Tag: Mac OS X

A handy, portable system information tools

· 4 Comments ·

A handy, portable system information tools:

Speccy:

Speccy is an advanced System Information tool for your PC. Need to find out what’s inside your computer? Speccy will give you all the information you need.

Speccy gives you detailed statistics on every piece of hardware in your computer, including CPU, Motherboard, RAM, Graphics Cards, Hard Disks, Optical Drives, and Audio support. Additionally Speccy adds the temperatures of your different components, so you can easily see if there’s a problem!

Speccy may seem like an application for system administrators and power users. It certainly is, but Speccy can also help normal users, in everyday computing life.

If you need to add more memory to your system, for example, you can check how many memory slots your computer has and what memory’s already installed. Then you can go out and buy the right type of memory to add on or replace what you’ve already got.

Note: Speccy requires Windows XP or later, and does not currently support Mac OS X or Linux.

To download the Speccy click on the URLhttp://www.piriform.com/speccy/download/standard

CPU-Z:

CPU-Z is a freeware utility that gathers information on some of the main devices of your system. CPU-Z does not need to be installed, just unzip the files in a directory and run the .exe. In order to remove the program, just delete the files. The program does not copy any file in any Windows directory, nor write to the registry.

CPU

  • Name and number.
  • Core stepping and process.
  • Package.
  • Core voltage.
  • Internal and external clocks, clock multiplier.
  • Supported instructions sets.
  • All cache levels (location, size, speed, technology)

Mainboard

  • Vendor, model and revision.
  • BIOS model and date.
  • Chipset (northbridge and southbridge) and sensor.
  • Graphic interface.

Memory

  • Frequency and timings.
  • Module(s) specification using SPD (Serial Presence Detect): vendor, serial number, timings table.

System

  • Windows and Direct X version.

To download the CPU-Z  click on the URL:  http://www.cpuid.com/softwares/cpu-z.html

source: piriform,cpuid

Google Chrome hacked with sandbox bypass

· 3 Comments ·

Google Chrome hacked with sandbox bypass:

VANCOUVER — A Russian university student hacked into a fully patched Windows 7 machine (64-bit) using a remote code execution vulnerability/exploit in Google’s Chrome web browser.

The attack, which included a Chrome sandbox bypass, was the handiwork of Sergey Glazunov, a security researcher who regularly finds and reports Chrome security holes.

Glazunov scored a $60,000 payday for the exploit, which targeted two distinct zero-day vulnerabilities in the Chrome extension sub-system.  The cash prize was part of Google’s new Pwnium hacker contest which is being run this year as an alternative to the more well-known Pwn2Own challenge.

According to Justin Schuh, a member of the Chrome security team, Glazunov’s exploit was specific to Chrome and bypassed the browser sandbox entirely.  ”It didn’t break out of the sandbox [but] it avoided the sandbox,” Schuh said in an interview.

Schuh described the attack as “very impressive” and made it clear that the exploit “could have done anything” on the infected machine.  ”He (Glazunov) executed code with full permission of the logged on user.”

“It was an impressive exploit.  It required a deep understanding of how Chrome works,” Schuh added. ”This is not a trivial thing to do.  It’s a very difficult and that’s why we’re paying $60,000.

Glazunov is a regular contributor to Google’s bug bounty program and Schuh raved about the quality of his research work.

Schuh said Glazunov once submitted a similar sandbox bypass bug but stressed that these kinds of full code execution that executes code outside the browser sandbox form a very small percentage of bug submissions.

Less than 24 hours after Sergey Glazunov hacked into a fully patched Windows 7 machine with a pair of Chrome zero-day flaws, Google rushed out a patch for Windows, Mac OS X, Linux and Chrome Frame users.

Technical details of the vulnerabilities are being kept under wraps until the patch is pushed out via the browser’s silent/automatic update mechanism.

According to Google’s advisory, the flaws related to universal cross-site scripting (UXSS) and bad history navigation.

  • [Ch-ch-ch-ch-ching!!! $60,000] [117226] [117230] Critical CVE-2011-3046: UXSS and bad history navigation. Credit to Sergey Glazunov.

Glazunov’s exploit also bypassed the Chrome sandbox to execute code with full permissions of the logged on user.

The Google browser was also popped by a hacking team from VUPEN and there’s speculation that a vulnerability in the Flash Player plugin was exploited in that attack.  VUPEN co-founder Chaouki Bekrar told that the flaw existed in the default installation of Chrome but declined to say if the faulty code was created by Google or a third-party vendor.

The Flash Player plugin in Chrome runs in a weaker sandbox than the full browser and has always been a tempting target for attackers.

Google is working on putting Flash within the more robust plugin and  this will happen before the end of this year.

source: zdnet,chromium,pwnium