Archive

Archive for the ‘Webappsec’ Category

PHP exploit code found on image-hosting site

June 23rd, 2007 zdnet.co.uk No comments

Security researchers have found PHP exploit code embedded in a GIF on a major image-hosting site. The exploit code slipped through the site’s defences with the aid of a legitimate image at the beginning of the file, according to a blog post on the Sans Institute’s Internet Storm Center. “It is a clever way to pass exploit code to others without it setting off alarms or attracting attention, all [the] while bypassing network security tools,” the blog noted.

Read more…

Categories: General News, Random Security, Webappsec Tags:

Paris Hilton video website exposed credit card details

June 23rd, 2007 scmagazine.com No comments

A website advertising sexually explicit videos starring Paris Hilton — as well as personal mementos lost by the imprisoned heiress — exposed the credit card numbers and personal information of 750 subscribers earlier this month, according to an online report. According to the report on The Smoking Gun, the website was tipped off by a reader that a subscriber list on parisexposed.com could be easily accessed by changing a few numbers in the site’s URL.

Read more…

Categories: General News, Random Security, Webappsec Tags:

New browsers fail to curb phishing

June 20th, 2007 vnunet.com No comments

Anti-phishing features inside popular browsers are failing to curb the onslaught of emails that attempt to steal confidential information. Microsoft’s Internet Explorer 7 and Mozilla’s Firefox 2.0 incorporate blacklists that warn users when they attempt to visit known phishing websites.

Read more…

Categories: Random Security, Webappsec Tags:

London hosts first Yahoo! ‘Hack Day’

June 18th, 2007 scmagazine.com No comments

Web developers and computer programmers gathered together for the first Yahoo! ‘Hack Day’ in London at the weekend. The event was the first in a series of open days, held around the world by the internet services giant for anyone to attend and devise innovative applications. The day, which was also hosted by the BBC, aimed to show web developers how to get more out of the data feeds and interfaces provided by the two companies. Representatives from both organisations were on hand to give tips on how to utilise the technology at the event.

Read more…

Categories: General News, Webappsec Tags:

New guidelines published for vetting website legitimacy

June 18th, 2007 scmagazine.com No comments

The CA/Browser Forum, a consortium of four major internet browsers and more than 20 certification authorities, has announced the first set of standardied guidelines to validate the legitimacy of website operators. In the past, sites that issued SSL certificates received little to no scrutiny, Tim Moses, chairman of the forum and the senior director of advanced technology at certification vendor Entrust, told SCMagazine.com today

Read more…

Categories: General News, Random Security, Webappsec Tags:

Yahoo patches Messenger ActiveX control flaws

June 12th, 2007 scmagazine.com No comments

Yahoo patched two vulnerabilities in Messenger’s ActiveX control, which were disclosed by a hacker offering proof-of-concept exploit code earlier this week. The web giant encouraged Messenger users to download version 8.1.0.410 from its website. “The Yahoo Messenger team recently learned of a buffer overflow security issue in ActiveX control. Upon learning of this issue, we began working toward a resolution and implemented a fix to Yahoo Messenger’s software download,” read a statement released today by company spokesman Terrell Karlsten. “We are encouraging all Yahoo Messenger users to download the latest version available at messenger.yahoo.com.”

Read more…

Categories: General News, Webappsec Tags:

Safari for Windows hacked already

June 12th, 2007 newsnow.co.uk No comments

Apple is becoming a favorite target of security researchers these days. In April, there was the US$10,000 CanSecWest hack a Mac contest, and on Monday there was the Safari Web browser. Or the public beta of Safari for Windows, anyway. Just hours after Apple released its first Windows beta of Safari researcher Aviv Raff said he’d found a bug. In an interview, Raff said that it took about three minutes of fuzzing to find the bug and that he hadn’t tested the issue on Mac OS X. So he couldn’t say whether or not it affected Safari on Windows only. The bug causes the browser to crash and “might be exploitable,” according to Raff, meaning it could possibly be used to run malware on the PC.

Read more…

Categories: Random Security, Webappsec Tags:

YouTube Trojan steals user data

June 11th, 2007 newsnow.co.uk No comments

Websense has discovered a new crimeware technique on the YouTube video clips website. When viewed, clips on the site activate a Trojan Horse via a file called “YouTube04567”, which is then downloaded onto the user’s PC. The payload code is an information stealing Trojan Horse which is designed to grab information from the user’s PC. It then uploads any sensitive information from the user’s PC to an undisclosed remote location.

Read more…

Categories: General News, Random Security, Webappsec Tags:

New Firefox 3.0 preview goes ‘Places’

Mozilla has released the next-to-last planned alpha edition of Firefox 3.0, the first preview to include a major chunk of the browser’s revamped bookmark and history tool. Alpha 5 of Firefox 3.0, which still carries the codename Gran Paradiso, includes the bookmarks portion of Places, the feature that at one time was slated to appear in Firefox 2.0. Last year, however, Mozilla yanked the searchable bookmark-browser history from 2.0 and said it would appear in 2007′s Version 3.0.

Read more…

Categories: General News, Webappsec Tags:

Microsoft readies four ‘critical’ June patches

June 8th, 2007 vnunet.com No comments

Microsoft is preparing to release six software updates on Tuesday, four of which will fix ‘critical’ vulnerabilities in Windows or its components. Two of the ‘critical’ bulletins address flaws in Windows XP, 2000 and Server 2003. A flaw in versions 5.01, 6.0 and 7.0 of Internet Explorer spans all currently supported versions of Windows including Vista. It ranges in severity, however.

Read more…

Categories: Random Security, Webappsec Tags: