Browsing Category: Vulnerabilities

Categories: Vulnerabilities

The two most highly publicized vulnerability disclosures last year also were the most highly criticized disclosures: Dan Kaminsky’s DNS bug and the SSL flaw discovered by a group of independent and academic researchers. The two events played out in similar fashions, with some details coming out in advance of the full disclosures, a partial disclosure, if you will. And that’s where the trouble started.

Read more...

Categories: Vulnerabilities

Charlie Miller (right), the security researcher who won last year’s Pwn2Own hacker contest, is predicting that Apple’s Safari browser will be the easiest target this year.
In a note posted on the popular Daily Dave mailing list, Miller describes Safari as “easy pickin’s” and forecasts that at least four zero-day Safari flaws will be used during the contest at CanSecWest later this month.

Read more...

Categories: Vulnerabilities

Opera Software has shipped a high-priority security patch for its flagship Web browser to plug at least three vulnerabilities that expose Windows users to code execution and cross-domain scripting attacks.
The Opera 9.64 upgrade also adds support for DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization), two anti-exploitation mechanisms that helps to limit the damage from malware attacks on the Windows platform.

Read more...

Categories: Vulnerabilities

The open-source PHP Group has issued a patch for at least four security flaws in the widely-used general-purpose scripting language.
With PHP 5.2.9 (see announcement), the PHP development team corrects a total of 50 bugs, including a publicly-known flaw that allows attackers to read the contents of arbitrary memory locations in certain situations.

Read more...