February 13th, 2008 by Shanmuga
"Published reports of an information leakage vulnerability affecting fully patched versions of the open-source Firefox browser have been greatly exaggerated, according to Mozilla chief evangelist Mike Shaver.
Read the rest of this entry »
If you enjoyed this post, make sure you subscribe to my RSS feed!
Category: Vulnerabilities | No Comments »
February 13th, 2008 by Shanmuga
"Mozilla Corp. late yesterday patched Firefox to quash 11 bugs, including one from three weeks ago that posed a threat to users who had installed any of the more than 600 add-ons for the open-source browser. Firefox 2.0.0.12 fixed four vulnerabilities that Mozilla ranked "critical," one it pegged "high" and three each rated as "moderate" and "low," according to the security advisory posted Thursday.
Read the rest of this entry »
If you enjoyed this post, make sure you subscribe to my RSS feed!
Category: Vulnerabilities | No Comments »
February 8th, 2008 by Shanmuga
"A researcher over at the Internet Storm Center has created a powerful GUI that will set the kill-bits on vulnerable ActiveX controls used in Facebook, Myspace, and Yahoo apps. These popular apps came under attack on Monday after researchers Elazar Broad and Krystian Kloskowski disclosed their findings to a online security newsgroup.
Read the rest of this entry »
If you enjoyed this post, make sure you subscribe to my RSS feed!
Category: Software, Vulnerabilities | No Comments »
February 8th, 2008 by Shanmuga
"Adobe has released an update to its free Adobe Reader application that corrects more than two dozen bugs, including several security holes. Separately, Apple this week pushed out a patch to plug a single security vulnerability in its iPhoto application.
Read the rest of this entry »
If you enjoyed this post, make sure you subscribe to my RSS feed!
Category: Security, Vulnerabilities | No Comments »
February 8th, 2008 by Shanmuga
"A wave of bugs in the plug-in technology used by Microsoft Corp.’s Internet Explorer browser has some security experts, including those at US-CERT, recommending that users disable all ActiveX controls.
Read the rest of this entry »
If you enjoyed this post, make sure you subscribe to my RSS feed!
Category: Vulnerabilities | No Comments »
February 8th, 2008 by Shanmuga
"According to security researcher and CEO of Errata Security Robert Graham, Google’s JavaScript code makes HTTP requests in the background via an XMLHttpRequest. By default, these requests are SSL-encrypted—but if SSL fails, they change to nonencrypted mode. When a user attempts to connect to a WiFi hotspot, Google Mail attempts to connect with SSL both enabled and disabled. Even if the attempt fails, session-ID cookies are still transmitted to the router, and can therefore be captured by anyone sitting nearby with an appropriately configured software suite.
Read the rest of this entry »
If you enjoyed this post, make sure you subscribe to my RSS feed!
Category: Vulnerabilities | No Comments »
February 8th, 2008 by Shanmuga
"Bugs in the ActiveX controls on popular social networking sites Facebook and MySpace can be used by hackers to snatch control of Windows PCs, security experts said today. Initially made public by researcher Elazar Broad on the Full Disclosure security mailing list, the vulnerabilities are in a pair of ActiveX controls that Facebook and MySpace provide to users for uploading images to their pages via Microsoft’s Internet Explorer (IE) browser.
Read the rest of this entry »
If you enjoyed this post, make sure you subscribe to my RSS feed!
Category: Vulnerabilities | No Comments »
January 30th, 2008 by Shanmuga
"Mozilla’s security chief Window Snyder has confirmed a proof of concept information leak flaw in Firefox–even fully patched versions. Snyder confirmed the issue in a blog post. The proof of concept vulnerability was highlighted by researcher Gerry Eisenhaur on Jan. 19. In a nutshell, Firefox leaks information that can allow an attacker to load any javascript file on a machine.
Read the rest of this entry »
If you enjoyed this post, make sure you subscribe to my RSS feed!
Category: Vulnerabilities | No Comments »
January 22nd, 2008 by Shanmuga
"…Microsoft Excel files are being used to exploit a zero-day (previously unknown/unpatched) vulnerability and plant keystroke loggers on select (.gov?) networks…bugs in Microsoft Office applications emerged over the last year as standard weapons for criminals conducting corporate espionage and computer attacks against military targets. Last summer, Microsoft’s Office team struggled to keep pace with flaw discoveries and, after a brief lull, it looks like we’ll see much of the same this year.
Read the rest of this entry »
If you enjoyed this post, make sure you subscribe to my RSS feed!
Category: Hacking, Vulnerabilities | No Comments »
January 22nd, 2008 by Shanmuga
"A security researcher has claimed that Yahoo’s system for blocking automated access to its systems - the CAPTCHA image-recognition system - has been effectively cracked. CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) systems are used by Yahoo, as well as Google, Microsoft and others, to stop automated systems from registering web-based email accounts, filling blog comments sections with spam and guessing passwords.
Read the rest of this entry »
If you enjoyed this post, make sure you subscribe to my RSS feed!
Category: Hacking, Vulnerabilities | No Comments »
