ActiveX module in Microsoft Works opens up security hole

Friday, April 18th, 2008

A demonstration of a security hole in the Microsoft Works Image Server (WkImgSrv.dll) ActiveX module contained in the Microsoft Works office suite has appeared on the Bugtraq mailing list. The demo appears to only cause a system crash. McAfee, however, has already found fully functional exploits which allow attackers to ...

ISPs accused of tampering with web pages

Wednesday, April 16th, 2008

About one percent of the Internet web pages are being changed in transit, sometimes in a harmful way, according to researchers at the University of Washington. In a paper, set to be delivered Wednesday, the researchers document some troubling practices. In July and August they tested data sent to about 50,000 ...

Vulnerability in Google spreadsheets allows cookie stealing

Monday, April 14th, 2008

Security researcher Billy Rios has discovered a vulnerability in Google Spreadsheets which attackers can exploit using links to crafted tables to steal a user's cookie. According to Rios, the victim has to follow such a link in Internet Explorer. The stolen cookie can be used to access all Google services ...

ActiveX is least secure plug-in

Monday, April 14th, 2008

ActiveX controls made up most of all browser plug-in vulnerabilities in the second half of 2007, according to Symantec. The company has just released its semi-annual web security report and in it said that Microsoft's technology, primarily used to create add-ins for Internet Explorer, accounted for 79 percent of the 239 ...

ActiveX KillBits

Thursday, April 10th, 2008

The CLSID for an ActiveX control is a GUID for that control. You can prevent an ActiveX control from running in Internet Explorer by setting the kill bit so that the control is never called by Internet Explorer when default settings are used. The kill bit is a specific value for ...

Microsoft Details Internet Explorer 8 Security

Wednesday, April 9th, 2008

At the RSA Security Conference I caught up with Austin Wilson, Microsoft 's Director of Windows Product Management and learned a few tidbits about security enhancements coming in Internet Explorer 8. IE8 will address three specific areas where security can be a problem: social engineering, traditional browser vulnerabilities, and attacks ...

Microsoft Plans Five ‘Critical’ Security Updates For Windows, Explorer

Thursday, April 3rd, 2008

Microsoft said Thursday that it plans to release eight software updates for the Windows operating system and Internet Explorer Web browser to patch security holes, five of which the company described as "critical."Microsoft said it plans to release the updates on April 8. PC users can determine if they need ...

Top 10 Harmless Geek Pranks

Monday, March 31st, 2008

Since the dawn of time, geeks have been playing harmless pranks on their beloved (but unsuspecting) associates, and it's up to all of us to carry the torch forward. On the eve of April Fools' Day, when you've got local network access to your coworkers' and family systems, cubicles just ...

Does IE 8 Equal Safer Surfing?

Monday, March 24th, 2008

Microsoft is promising that the upcoming IE (Internet Explorer) 8 will be the safest and most secure version of its Web browser yet. Of course, everyone has heard this song before. Still, with the addition of two significant new security features, it's hard to argue that the new release won't ...

Set Internet Explorer and Firefox to maximize your security

Wednesday, March 19th, 2008

Modern browsers are much better than their predecessors at keeping your Web activity private and your data safe. Still, you may not have your browser configured to provide optimum security. Take a few minutes to give Internet Explorer 7 and Firefox 2 a safety check. Batten down IE7's hatches The version of ...