Vulnerabilities


Experts at PDC Ponder IE 9 Security

Researchers, analysts and experts weighed in on what they believe will be the security features of IE9 at the PDC Developer’s Conference. Read the full article. [eWEEK]


The latest version of Microsoft’s Internet Explorer browser contains
a bug that can enable serious security attacks against websites that
are otherwise safe. The flaw in IE 8 can be exploited to introduce XSS, or cross-site
scripting, errors on webpages that are otherwise safe. Read the full article. [The Register]

For years, Adobe Systems has occupied a quiet corner of the personal-computer industry. Photographers and designers use its software to clean up photos and set up Web sites. Workers everywhere trade electronic documents formatted with Adobe’s programs, often without knowing the company behind the software.  Now Adobe is attracting the unwanted attention of hackers — and security experts are concerned the company isn’t doing enough to repel assaults. Read the full story [BusinessWeek] 

At the SecurityByte & OWASP AppSec Conference in India, Roberto Suggi Liverani and Nick Freeman offered insight into the substantial danger posed by Firefox extensions. Mozilla doesn’t have a security model for extensions and Firefox fully
trusts the code of the extensions. There are no security boundaries
between extensions and, to make things even worse, an extension can
silently modify another extension. Read the full article. [Help Net Security]

The U.S. Food and Drug Administration is pressuring a number of Internet service providers to shut off nearly 12 dozen Web sites alleged to be selling counterfeit or unapproved prescription drugs. The agency said none of the sites represent pharmacies located in the United States or Canada, as most claim. Read the full article. [Washington Post]

The latest release (PHP 5.3.1) features the addition of the “max_file_uploads” INI
directive, which can be used to limit the number of file uploads for
each request to 20 by default. By limiting the number of uploads
per-request, users can prevent possible denial of service (DoS)
attacks. Missing sanity checks around EXIF (exchangeable image file format) processing have also been added. Read the full article. [The H Security]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.