Browsing Author: Ryan Naraine

Critical Flaws Haunt VLC Media Player

[img_assist|nid=4529|title=|desc=|link=none|align=left|width=100|height=100]VideoLAN has released a security advisory to address multiple vulnerabilities in the VLC Media Player. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

Read more...

Privacy Tool Sidesteps Google’s Data Collection

[img_assist|nid=4509|title=|desc=|link=none|align=right|width=100|height=100]BOSTON — Privacy advocate Moxie Marlinspike used the spotlight of the SOURCE conference here to call attention to Google’s data harvesting practices, warning that the search engine giant can mine information to figure out even what Web surfers are thinking about.

Read more...

Social Engineering Attacks Prove Failure of User Education

Categories: Malware, Vulnerabilities

[img_assist|nid=4478|title=|desc=|link=none|align=right|width=100|height=100]BOSTON — A prominent security consultant is urging a rethink of the way businesses handle user education and awareness, warning that the way attackers have latched on to social engineering techniques makes it difficult to cope with hacker attacks.

Read more...

Microsoft to Fix IE 8 XSS Filter Security Problems

[img_assist|nid=4385|title=|desc=|link=none|align=right|width=100|height=100]On the heels of a Black Hat EU presentation that exposed security problems with the cross-site scripting (XSS) filter in Internet Explorer 8, Microsoft plans to ship an update to the filter to fix what is hopefully the last remaining attack scenario.

Read more...

NYTimes Report: Attackers Hit Google’s Password System

[img_assist|nid=4423|title=|desc=|link=none|align=left|width=100|height=100]The New York Times is reporting that Google’s password system was compromised during a targeted attack last December.The system, called Gaia or Single Sign-On,  controls access by millions of users worldwide to almost all of the company’s Web services, including e-mail and business applications.

Read more...

Palm Pwned: Researchers Hack WebOS With Text Messages

[img_assist|nid=4404|title=|desc=|link=none|align=left|width=100|height=100]Security researchers at the Intrepidus Group have hacked into Palm’s new WebOS platform, using nothing more than text messages to exploit a slew of dangerous web app vulnerabilities.

Read more...

The iPad: As Insecure As The iPhone

Categories: Malware, Vulnerabilities

[img_assist|nid=4403|title=|desc=|link=none|align=right|width=100|height=100]Forbes reporter Andy Greenberg polled a group of security researchers about the security posture of Apple’s new iPad device and comes away with a simple conclusion:  The iPad is just as insecure as the iPhone.  Some quotes from the story:

Read more...

Cisco Plugs Critical Secure Desktop ActiveX Hole

Categories: Malware, Vulnerabilities

[img_assist|nid=4392|title=|desc=|link=none|align=right|width=100|height=100]The Cisco Secure Desktop contains a vulnerable ActiveX control that could allow an attacker to execute arbitrary code with the privileges of the user who is currently logged into the affected system, according to a warning from the networking vendor.

Read more...

Sun About Face: Out-of-Cycle Java Update Patches Critical Flaw

Categories: Vulnerabilities

[img_assist|nid=4368|title=|desc=|link=none|align=right|width=82|height=111]In a sudden about-face, Sun has rushed out a Java update to fix a drive-by download vulnerability that exposed Windows users to in-the-wild malware attacks.The patch comes less than a week after Sun told a Google researcher it did not consider the issue serious enough to warrant an out-of-cycle patch and less than a day after researchers spotted live exploits on a booby-trapped song lyrics Web site.

Read more...