Screen Capture Mac DVD Playing

February 2009

When it comes to taking screen captures in Apple's DVD Player, the built-in Mac OS X screen capture tools are useless. Try to use the built-in screenshot shortcut (Shift-Command-3) while DVD Player is
running, and you get nothing more than an error beep. Using Grab, the screen capture utility that comes on your Mac, you get similar results––an error message that says "Screen grabs are unavailable during DVD playback. Please quit DVD Player first."

In spite of these limitations, there is a way to capture fullscreen shots from DVD's. Actually, there are a couple of ways, but only one that is simple and straightforward.

The not-so-easy way is to download VLC Player from Version Tracker, http://www.versiontracker.com/macosx/. VLC is a free open-source video and audio player that is capable of playing almost any kind of video you give it, including VCD's (video CD's) and MPEG-4 files. It has a built-in screen capture feature, but it won't take shots at fullscreen resolution. This is fine if you don't want to blow up your screenshots to fullscreen size. The built-in Mac OS X shortcuts also work in VLC, but screenshots taken this way are saved as PDF's, so if you want to be able to use the images in iPhoto, you will have to download a program like DropJPG (free) to convert them into JPEG files. The big problem with VLC Player, besides that it isn't fully developed yet, is that you can't step through individual frames, making it very difficult to catch the perfect shot.

The best way is to use DVD Player and FreeSnap, a free screenshot application. There are other freeware programs that some people might find more to their liking (SnapNDrag, GrabMac, & Capture Me to name a few). But I found FreeSnap to be the easiest to use for the purpose of taking fullscreen DVD captures.

All it takes is five steps:

1. Download (again from Version Tracker, http://www.versiontracker.com/macosx/). FreeSnap requires Mac OS 10.2 or higher.

2. Install (Drag application icon to your Applications folder).

3. Start and set up FreeSnap.

4. Launch DVD Player in fullscreen mode and pause the scene you want to capture.

Thank A. Lama 7.11.06

What's Up with Remote Desktops???

February 2009

Mac Remote Desktop:
http://www.apple.com/remotedesktop/

Microsoft Remote Desktop:
http://www.microsoft.com/mac/products/remote-desktop/default.mspx

CoRD:
http://cord.sourceforge.net/

Chicken of the VNC:
http://sourceforge.net/projects/cotvnc/

Remote SSH on a Mac:
http://www.engr.wisc.edu/computing/best/rdesktop-mac.html

Apple Quicktime Infected

February 2009

Apple issues critical QuickTime security update. Apple issued a critical QuickTime security update, aimed at resolving vulnerabilities in its media player that could potentially allow a malicious attacker to take control of a user’s computer, according to an Apple advisory released last week. Users running QuicTime 7 for Windows, or OSX, are affected, as well as those who are using Mac OS X 10.4 or Mac OS X 10.5, according to Apple. Apple is advising users to update to QuickTime 7.6, with QuickTime 7.6 for Windows, or QuickTime 7.6 for Leopard, or QuickTime 7.6 for Tiger. The update seeks to address QuickTime security flaws which could potentially allow a malicious attacker to launch a buffer overflow and execute arbitrary code on a user’s system. The attack could potentially occur via a maliciously crafted movie file, AVI movie file, QTVR movie file, or an RTSP URL, according to Apple. Security researcher Secunia, in its security advisory on January 22, noted the vulnerabilities are considered “highly critical.”

New York Considers Taxing iTunes & Porno

February 2009

New York wants a share of iTunes' money.

The state is staring at a $15.4 billion deficit so Gov. David Paterson is proposing an "iPod tax" as part of his state budget. Under the plan, New York would charge state and local sales tax for "digitally delivered entertainment services," according to a story in The New York Daily News.

That includes e-books downloaded to Amazon's Kindle as well as for the digital songs obtained from Apple's iTunes. If the state legislature passes the governor's plan, the price of digital content for New Yorkers is sure to go up. The tax would also apply to sporting events, movie tickets, taxis, and satellite TV and radio.

Wow. To some Manhattan residents, Hoboken, N.J., may be looking better all the time. But wait, New Jersey is among the 17 states that already tax downloads, according to my colleague Stephanie Condon. She wrote back in August that states taxing digital entertainment include Alabama, Arizona, Colorado, Hawaii, New Mexico, Texas, and Washington.

