Microsoft Outlook Web Access XSS (MS08-039)

Thursday, July 17th, 2008

Several Cross Site Scripting vulnerabilities were found in within Outlook Web Access (OWA) 2003/2007. An attacker can craft a malicious email which will trigger within a user's browser. Different version of OWA and different clients (Light and Premium) have different attack vectors which can result in an attacker gaining *persistent* ...

Posted in Internet, Security, Windows | No Comments

Opera Arioso!

Tuesday, July 8th, 2008

I'm pretty excited by Opera's Userscripts that allow you to write Javascript files that are far richer than greasemonkey Userscripts -which is also supported by Opera- I've written a security plugin for Opera last night, that attempts to mitigate various Javascript attack vectors. But, one problem for writing a security ...

Posted in Coding, Internet, Privacy, Security | No Comments

Microsoft Unveils New Internet Explorer Security Features

Wednesday, July 2nd, 2008

Internet Explorer's getting a little bit safer. Microsoft Wednesday unveiled significant new security features that will be in the next version of the company's Web browser, Internet Explorer 8, currently in public beta testing. From Microsoft's standpoint, any improvement in security is a plus, and the company seems to be taking ...

Posted in Coding, Internet, Privacy, Security, Windows | No Comments

Cross Environment Hopping

Tuesday, July 1st, 2008

Our research team has identified a web-based attack technique that exploits the growing number of applications that require a web server being run on a local machine. Cross-Environment Hopping (CEH) is a result of this trend combined with the current limitations in browsers’ same-origin policy access restrictions. The CEH technique enables ...

Posted in Coding, Internet, Networking, Privacy, Security | No Comments

Yahoo fixes email cross-site scripting flaw

Thursday, June 26th, 2008

Yahoo has fixed a vulnerability that could allow a hacker to get access to a person's webmail account. The problem was in the way Yahoo's mail interacts with version 8.1.0.209 of its IM application, according to web application security company Cenzic. Cenzic notified Yahoo of the problem in May, and the company ...

Posted in Coding, Internet, Privacy, Security, Software | No Comments

Copyright 2008-2021 PC Sympathy - Entries (RSS) - Sitemap