Vulnerabilities

Google has fixed more than two dozen vulnerabilities in its Chrome browser and also implemented a defense against the BEAST SSL attack. The bugs fixed in the new version of Chrome include 11 high-severity flaws.

A group of researchers has released a tool that they say implements a denial-of-service attack against SSL servers by triggering a huge number of SSL renegotiations, eventually consuming all of the server’s resources and making it unavailable. The tool exploits a widely known issue with the way that SSL connections work.

There is another Steve Jobs related scam floating around the Internet. According to Trend Micro, this one comes in the form of an email sent from a fake charity organization cleverly titled, Steve Jobs Charity Fund.

Researchers at the Hackers To Hackers Conference in Brazil will detail a method of hijacking the TOR anonymity network, potentially putting its users at risk, while The Tor Project accuses one of the researchers of irresponsible disclosure.

Researchers in Germany have developed an attack that enables them to decrypt supposedly private messages sent via XML. Their attack affects messages encrypted with any of the algorithms supported by the XML encryption standard, including DES and AES.

Microsoft joined Sesame Street as the latest high profile organization to have its official Youtube channel hacked and hijacked, according to a report from GeekWire.

The newest version of the Android mobile operating system includes a major security upgrade, the presence of address space layout randomization (ASLR), which gives users some better protection against memory-corruption exploits.