True to form, Billy Rios promised a more in depth look at the MSFA2008-35 vulnerability which is another protocol handler flaw in Firefox 3. As previously reported here, this was another protocol handler flaw that led to arbitrary remote command execution, and is especially dangerous since it can be deployed widely through the use of a cross-site scripting attack vector.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is an outspoken and controversial author and journalist; she contributes to ZDNet, CNET, CBS News and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
Wow, big morning! If anyone has seen Nitesh Dhanjani and Billy Rios's talk on phishing and identity theft, which was presented at the last couple Black Hat conferences, and will be on display again at Black Hat Vegas, you know that the identity theft market is a huge problem.
On July 7, the day before the release of the patch for the now infamous DNS design flaw, hacker Dan Kaminsky (with the help of Black Hat conference organizers) invited reporters to a press conference to "discuss the massive multivendor patch being released this Tuesday.""A synchronized release of this magnitude has not happened before," read the invitation sent to the Black Hat conference press list.
[ UPDATE: Kaminsky has all but confirmed that, yes, the cat is out of the bag ]It looks very much like the nitty gritty of Dan Kaminsky's super-secret -- and heavily hyped -- DNS cache poisoning vulnerability has been figured out by reverse engineering guru Halvar Flake.Clearly irked by a demand request from Kaminsky and others to avoid speculating on the details of the flaw until the patch is fully deployed, Flake (left) published a guess on how to reliably forge and poison DNS lookups.
Well, after getting 134 nominations, and spending countless hours pulling out nominees, the judges for the 2008 Pwnie Awards have announced the final nominees to be voted on. From the site:The final list of nominees for the nine Pwnie Award categories is finally published.
According to Zone-h.org, Kaspersky's Malaysian site has been defaced by a Turkish hacker during the weekend, through a SQL injection, leaving the following message - "hacked by m0sted And Amen Kaspersky Shop Hax0red No War Turkish Hacker Thanx to Terrorist Crew all team members".
After analyzing three weeks of spam data between June 13 to July 3, 2008, Roaring Penguin Software Inc. found evidence that spam originating from the top three free email providers (Gmail, Yahoo Mail and Hotmail) is increasing, with spammers in favor of abusing Gmail's privacy preserving feature of not including the sender's original IP in outgoing emails :"Spammers are increasingly using free e-mail providers to avoid IP address-based reputation systems.
Update: It would seem that Richard Stiennon agrees with me on the concept of a group of experts to advise, also on keeping away from spending ridiculous amounts of money.Cyber-terrorism...
Well, eight days, and a joint effort to help prevent phishing and two major arrests related to identity theft, and I feel like we've made a decent attack on the identity theft culture. Score one for the good guys for once.
Security alerts aggregator Secunia has raised an alarm for a "highly critical" vulnerability that puts users of the BlackBerry Enterprise Server at risk of code execution attacks.Technical details of bug are not available but Secunia says it is caused by an unspecified error in the BlackBerry Attachment Service when processing PDF files.