Post a Comment









 



VP Fly Debate Cold Open - SNL



New details emerge from plot to kidnap Michigan Gov. Whitmer



Twitter News

Hackaday — Access An 8-bit Atari Through Twitter

cryptodaily.co.uk — Could China be behind a recent spike in bitcoin addresses?

Medium — Thoughts on distribution strategy and CEO/firm misalignment

Wired — How to Block Bad Websites—or Just Get Things Done

Arkansas Online — Stocks advance to end their best week in 3 months

Business Standard India — Trump to hold in-person White House event Saturday, hit campaign trail Mon

VentureBeat — Star Wars: Squadrons is seeing significant VR play

Japan Today — Twitter testing how its misinformation labels can be more obvious, direct

Mashable — One man's frustrating journey to recovering his Myspace

Medium — The Viral Nature of Bitcoin inside Publicly-traded Company Stocks

 Claim by Mike Pence:

"(Biden’s) own chief of staff, Ron Klain, would say last year that it was pure luck, that they did ‘everything possible wrong’ (with H1N1). And we learned from that."
PolitiFact rating: Needs context
Fact-checking the 2020 vice presidential debate, Kamala Harris vs. Mike Pence

Claim by Kamala Harris:
"There are estimates that by the end of the term of this administration, they will have lost more jobs than almost any other presidential administration."
PolitiFact rating: Half True


Claim by Mike Pence:
That Rose Garden event — there's been a great deal of speculation about it — my wife Karen and I were there and honored to be there. Many of the people who were at that event, Susan, were actually tested for coronavirus, and it was an outdoor event, which all of our scientists r...
CBS News rating: Partially true


Claim by Mike Pence:
"This administration saw 500,000 manufacturing jobs created."
PolitiFact rating: Misleading


Claim by Sen. Kamala Harris:
"Because of a so-called trade war with China, America lost 300,000 manufacturing jobs."
FactCheck.org rating: False


Claim by Mike Pence:
"The Green New Deal's on their campaign website."
PolitiFact rating: Misleading


Claim by Kamala Harris:
"Do you know that of the 50 people who President Trump appointed to the court of appeals for lifetime appointments, not one is Black?"
PolitiFact rating: Accurate


Claim by Mike Pence:
The Rose Garden event with Judge Amy Coney Barrett "was an outdoor event which all of our scientists regularly and routinely advised."
PolitiFact rating: Wrong


Claim by Kamala Harris:
Says Trump "got rid of" the National Security Council pandemic threat staff, and the CDC's team in China.


Tracking COVID-19


Our Interactive Radar


Tracking Our
New Hampshire Weather



MANCHESTER




OS9USER Trailer Mania

COME AWAY



Release Date: December 24, 2020 (Singapore)

Genre : Thriller






The official synopsis;

Before Alice went to Wonderland, and before Peter became Pan, they were brother and sister. When their eldest brother dies in a tragic accident, they each seek to save their parents from their downward spirals of despair until finally they are forced to choose between home and imagination, setting the stage for their iconic journeys into Wonderland and Neverland.



Warning: Some flashing-lights scenes in this film may effect photosensitive viewers.



Search our Archives