Ryan Naraine

Mozilla Admits Malware Sneaked into Firefox Add-ons

Mozilla says a pair of malicious Firefox add-ons slipped by its security checks and infected approximately 4,600 Windows computers over the last five months.The browser add-ons, described my Mozilla as “experimental,”  contained a Trojan horse that executed when Firefox started and infected the host computer.

Microsoft to Patch 26 Windows, Office Vulnerabilities

Microsoft’s February batch of security patches will be a biggie — 13 bulletins with fixes for a whopping 26 vulnerabilities.

According to an advance notice from the Redmond, Wash. software
vendor, five of the 13 bulletins will be rated “critical” because of
the risk of remote code execution attacks.

Microsoft Confirms New IE Data Leakage Flaw

Microsoft today issued a security advisory to acknowledge an information disclosure hole in its Internet Explorer browser and warned that an attacker could exploit the flaw to access files
with an already known filename and location.The vulnerability was first discussed at this week’s Black Hat DC conference by Jorge Luis Alvarez Medina, a security consultant with Core Security
Technologies.   Microsoft says the risk is highest for IE users running Windows XP or who have disabled the browser’s Protected Mode feature.


Database security expert David Litchfield
has unveiled a critical,
unpatched vulnerability in Oracle’s 11G database software that allows a hacker to take control of an
Oracle database and access or modify information at any security level. Two sections of code within the company’s database
application — one that allows data to be moved between servers and
another that allows management of Oracle’s implementation of java — are
left open to any user, rather than only to privileged administrators.
Those vulnerable subroutines each have their own simple flaws that
allow the user to gain complete access to the database’s contents.  Read the full story [Forbes]

Apple has shipped a patch to cover five documented vulnerabilities that expose iPhone and iPod Touch users to malicious hacker attacks. The most serious flaw could allow remote code execution if an iPhone/iPod Touch user opens audio and image files.

Social networking sites are ideal havens for online criminal activities as they provide a combination of two key factors: a huge number of users and a high-level of trust among these users, cautioned a security specialist. ZDNet Asia spoke to industry experts who highlight the top five security threats enterprises should be mindful about when using social networking sites. Read the full story [ZDNet]

Google has announced that Google Docs will drop support for Microsoft’s nearly nine-year-old Internet Explorer 6 (IE6) browser starting on March 1.Ironically, if Google had taken its anti-IE6 advice to heart before hackers broke into its corporate network last year, it might not now be mulling whether to abandon the Chinese search market. Read the full story [ComputerWorld]

RealNetworks has released patches to cover a total of 11 vulnerabilities in several versions of
RealPlayer for Windows, Mac, and Linux.   The flaws, which could lead to code execution attacks, also affect several versions of the
Helix Player for Linux. Read the full advisory [RealNetworks]