California and Wisconsin considered similar proposals, but they were defeated. Tech industry groups like NetChoice, which counts eBay, AOL, and Yahoo as members, have been lobbying against the rise in so-called iTaxes.
Thanks G. Sandoval

Twitter Clickjacking Hack...

February 2009

Twitter clickjacking hack released. A Web developer has released a proof-of-concept clickjacking attack targeting Twitter that demonstrates how an attacker could take over a member’s “update” function on the microblogging site. Simply put, all it takes is for the victim to click on a seemingly innocent link on a Web page while logged into Twitter, and then his or her “What are you doing?” status is under the attacker’s control. “It means anyone can update an individuals Twitter status without you knowing,” says the independent Web developer who wrote the PoC and published it on his Website. Clickjacking is an attack where a bad guy slips a malicious link invisibly onto a Web page or under a commonly used button on a Web site. When the user clicks on the link or rolls his mouse over the link, he becomes infected. Microsoft has included a new clickjacking protection feature in Internet Explorer 8 that lets Websites safeguard their sites and visitors without browser add-ons.

Unauthorized Usuage...

February 2009

Unauthorized Web use on the rise, sneaking by IT. Schools long have struggled with savvy students who run anonymous Web proxy tools to bypass Web filters and secretly access banned Web sites and content. But the use of these potentially dangerous tools within the enterprise appears to be more widespread than was once thought. A new study released on January 4 indicates that businesses may be clueless about the breadth of the problem: While 15 percent of IT managers report that Web filter bypass tools are in use in their organizations, it turns out that these tools are actually in use in three out of four organizations, according to FaceTime Communications, which polled both IT managers and its own customers on the topic. Anonymous Web proxies, also known as proxy servers, anonymizers, and shadow-surfing tools, basically pass user Web traffic via other servers to get around an organization’s Web filters. These tools come in various forms, but the most popular are Web proxy sites, such as Proxyatwork.com, which let users reach banned sites from work, whether it is gambling, social networks, or adult content. They also come in desktop applications, such as Circumventor, that let users browse silently and anonymously over nontraditional browsing ports, hiding their IP addresses and other identifiable information. Other bypass tools include online communities, such as TOR and Hopster, where users make their PCs available for use as proxies in support of freedom of communication over the Net, notes the vice president of marketing and product management for FaceTime.

Infested Digital Frames

February 2009

Latest problem import? Infected digital photo frames. Digital photo frames infected with computer viruses are the latest problem import from China. “Essentially, it’s a supply chain problem,” said the director of the Internet Storm Center at the SANS Institute. The culprit is believed to be poor quality-assurance testing procedures in which one of every 1,000 or so devices is plucked off an assembly line and tested on a computer that is infected with a virus, he said. Before Christmas, Samsung and Amazon issued alerts warning customers that some Photo Frame Driver CDs for Samsung’s SPF line of digital photo frames contained a virus in the frame manager software. Customer PCs running Windows XP are at risk of being infected by the virus, W32.Sality.AE, which drops a keylogger or backdoor onto the system. Element and Mercury brand frames sold at Circuit City and Wal-Mart, respectively, also were reported to be infected, according to the San Francisco Chronicle. “Anything that has flash storage or bootable storage is exposed to this kind of threat,” said the director of security research for McAfee Avert Labs. “It doesn’t mean you shouldn’t buy them. You should just realize before you plug it in that you might want to disable the Windows auto-boot functionality and run an antivirus scan on it, just to be safe.”

Wi-Fi Health Risk...

February 2009

BACKGROUND ON RF SAFETY ISSUES

Concerns about the safety of cellular telephones-whether they create
health risks or are safe to use in all operating environments-have
spread to other wireless devices, such as the wireless networking
equipment (WLANs)*
There is no correlated proof that these low-power devices pose any
health risks to the user or the general public.

This document discusses the results of research into the possible
health effects of RF devices.

Low-Power Wireless Devices Pose No Known Health Risk.

Do low-power wireless devices such as WLAN client cards, access
points, or RFID tags pose a health threat?

