PDA

View Full Version : /!\ OpenGL.org may harm my computer?



Groovounet
09-24-2010, 03:58 AM
Google Chrome report a quite annoying message when reaching my favourite website: OpenGL.org. I think it worse some investigation !

The message with a red background...:
"Warning: Visiting this site may harm your computer!"

Thanks

ZbuffeR
09-24-2010, 04:51 AM
Same from Firefox, I wrote to webmaster (at) Khronos.org about this issue.

Here is the error report :
http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=fr&site=http://opengl.org

mfort
09-24-2010, 06:44 AM
now the Internet Explorer comes in handy ;-)

Ido_Ilan
09-24-2010, 01:17 PM
I see a DX conspiracy :o

sqrt[-1]
09-24-2010, 08:18 PM
It seems I was infected with a Trojan called "Desktop Security 2010" from this....(fortunately I don't run as admin so it seems to be easy to remove)

Simon Arbon
09-24-2010, 10:41 PM
Yesterday Norton 360 gave me the message:
An intrusion attempt from www.opengl.org/ (http://www.opengl.org/) was blocked: "MSIE Java Deployment Toolkit Input Invalidation"
At the same time a window popped up asking if i wanted to install windows media player.
This happened twice in a row on the home page.


Severity: High
This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
Description
This signature will detect a Insufficient Validation vulnerability in Java Deployment Toolkit ActiveX Control.
Additional Information
Java Deployment Toolkit Performs Insufficient Validation of Parameters
-------------------------------------------------------------------------

Java Web Start (henceforth, jws) provides java developers with a way to let
users launch and install their applications using a URL to a Java Networking
Launching Protocol (.jnlp) file (essentially some xml describing the
program).

Since Java 6 Update 10, Sun has distributed an NPAPI plugin and ActiveX control
called "Java Deployment Toolkit" to provide developers with a simpler method
of distributing their applications to end users. This toolkit is installed by
default with the JRE and marked safe for scripting.

The launch() method provided by the toolkit object accepts a URL string, which
it passes to the registered handler for JNLP files, which by default is the
javaws utility.
Affected
Java 6 Update 10