Sunday, May 11th, 2008
This is not good. Researchers from INSERT found a vulnerability in the Gmail engine that could allow spammers to forward mail through Google, thereby bypassing blacklists and being accepted by whitelists. It works by using the same forwarding features that allow users, myself included, to forward their email through ...
Posted in Internet, Privacy, Security | No Comments
Thursday, May 8th, 2008
Microsoft's Vista operating system is more susceptible to malware than Windows 2000, and though it's 37% more secure than Windows XP, it's still too vulnerable.That's the contention of security vendor PC Tools, which has a financial interest in the vulnerability of Microsoft's software.
"Ironically, the new operating system has been hailed ...
Posted in Internet, Privacy, Security, Windows | No Comments
Wednesday, May 7th, 2008
In PHP there exist two functions to escape shell commands or arguments to shell commands that are used in PHP applications to protect against shell command injection vulnerabilities.
- escapeshellcmd()
- escapeshellarg()
Unfortunately it was discovered that both functions fail to protect against shell command injection when the shell uses a locale with ...
Posted in Coding, PHP, Security | No Comments
Wednesday, May 7th, 2008
Since version 4.2.0 PHP automatically seeds the random number generators on the first usage of rand() and mt_rand(). This is done with the help of the GENERATE_SEED() macro.
Unfortunately it was discovered that the GENERATE_SEED() macro contains several problems that can lead to a weaker seed than expected. In the worst ...
Posted in Coding, PHP, Security | No Comments
Monday, May 5th, 2008
Nowadays, who understands Di-Di-Di-Da-Da-Da-Di-Di-Dit (S.O.S., Save Our Souls)? Few people do, but your web browser just might. In his blog, security expert Nathan McFeters has reported the discovery of a cross-site scripting (XSS) vulnerability on an Italian website that allows attackers to inject malicious JavaScript encoded in Morse code in ...
Posted in Coding, Internet, Privacy, Security | No Comments
Thursday, May 1st, 2008
Security's rising star, Webroot, plans to offer web and malware filtering as a service to SMBs, the first vendor of any size to offer such a capability in subscription form.
The software-as a service (SaaS) model, which extends the email filtering service already offered by the company, will appeal to smaller ...
Posted in Internet, Privacy, Security, Software | No Comments
Wednesday, April 30th, 2008
This paper will help you configure your web browser for safer internet surfing. It is written for home computer users, students, small business workers, and any other person who works with limited Information Technology (IT) support and broadband (cable modem, DSL) or dial-up connectivity. Although the information in this document may ...
Posted in Internet, Linux, Privacy, Security, Windows | No Comments
Monday, April 28th, 2008
Two vulnerabilities have been reported in WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and to compromise a vulnerable system.
1) A vulnerability is caused due to improper access restriction of the administration section. This can be exploited to bypass the authentication ...
Posted in Coding, Internet, Security, Software | No Comments
Saturday, April 26th, 2008
It works seamlessly with any hardware and operating system combination supporting USB keyboards such as Windows, MacOS, Linux and others. The Key generates and sends unique time-variant authentication codes by emulating keystrokes through the standard keyboard interface. The computer to which the Key is attached receives this authentication code character ...
Posted in Hardware, Privacy, Security | No Comments
Saturday, April 26th, 2008
WordPress 2.5.1 came out recently. It includes a critical security fix for a cookie integrity bug that would allow an attacker to impersonate other users, including WordPress admins, by manipulating the contents of an HTTP cookie. Whenever I read about a vulnerability predicated on the user identity being embedded ...
Posted in Coding, Internet, Privacy, Security, Software | 1 Comment
