May 18th, 2010 by sebolani
A high critical zero day vulnerability for Apple’s web browser, Safari, was discovered by Krystian Kloskowski and Vin Lisciandro and published last week by Secunia.
The security issue affects current version of Safari (v. 4.0.5) for Microsoft Windows (confirmed) and probably for Mac. Earlier versions of Safari might also be vulnerable. Successful exploitation of the issue leads to remote code execution or exposure of victim’s private data. Secunia has released advisory SA39670, which explains that the flaw exists because of ‘a use-after-free error when handling pop-up boxes created from a child window’ which can result in a function call using an invalid pointer. It is also stated that it ‘can be exploited to execute arbitrary code when a user visits a specially crafted web page’. Another issue mentioned is that Safari includes HTTP basic authentication credentials in an HTTP request if a web page that requires HTTP basic authentication redirects to a different domain (e.g. via a “Location” header).
Read the rest of this entry »
Tags: apple, exploit, Safari
Posted in security news | No Comments »
May 17th, 2010 by papasav
Google announced 3 days ago it had accidentally picked up on Wi-Fi data while taking photos for Google Maps’ Street View feature.
It used the cars to capture videos through the panoramic cameras and on the move it caught the SSIDs and MAC addresses that identified networks and devices. It didn’t know that as it was taking pictures, the camera system collected ‘useful’ data from Local WiFi Networks. This information which are collected are used to improve the location based services.
Read the rest of this entry »
Posted in Uncategorized | No Comments »
May 15th, 2010 by Nikos Zorakis
According to the security firm Bkis, this worm has delevoped a more efficient way of persuading people follow the steps that lead to the trap and achieving its goals. The main means of spreading are Yahoo Instant Messanger and Skype, so the first indirect contact with the malware is done via a message that is selected from a various set of messages which is followed by a link.
An example of that kind of messages is shown below.
Read the rest of this entry »
Posted in security news | No Comments »
May 14th, 2010 by galea
A recent critical vulnerability has been identified in Windows Outlook Express, Windows Mail and Windows Live Mail. This security issue can allow remote code execution if the users visits a malicious e-mail server. The attacker can gain the same privileges of the computer as the user has.The security update addresses the vulnerability by correctly validating e-mail server responses.Patches have been released.
source:
http://www.theregister.co.uk/2010/05/12/may_patch_tuesday/
http://www.microsoft.com/technet/security/Bulletin/MS10-030.mspx
Posted in security news | No Comments »
April 28th, 2010 by boulouk
The cross-site scripting enables malicious attackers to inject client-side script into web pages viewed by other users. As The Register reported in November, Internet explorer 8 contains a bug and can be exploited to introduce cross-site scripting. In other words the attacker can figure out a flaw in IE 8 as a result to create a specific string to tranformed into an actual attack on the web page.
Read the rest of this entry »
Posted in security news | No Comments »
April 27th, 2010 by angelpap
Clickjacking is a hacking technique first seen in 2008 that fools users in to clicking on elements hidden in a iframe. It seems not to be so dangerous hacking technique as the cross-site scripting and cross-site request forgery but it is expected to extend to a powerfool tool for hacking web applications. For this reason a tool has been introduced at the Black Hat security conference in Barcelona by Context developer Paul Stone which will be helpful to improve clickjacking defences.
Click here for more details
Posted in security news | No Comments »
April 26th, 2010 by hickson
A recent security update for McAfee Antivirus made systems reboot abnormally or loose network access for extended periods of time, causing a lot of damage to hospitals, companies and schools that used this particular anti-virus. The bugged update only affected computers running Windows XP Service Pack 3 and caused them running in a reboot loop or loosing network access. The problem was caused by a virus definition file, which misinterpreted a vital system file (svchost.exe) as a virus and quarantined it, causing the system not to work properly and eventually rebooting. McAfee immediately removed the faulty update file from their servers preventing any further impact.
Read the rest of this entry »
Posted in Uncategorized | No Comments »
April 24th, 2010 by chmath
Researchers have shown how easy is to find the number of most US-based mobile phone structural cracks in GSM mobile networks and to track practically any GSM-enabled handset through the world.
In the end of 2008 Tobias Engel demonstrated how to find the whereabouts of mobile phones by tapping into mobile network databases. An independent researcher Nick DePetrillo from the Source Conference in Boston Wednesday, and Don Bailey of iSec Partners proved how with related techniques it is possible to find a person’s spot even when his number is unknown and to gather other details which most users assume are undetectable.
Read the rest of this entry »
Tags: attack, hack, mobile phones
Posted in security news | No Comments »
April 19th, 2010 by sebolani
A trojan ,which spreads itself through a peer to peer network called Winni, commonly used by Japanese people, is responsible for gathering personal data from the victims and publish them into the web, according to BBC’s artice.
The Kenzero Trojan is included in a fake adult anime game which is shared through Winni P2P network. When a victim downloads and executes the file, the malware scans victim’s computer for personal information, such us Computer name, browsing history, downloaded files, favourite pages, OS version and clipboard dump while it opens a registration installation window demanding personal information. After gathering all posible information, it publishes them on a public web page and sends an email from a company “Romancing, Inc.” which accuse victims for downloading copyrighted material. The mail includes a law threat to the victims to settle the copyright violation and offers to resolve it for a 1500 yen (~16$) fee. Also, as noted in Trend Micro’s Blog article, it also downloads ,in victim’s computer, 3 copyrighted MP3 files, possibly to extend the threat.
More than 1500 people reported that fell victims of the malware, according to local paper Yomiuri Shimbun, however its unknown how many payed the copyright infringement fee.
That’s the second similar issue this week as earlier was reported, here, a fake ICCP Foundation which demanded 400$ for copyright issues.
Tags: copyright, malware, trojan
Posted in security news | No Comments »
April 17th, 2010 by papasav
After 24 hours of the iPad’s official release, the “usual suspects” already gained root access to iPad. Jailbreak is a method of hacking an iPhone, iPod, iPad to install non-Apple-approved programs and run system hacks.
Read the rest of this entry »
Posted in Uncategorized | No Comments »
