Thursday, July 17th, 2008
Several Cross Site Scripting vulnerabilities were found in within Outlook Web Access (OWA) 2003/2007. An attacker can craft a malicious email which will trigger within a user's browser. Different version of OWA and different clients (Light and Premium) have different attack vectors which can result in an attacker gaining *persistent* ...
Posted in Internet, Security, Windows | No Comments
Tuesday, July 8th, 2008
I'm pretty excited by Opera's Userscripts that allow you to write Javascript files that are far richer than greasemonkey Userscripts -which is also supported by Opera- I've written a security plugin for Opera last night, that attempts to mitigate various Javascript attack vectors. But, one problem for writing a security ...
Posted in Coding, Internet, Privacy, Security | No Comments
Wednesday, July 2nd, 2008
Internet Explorer's getting a little bit safer. Microsoft Wednesday unveiled significant new security features that will be in the next version of the company's Web browser, Internet Explorer 8, currently in public beta testing.
From Microsoft's standpoint, any improvement in security is a plus, and the company seems to be taking ...
Posted in Coding, Internet, Privacy, Security, Windows | No Comments
Tuesday, July 1st, 2008
Our research team has identified a web-based attack technique that exploits the growing number of applications that require a web server being run on a local machine. Cross-Environment Hopping (CEH) is a result of this trend combined with the current limitations in browsers’ same-origin policy access restrictions.
The CEH technique enables ...
Posted in Coding, Internet, Networking, Privacy, Security | No Comments
Thursday, June 26th, 2008
Yahoo has fixed a vulnerability that could allow a hacker to get access to a person's webmail account.
The problem was in the way Yahoo's mail interacts with version 8.1.0.209 of its IM application, according to web application security company Cenzic.
Cenzic notified Yahoo of the problem in May, and the company ...
Posted in Coding, Internet, Privacy, Security, Software | No Comments