Tuesday, June 24th, 2008
Adobe has shipped a critical update to patch a code execution vulnerability affecting multiple versions of its Reader and Acrobat products.
According to Adobe’s advisory, the flaw “could potentially allow an attacker to take control of the affected system.”
If you have Adobe Reader or Acrobat installed on your machine, this update ...
Posted in Coding, Internet, Security, Software | No Comments
Wednesday, June 18th, 2008
Less than one day after its launch, Firefox 3 has a vulnerability.
According to Tipping Point's Zero Day Initiative, the vulnerability, which it rates as critical, was reported within the first five hours of Firefox 3's release.
"Once the vulnerability was verified in TippingPoint's DVLabs and acquired from the researcher, the vulnerability ...
Posted in Internet, Security, Software | No Comments
Tuesday, June 17th, 2008
An Australian man has discovered security vulnerabilities in his Internet-connected coffee maker that could allow a remote attacker to not only take over his Windows XP-based PC but also make his coffee too weak.
Craig Wright, a risk advisory services manager at professional services firm BDO, found several security holes, including ...
Posted in General BS, Hardware, Internet, Networking, Security | No Comments
Monday, June 16th, 2008
In this era in which software, especially prominent software, must be presumed to be under attack, you need the best tools to defend yourself. Much has been made of security features built into Windows Vista, such as IE Protected Mode, which accrue to all users. However, programmers can easily gain ...
Posted in Security, Windows | No Comments
Monday, June 16th, 2008
The vulnerability known as the Safari carpet bomb has still not been fixed, despite Microsoft releasing a security update for Internet Explorer last Tuesday evening. The consensus is that Microsoft's browser is the main cause of the problem, which can create a security hole in combination with Apple's Safari.
When Internet ...
Posted in Coding, Internet, Privacy, Security, Software, Windows | No Comments
Saturday, June 14th, 2008
Cross-Site Scripting (XSS) is an attack that's pretty basic to detect, pretty basic in execution, and you'd think that it would be rather simple to understand. Unfortunately this is apparently not the case. I won't go into the details of Cross-Site Scripting because others have beat that to death - ...
Posted in Coding, Internet, Privacy, Security | No Comments
Wednesday, June 11th, 2008
A hacker has posted attack code that exploits critical flaws in the Safari and Internet Explorer Web browsers.
The source code, along with a demo of the attack, was posted Sunday on a computer security blog. It can be used to run unauthorized software on a victim's machine, and could be ...
Posted in Coding, Internet, Privacy, Security, Windows | No Comments
Tuesday, June 10th, 2008
If you're looking for a vulnerability scanner, chances are you've come across a number of expensive commercial products and tools with long lists of features and benefits. Unfortunately, if you're in the same situation as most of us, you simply don't have the budget to implement fancy high-priced systems. You ...
Posted in Coding, Internet, Linux, Networking, Privacy, Security, Software, Windows | No Comments
Monday, June 9th, 2008
Here is a list of new security tools that were released in the past week.
SQL Ninja 0.2.3 - SQL server injection and takeover tool
fgdump 2.1.0 - Tool for mass password auditing of windows systems
AxBan 1.0.0.4 - ActiveX killbit program
Nmap 4.65 - Network port scanner
Nessus 3.2.1 - Vulnerability assessment tool
Immunity Debugger ...
Posted in Coding, General BS, Internet, Linux, Networking, Privacy, Security, Software, Windows | No Comments
Tuesday, June 3rd, 2008
Access-Me allows users to test their web applications for authentication vulnerabilities. With this first release the user will be able to:
Resubmit the current page without session tokens
Resubmit the current page using different HTTP verbs (HEAD/SECCOM)
View reports on how the application handled the requests.
Access-Me 0.1 is available ...
Posted in Privacy, Security | No Comments
