Tuesday, July 1st, 2008
Another day, another gaping hole affecting fully patched versions of Microsoft’s Internet Explorer browser.According to a warning from US-CERT, proof-of-concept exploit code has been published for a new zero-day bug that can be used for a variety of malicious attacks against Windows users running IE 6, IE 7, and IE ...
Posted in Internet, Privacy, Security, Windows | No Comments
Thursday, May 29th, 2008
Web developer Aza Raskin knows we visit Digg, Del.icio.us, Reddit and Facebook without even having to ask.
No, he isn't employing privacy violating hackery, but he is exploiting a "cute" information leak in CSS that traditionally displays visited links differently than those that have yet to be visited. By loading in ...
Posted in Coding, Internet, Privacy, Security | No Comments
Wednesday, May 21st, 2008
I forgot to tell you all about this actually. I found this about 8 months back and never discussed it for various reasons. Since I saw that Mozilla has fixed a lot of memory leaks inside Firefox 2/3, I guess it's safe to say I can talk about this now. ...
Posted in Coding, Internet, Privacy, Security, Software | No Comments
Wednesday, May 7th, 2008
A loyal ISC reader, Rob, wrote in to point us at what looks to be a SQL Injection worm that is on the loose. From a quick google search it shows that there are about 4,000 websites infected and that this worm started at least mid-April if not earlier. Right ...
Posted in Coding, Internet, Privacy, Security | No Comments
Friday, April 11th, 2008
Up to 80% of Web sites flagged as malicious by antivirus and search engine indexes are legitimate businesses, according to security experts.
Experts said while the security industry is on top of conventional spam and phishing attacks, more effort needs to be put into preventing and eliminating so-called drive-by-downloads.
The attacks allow ...
Posted in Internet, Security | No Comments
Wednesday, April 2nd, 2008
Injected iframes into legitimate sites are becoming more and more common these days. One of the latest targets is a Chinese government site at www.zhangzhu.gov.cn:
Please note that while the site adminstrators have been notified, the injected iframe is still present in the site at the time of this posting.
The iframe ...
Posted in Coding, Internet, Security | No Comments
Friday, March 28th, 2008
Last week's massive IFRAME injection attack is slowly turning into a what looks like a large scale web application vulnerabilities audit of high profile sites. Following the timely news coverage, Symantec's rating for the attack as medium risk, StopBadware commenting on XP Antivirus 2008, and US-CERT issuing a warning about ...
Posted in Coding, Internet, Privacy, Security | No Comments
