Tuesday, July 1st, 2008
Our research team has identified a web-based attack technique that exploits the growing number of applications that require a web server being run on a local machine. Cross-Environment Hopping (CEH) is a result of this trend combined with the current limitations in browsers’ same-origin policy access restrictions.
The CEH technique enables ...
Posted in Coding, Internet, Networking, Privacy, Security | No Comments
Tuesday, July 1st, 2008
Another day, another gaping hole affecting fully patched versions of Microsoft’s Internet Explorer browser.According to a warning from US-CERT, proof-of-concept exploit code has been published for a new zero-day bug that can be used for a variety of malicious attacks against Windows users running IE 6, IE 7, and IE ...
Posted in Internet, Privacy, Security, Windows | No Comments
Sunday, June 29th, 2008
Security Fix has often lamented the lack of decent point-and-click software tools to help Microsoft Internet Explorer Web browser users kill insecure "ActiveX controls," plug-ins for IE that have traditionally been among the biggest avenues of attack from spyware and adware. That's why I'm pleased to call attention to a ...
Posted in Internet, Security, Windows | No Comments
Thursday, June 26th, 2008
An unpatched cross-domain vulnerability in Microsoft’s flagship Internet Explorer browser could expose Windows users to cookie hijacks and credentials theft attacks, according to a warning from security researchers.
The zero-day flaw, which has been reported to Microsoft, is a variation of Eduardo Vela’s IE Ghost Busters talk:
Do you believe in ghosts? ...
Posted in Coding, Internet, Privacy, Security, Windows | No Comments
Thursday, June 26th, 2008
Yahoo has fixed a vulnerability that could allow a hacker to get access to a person's webmail account.
The problem was in the way Yahoo's mail interacts with version 8.1.0.209 of its IM application, according to web application security company Cenzic.
Cenzic notified Yahoo of the problem in May, and the company ...
Posted in Coding, Internet, Privacy, Security, Software | No Comments
