Web Security


Mozilla Fixes Crash Bug in Firefox Update

Mozilla has pushed out a new
version of its browser to fix a crash bug inadvertently introduced in its latest Firefox update. Firefox 3.5.5, which Mozilla posted
for download late Thursday, fixes a small number of what the company
called “stability issues” in the release notes that accompanied the
update.

SSL Flaw Has Researchers Hustling to Fix

A flaw in the SSL protocol that could affect company networks, hosting environments and key machines has security researchers scrambling. The flaw, which requires a hack in to a network to launch, has devastating consequences and implications on database and mail servers. Discovered in August by PhoneFactor, the researchers have been working with ICASI to make an industry-wide fix, which is called “Project Mogul.” Researchers Chris Paget and HD Moore are helping to expose the flaw. Read the full article. [Computerworld]

Honeypot Emulates Searched Attacks

A new open-source honeypot project called Glastopf “dynamically emulates vulnerabilities attackers are looking for” and can auto-detect and allow unknown attacks. The project, designed by Lukas Rist, came out of the Google Summer of Code program. ISPs, web hosting companies and researchers can use Glastopf to collect data about attacks, particularly PHP botnets and other Web applications. Read the full article. [Dark Reading]


Amazon said today that it has taken steps to mitigate a security issue in its cloud computing infrastructure that was identified recently by researchers from MIT and the University of California at San Diego. The report described how attackers could search for, locate and attack specific targets in Amazon’s Elastic Computer Cloud (EC2) because of certain underlying vulnerabilities in the infrastructure. Read the full story [Computerworld].

According to new data from ClickForensics, botnet-infected computers are behind the majority of click-fraud attacks against advertisers and publishers.For the third quarter this year, about 43 percent of all fraudulent clicks came from computers within botnets. The figure
is the highest in four years, when Click Forensics began producing
reports. For the same quarter a year ago, botnets accounted for 27.5%
of bad clicks. Read the full story [Jeremy Kirk/IDG News Service]

The Big Story podcast with Ryan Naraine – October 19, 2009 In the debut installment of the ‘Big Story’ podcast, Threatpost editor-in-Chief Ryan Naraine chats with Mozilla VP of Engineering Mike Shaver (right) on his decision to blacklist – then unblock – the controversial Microsoft-created Firefox add-ons.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.