Browsing Author: Ryan Naraine

Vulnerability Broker Draws Line in Disclosure Sand

[img_assist|nid=6019|title=|desc=|link=none|align=right|width=100|height=100]Looking to put pressure on software vendors who procrastinate on fixing security flaws, the world’s biggest broker of vulnerability data is drawing a line in the sand.Starting August 4, TippingPoint’s Zero Day Initiative (ZDI) will enforce a six-month deadline for patches on all vulnerabilities bought from the security research community and reported to software vendors.


Hacker Demos Remote Attacks Against ATMs

[img_assist|nid=5949|title=|desc=|link=none|align=left|width=100|height=100]LAS VEGAS — Using home-brewed software tools and exploiting a gaping security hole in the authentication mechanism used to update the firmware on automated teller machines (ATMs), a security researcher hacked into ATMs made by Triton and Tranax and planted a rootkit that dispensed cash on demand.


Adobe to Share Vulnerability Data with Security Vendors

[img_assist|nid=5936|title=|desc=|link=none|align=left|width=100|height=100]LAS VEGAS — Adobe’s push to beef up its security posture took another leap forward here with the announcement of plans to start sharing details on software vulnerabilities with security vendors ahead of time to help reduce the window of exposure to hacker attacks.


Safari AutoFill Feature Exposes User Data

[img_assist|nid=5862|title=|desc=|link=none|align=right|width=100|height=100]A prominent security researcher is urging users of Apple’s Safari browser to immediately turn off the AutoFill feature to block hackers from stealing sensitive information.

According to Jeremiah Grossman, founder and Chief Technology Officer of WhiteHat Security, the AutoFill Web Forms feature can be hacked to steal data from the computer’s address book.


Cisco Plugs Code Execution Hole in CDS Internet Streamer

[img_assist|nid=5853|title=|desc=|link=none|align=left|width=100|height=100]Cisco has shipped a critical bulletin to warn about a serious security hole in the Cisco Internet Streamer application, which is part of the Cisco Content Delivery System. In an advisory, Cisco warned that exploitation of this vulnerability may allow a remote, unauthenticated attacker to obtain sensitive information, including password files and system logs.


Dell Ships Malware-Infected Server Motherboard

Categories: Compliance, Malware

[img_assist|nid=5834|title=|desc=|link=none|align=right|width=100|height=100]Dell has confirmed that some of its PowerEdge server motherboards were shipped to customers with malware code on the embedded server management firmware.The infected motherboard was found on replacement Dell PowerEdge R410 rack servers, according to a post on a Dell support forum.


Firefox Hit by Drive-by Download Flaws

[img_assist|nid=5829|title=|desc=|link=none|align=right|width=115|height=115]Mozilla has shipped a mega patch for Firefox to fix a total of 16 security flaws that expose Web surfers to drive-by download, data theft and local bar spoofing attacks.The latest Firefox 3.6.7 update includes fixes for nine “critical” issues that could be exploited to launch remote code execution attacks.  Two of the 16 bugs are rated “high risk” while five carry a “moderate” severity rating.


‘Protected Mode’ Brings Sandbox to Adobe Reader

[img_assist|nid=5808|title=|desc=|link=none|align=left|width=100|height=100]The next major version of Adobe’s PDF Reader will feature new sandboxing technology aimed at curbing a surge in malicious hacker attacks against the widely deployed software.The security feature, called “Protected Mode,” is similar to the Google Chrome sandbox and Microsoft Office 2010 Protected Viewing Mode, according to Adobe’s security chief Brad Arkin.