Adobe Patches Zero-Day Vulnerability

Tuesday, March 10th, 2009

Adobe released a patch today for a zero-day vulnerability under attack by hackers. The patch, available for version 9 of Adobe Reader and Adobe Acrobat, comes a day earlier than the company’s planned release. Patches for earlier versions of the product are still slated for March 18. The vulnerability is the result ...

No User Action Required In Newly Discovered PDF Attack

Tuesday, March 10th, 2009

Merely storing -- without opening -- a malicious PDF file can trigger an attack that exploits the new, unpatched zero-day flaw in Adobe Reader, a researcher has discovered. Didier Stevens, a researcher and IT security consultant with Contrast Europe NV, today released a proof-of-concept demonstration that shows how a file ...

Internet Explorer executes code in pictures

Wednesday, February 11th, 2009

A feature in Internet Explorer, which checked the type of file before presenting it to the user, has been found to allow execution of JavaScript embedded in an image. The MIME sniffing functionality was originally meant to compensate for web servers sending out the wrong content type information when they ...

Facebook Beacon Blocker

Monday, January 26th, 2009

Facebook Beacon is part of Facebook’s advertising efforts. It is basically a cooperation with 44 partner sites who execute JavaScript code on their website sending specific user information to Facebook. Examples would be the popular gaming portal Kongegrate which send information about played games to Facebook, movie reviews published at ...

Google adds HTTPS-only browsing to Chrome

Friday, January 9th, 2009

Google has quietly released a pre-beta version of Google Chrome 2.0 with a new HTTPS-only browsing mode. The new feature lets users add “force-https to your Google Chrome shortcut” to only load Web sites with valid security certificates.   “Sites with SSL certificate errors will not load,” the company explained. The newest Chrome ...