---

Microsoft slates 12 patches for next week

"Microsoft Corp. announced today that it will release a dozen security updates next week, matching the patch record set a year ago. Seven of the 12 will be tagged with the company’s highest threat ranking. "There’s not a Windows shop anywhere in the world that won’t need to deploy at least one of these patches," [...]

For more articles like this one, please subscribe to my RSS feed! or receive updates via Email, IM, Twitter, Skype.

Free tool blocks Facebook, MySpace, and Yahoo ActiveX vulnerabilities

"A researcher over at the Internet Storm Center has created a powerful GUI that will set the kill-bits on vulnerable ActiveX controls used in Facebook, Myspace, and Yahoo apps. These popular apps came under attack on Monday after researchers Elazar Broad and Krystian Kloskowski disclosed their findings to a online security newsgroup. Read more

For more articles like this one, please subscribe to my RSS feed! or receive updates via Email, IM, Twitter, Skype.

Adobe, Apple Issue Security Updates

"Adobe has released an update to its free Adobe Reader application that corrects more than two dozen bugs, including several security holes. Separately, Apple this week pushed out a patch to plug a single security vulnerability in its iPhoto application. Read more

For more articles like this one, please subscribe to my RSS feed! or receive updates via Email, IM, Twitter, Skype.

Kill ActiveX

"A wave of bugs in the plug-in technology used by Microsoft Corp.’s Internet Explorer browser has some security experts, including those at US-CERT, recommending that users disable all ActiveX controls. Read more

For more articles like this one, please subscribe to my RSS feed! or receive updates via Email, IM, Twitter, Skype.

Google Mail vulnerable to sidejacking despite SSL

"According to security researcher and CEO of Errata Security Robert Graham, Google’s JavaScript code makes HTTP requests in the background via an XMLHttpRequest. By default, these requests are SSL-encrypted—but if SSL fails, they change to nonencrypted mode. When a user attempts to connect to a WiFi hotspot, Google Mail attempts to connect with SSL both [...]

For more articles like this one, please subscribe to my RSS feed! or receive updates via Email, IM, Twitter, Skype.

Critical flaws found in MySpace, Facebook ActiveX controls

"Bugs in the ActiveX controls on popular social networking sites Facebook and MySpace can be used by hackers to snatch control of Windows PCs, security experts said today. Initially made public by researcher Elazar Broad on the Full Disclosure security mailing list, the vulnerabilities are in a pair of ActiveX controls that Facebook and MySpace [...]

For more articles like this one, please subscribe to my RSS feed! or receive updates via Email, IM, Twitter, Skype.

Mozilla confirms Firefox proof of concept information leak vulnerability

"Mozilla’s security chief Window Snyder has confirmed a proof of concept information leak flaw in Firefox–even fully patched versions. Snyder confirmed the issue in a blog post. The proof of concept vulnerability was highlighted by researcher Gerry Eisenhaur on Jan. 19. In a nutshell, Firefox leaks information that can allow an attacker to load any [...]

For more articles like this one, please subscribe to my RSS feed! or receive updates via Email, IM, Twitter, Skype.

Hacking: Researcher cracks Yahoo CAPTCHA software

"A security researcher has claimed that Yahoo’s system for blocking automated access to its systems - the CAPTCHA image-recognition system - has been effectively cracked. CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) systems are used by Yahoo, as well as Google, Microsoft and others, to stop automated systems from registering [...]

For more articles like this one, please subscribe to my RSS feed! or receive updates via Email, IM, Twitter, Skype.

Vulnerabilities: First QuickTime bug of 2008

"Luigi Auriemma, a 27-year-old Italian researcher who broke the news of the flaw on Thursday, said that the most recent version of QuickTime is prone to a buffer overflow that, if successfully exploited, gives the attacker free rein over a user’s computer. He posted information and proof-of-concept code on security site, milw0rm, his own website [...]

For more articles like this one, please subscribe to my RSS feed! or receive updates via Email, IM, Twitter, Skype.

Vulnerabilities: Microsoft Flaw could lead to worm attack

"Microsoft has fixed a critical flaw in the Windows operating system that could be used by criminals to create a self-copying computer worm attack. The software vendor released its first set of patches for 2008 on Tuesday, fixing a pair of networking flaws in the Windows kernel. Microsoft also released a second update for a [...]

For more articles like this one, please subscribe to my RSS feed! or receive updates via Email, IM, Twitter, Skype.

---

---