Web Security


Facebook XXX Worm Replaces Profiles

Security researchers have identified a new worm spreading across
Facebook, luring people out to adult Web sites and automatically
replicating itself across people’s profile pages. Read the full article. [internetnews.com]

Experts at PDC Ponder IE 9 Security

Researchers, analysts and experts weighed in on what they believe will be the security features of IE9 at the PDC Developer’s Conference. Read the full article. [eWEEK]


The latest version of Microsoft’s Internet Explorer browser contains
a bug that can enable serious security attacks against websites that
are otherwise safe. The flaw in IE 8 can be exploited to introduce XSS, or cross-site
scripting, errors on webpages that are otherwise safe. Read the full article. [The Register]

At the SecurityByte & OWASP AppSec Conference in India, Roberto Suggi Liverani and Nick Freeman offered insight into the substantial danger posed by Firefox extensions. Mozilla doesn’t have a security model for extensions and Firefox fully
trusts the code of the extensions. There are no security boundaries
between extensions and, to make things even worse, an extension can
silently modify another extension. Read the full article. [Help Net Security]

The latest release (PHP 5.3.1) features the addition of the “max_file_uploads” INI
directive, which can be used to limit the number of file uploads for
each request to 20 by default. By limiting the number of uploads
per-request, users can prevent possible denial of service (DoS)
attacks. Missing sanity checks around EXIF (exchangeable image file format) processing have also been added. Read the full article. [The H Security]

Three alleged members of the hacker gang Kryogeniks were hit with a
federal conspiracy charge for a 2008 stunt that replaced
Comcast’s homepage with a shout-out to other hackers. Prosecutors identified Christopher Allen Lewis, 19, and James Robert
Black Jr., 20, as the hackers “EBK” and “Defiant,” known for hijacking
Comcast’s domain name in May of last year — a prank that took down the
cable giant’s homepage and webmail service for more than five hours,
and allegedly cost the company over $128,000. Read the full article. [Wired] Read the Federal indictment.

Online,
the biggest battle these days is against botnets: networks of infected
computers which hackers can use — unbeknownst to the machine’s owner
— for online crimes including sending out spam or launching a denial
of service attack. The black-hat techniques
employed to snare users into a botnet web have evolved to a level that
makes them often undetectable by even the most sophisticated security
products. Combine that with a lack of user knowledge, and the threat of
infection becomes very high. Read the full article. [CSOonline.com]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.