Thursday, July 17th, 2008
Several Cross Site Scripting vulnerabilities were found in within Outlook Web Access (OWA) 2003/2007. An attacker can craft a malicious email which will trigger within a user's browser. Different version of OWA and different clients (Light and Premium) have different attack vectors which can result in an attacker gaining *persistent* ...
Posted in Internet, Security, Windows | No Comments
Thursday, July 17th, 2008
Cryptography expert Bruce Schneier, in conjunction with a research group, has studied the security of TrueCrypt, to see whether it meets the specifications for a 'Deniable File System' (DFS) – implemented in TrueCrypt as hidden volumes – and is really able to conceal the existence of a volume within a ...
Posted in Internet, Privacy, Security, Software, Windows | No Comments
Wednesday, July 16th, 2008
Mozilla Corp. has patched a pair of critical vulnerabilities in Firefox, taking the unusual step of updating the older version 2.0 on Tuesday but delaying the fixes for the newer version 3.0 until Wednesday.
Both updates, labeled Firefox 2.0.0.16 and Firefox 3.0.1, plug two holes rated "critical" by Mozilla, which uses ...
Posted in Internet, Security | No Comments
Wednesday, July 16th, 2008
Crafted Portable Document Format files can allow an attacker to gain control of a BlackBerry server. According to a security advisory from BlackBerry vendor RIM, the bug is in the PDF Distiller component of the Attachment Service, which runs on the server and prepares PDF email attachments for display on ...
Posted in Internet, Networking, Privacy, Security, Software | No Comments
Monday, July 14th, 2008
Security researcher and author Kris Kaspersky plans to demonstrate how an attacker can target flaws in Intel's microprocessors to remotely attack a computer using JavaScript or TCP/IP packets, regardless of what operating system the computer is running.
Kaspersky will demonstrate how such an attack can be made in a presentation at ...
Posted in Hardware, Security | No Comments