Available evidence today suggests that there is no clear correlation
between low-power wireless use and health issues.
Recent studies strongly suggest that the use of cellular telephone
equipment does not create health risks. Two important recent studies
that reached this conclusion are:

• A report written by Dr. John D. Boice, Jr. and Dr. Joseph K.
McLaughlin of the International Epidemiology Institute in the United
States in September 2002 for the Swedish Radiation Protection Authority.

• A report to the European Commission from the Scientific Committee on
Toxicity, Ecotoxicity, and the Environment, titled "Opinion on
Possible Effects of Electromagnetic Fields, Radio Frequency Fields,
and Microwave Radiation on Human Health."
Few studies deal directly with the affects of WLAN devices. The
emission levels of WLAN and RFID tags are below RF emission levels
from typical cellular telephones. Therefore, any conclusions relating
to the safety of cellular telephone equipment can almost certainly be
applied to WLAN or RFID devices**.
The RF emission levels from a typical WLAN are well within the safety
emission level thresholds set by the World Health Organization (WHO)***
* These devices are also referred to as RLANs by the ITU-R;, however,
this paper refers to these devices as WLANs.
*** The RF emission limits adopted by various national agencies are
based on guidelines from the WHO International Commission on Non-
Ionizing Radiation Protection (ICNIRP).

Blackberry Vulnerability

February 2009

BlackBerry Attachment Service PDF Distiller File Parsing Vulnerability



OVERVIEW:

A vulnerability has been identified in the BlackBerry Attachment Service. BlackBerry Attachment Service is a component of "BlackBerry Enterprise Server" and " BlackBerry Unite! " that is used to process email attachments. Exploitation occurs when specially crafted PDF files are opened or viewed on the Blackberry handset and processed by the Blackberry Attachment Service. This affects the Blackberry Enterprise Server or Blackberry Unite!, and not the Blackberry handset. Successful exploitation may result in an attacker gaining complete control of the affected system. Depending on the privileges associated with the service, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.



SYSTEMS AFFECTED:

· Research In Motion Blackberry Enterprise Server 4.1.3

· Research In Motion Blackberry Enterprise Server 4.1.4

· Research In Motion Blackberry Enterprise Server 4.1.5

· Research In Motion Blackberry Enterprise Server 4.1.6

· Research In Motion Blackberry Professional Software 4.1.4

· Research In Motion Blackberry Unite! 1.0

· Research In Motion Blackberry Unite! 1.0.1

· Research In Motion Blackberry Unite! 1.0.1 bundle 36



RISK:

Government:

* Large and medium government entities: High
* Small government entities: High



DESCRIPTION:

A file parsing vulnerability has been discovered in the way PDF distiller of some versions of BlackBerry Attachment Service handles specially crafted PDF files. If a user opens a specially crafted PDF attachment, it may result in remote code being run on the Blackberry server. Successful exploitation may result in an attacker gaining complete control of the affected system. Depending on the privileges associated with the service, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.



RECOMMENDATIONS:

We recommend that all of the following actions be taken:

* Apply the appropriate update to vulnerable systems immediately after appropriate testing.
* Until patches can be applied, consider removing PDF files from the supported file format list, or prevent the PDF distiller component from running.
* Do not open email attachments from unknown or un-trusted sources.

* Apply the principle of Least Privilege to all services.

REFERENCES:

SecurityFocus:
http://www.securityfocus.com/bid/33224/

Magic Wand Man Uses Virus

February 2009

Blaine man pleads guilty to placing virus in computers. A Blaine man charged with sabotaging his former employer’s computer system pleaded guilty to the offense in federal court, the U.S. Attorney’s Office said. The 21-year-old admitted in court January 12 that in April 2008 he intentionally damaged a computer after he was terminated from his job as a help desk employee at Wand Corp. According to his plea agreement, the guilty party worked for the Eden Prairie, Minnesota, firm that provides computers used by retailers and restaurants to conduct cash register transactions. The computers are in individual establishments but can be remotely accessed by Wand using an Internet-based program. About three weeks after he was let go, he unleashed a malicious software attack on Wand computers in about 3,000 restaurants. The attack was designed to crash the client computers. He launched the attack from his home computer and was able to install the virus on about 1,000 computers, his plea agreement said.