Security researchers have found PHP exploit code embedded in a GIF on a major image-hosting site. The exploit code slipped through the site’s defences with the aid of a legitimate image at the beginning of the file, according to a blog post on the Sans Institute’s Internet Storm Center. “It is a clever way to pass exploit code to others without it setting off alarms or attracting attention, all [the] while bypassing network security tools,” the blog noted.
Read more…
A website advertising sexually explicit videos starring Paris Hilton â as well as personal mementos lost by the imprisoned heiress â exposed the credit card numbers and personal information of 750 subscribers earlier this month, according to an online report. According to the report on The Smoking Gun, the website was tipped off by a reader that a subscriber list on parisexposed.com could be easily accessed by changing a few numbers in the site’s URL.
Read more…
Anti-phishing features inside popular browsers are failing to curb the onslaught of emails that attempt to steal confidential information. Microsoft’s Internet Explorer 7 and Mozilla’s Firefox 2.0 incorporate blacklists that warn users when they attempt to visit known phishing websites.
Read more…
Web developers and computer programmers gathered together for the first Yahoo! âHack Day’ in London at the weekend. The event was the first in a series of open days, held around the world by the internet services giant for anyone to attend and devise innovative applications. The day, which was also hosted by the BBC, aimed to show web developers how to get more out of the data feeds and interfaces provided by the two companies. Representatives from both organisations were on hand to give tips on how to utilise the technology at the event.
Read more…
The CA/Browser Forum, a consortium of four major internet browsers and more than 20 certification authorities, has announced the first set of standardied guidelines to validate the legitimacy of website operators. In the past, sites that issued SSL certificates received little to no scrutiny, Tim Moses, chairman of the forum and the senior director of advanced technology at certification vendor Entrust, told SCMagazine.com today
Read more…
Yahoo patched two vulnerabilities in Messenger’s ActiveX control, which were disclosed by a hacker offering proof-of-concept exploit code earlier this week. The web giant encouraged Messenger users to download version 8.1.0.410 from its website. “The Yahoo Messenger team recently learned of a buffer overflow security issue in ActiveX control. Upon learning of this issue, we began working toward a resolution and implemented a fix to Yahoo Messengerâs software download,” read a statement released today by company spokesman Terrell Karlsten. “We are encouraging all Yahoo Messenger users to download the latest version available at messenger.yahoo.com.”
Read more…
Apple is becoming a favorite target of security researchers these days. In April, there was the US$10,000 CanSecWest hack a Mac contest, and on Monday there was the Safari Web browser. Or the public beta of Safari for Windows, anyway. Just hours after Apple released its first Windows beta of Safari researcher Aviv Raff said he’d found a bug. In an interview, Raff said that it took about three minutes of fuzzing to find the bug and that he hadn’t tested the issue on Mac OS X. So he couldn’t say whether or not it affected Safari on Windows only. The bug causes the browser to crash and “might be exploitable,” according to Raff, meaning it could possibly be used to run malware on the PC.
Read more…
Websense has discovered a new crimeware technique on the YouTube video clips website. When viewed, clips on the site activate a Trojan Horse via a file called âYouTube04567â, which is then downloaded onto the userâs PC. The payload code is an information stealing Trojan Horse which is designed to grab information from the userâs PC. It then uploads any sensitive information from the userâs PC to an undisclosed remote location.
Read more…
Mozilla has released the next-to-last planned alpha edition of Firefox 3.0, the first preview to include a major chunk of the browser’s revamped bookmark and history tool. Alpha 5 of Firefox 3.0, which still carries the codename Gran Paradiso, includes the bookmarks portion of Places, the feature that at one time was slated to appear in Firefox 2.0. Last year, however, Mozilla yanked the searchable bookmark-browser history from 2.0 and said it would appear in 2007′s Version 3.0.
Read more…
Microsoft is preparing to release six software updates on Tuesday, four of which will fix ‘critical’ vulnerabilities in Windows or its components. Two of the ‘critical’ bulletins address flaws in Windows XP, 2000 and Server 2003. A flaw in versions 5.01, 6.0 and 7.0 of Internet Explorer spans all currently supported versions of Windows including Vista. It ranges in severity, however.
Read more…