Security researchers have found PHP exploit code embedded in a GIF on a major image-hosting site. The exploit code slipped through the site’s defences with the aid of a legitimate image at the beginning of the file, according to a blog post on the Sans Institute’s Internet Storm Center. “It is a clever way to pass exploit code to others without it setting off alarms or attracting attention, all [the] while bypassing network secu… read more »
A website advertising sexually explicit videos starring Paris Hilton — as well as personal mementos lost by the imprisoned heiress — exposed the credit card numbers and personal information of 750 subscribers earlier this month, according to an online report. According to the report on The Smoking Gun, the website was tipped off by a reader that a subscriber list on parisexposed.com could be easily accessed by changing a few numbers in the si… read more »
Anti-phishing features inside popular browsers are failing to curb the onslaught of emails that attempt to steal confidential information. Microsoft’s Internet Explorer 7 and Mozilla’s Firefox 2.0 incorporate blacklists that warn users when they attempt to visit known phishing websites.
Both vendors claim to have been successful in stopping the attacks, but David Jevans, chairman of the Anti-Phishing Working Group (APWG), and chief e… read more »
Web developers and computer programmers gathered together for the first Yahoo! ‘Hack Day’ in London at the weekend. The event was the first in a series of open days, held around the world by the internet services giant for anyone to attend and devise innovative applications. The day, which was also hosted by the BBC, aimed to show web developers how to get more out of the data feeds and interfaces provided by the two companies. Representa… read more »
The CA/Browser Forum, a consortium of four major internet browsers and more than 20 certification authorities, has announced the first set of standardied guidelines to validate the legitimacy of website operators. In the past, sites that issued SSL certificates received little to no scrutiny, Tim Moses, chairman of the forum and the senior director of advanced technology at certification vendor Entrust, told SCMagazine.com today
“Never befo… read more »
Yahoo patched two vulnerabilities in Messenger’s ActiveX control, which were disclosed by a hacker offering proof-of-concept exploit code earlier this week. The web giant encouraged Messenger users to download version 8.1.0.410 from its website. “The Yahoo Messenger team recently learned of a buffer overflow security issue in ActiveX control. Upon learning of this issue, we began working toward a resolution and implemented a fix to Ya… read more »
Apple is becoming a favorite target of security researchers these days. In April, there was the US$10,000 CanSecWest hack a Mac contest, and on Monday there was the Safari Web browser. Or the public beta of Safari for Windows, anyway. Just hours after Apple released its first Windows beta of Safari researcher Aviv Raff said he’d found a bug. In an interview, Raff said that it took about three minutes of fuzzing to find the bug and that he h… read more »
Websense has discovered a new crimeware technique on the YouTube video clips website. When viewed, clips on the site activate a Trojan Horse via a file called “YouTube04567”, which is then downloaded onto the user’s PC. The payload code is an information stealing Trojan Horse which is designed to grab information from the user’s PC. It then uploads any sensitive information from the user’s PC to an undisclosed remote location.
“Altho… read more »
Mozilla has released the next-to-last planned alpha edition of Firefox 3.0, the first preview to include a major chunk of the browser’s revamped bookmark and history tool. Alpha 5 of Firefox 3.0, which still carries the codename Gran Paradiso, includes the bookmarks portion of Places, the feature that at one time was slated to appear in Firefox 2.0. Last year, however, Mozilla yanked the searchable bookmark-browser history from 2.0 and said… read more »
Microsoft is preparing to release six software updates on Tuesday, four of which will fix ‘critical’ vulnerabilities in Windows or its components. Two of the ‘critical’ bulletins address flaws in Windows XP, 2000 and Server 2003. A flaw in versions 5.01, 6.0 and 7.0 of Internet Explorer spans all currently supported versions of Windows including Vista. It ranges in severity, however.
Users of all versions of the browser on… read more »
