Google has pushed out an update for its Chrome browser that fixes a problem caused by the incident last week in which Microsoft Security Essentials mistakenly detected the browser as the Zeus bot and removed it from some machines. The update should automatically fix any damaged Chrome installations.
Browsing Tag: vulnerabilities
With the resignation of longtime CEO Steve Jobs still looming in its rear view mirror, Apple Computer will be on the marketing offensive this week when it releases a major upgrade to its popular iPhone mobile phone line and talks up a pending update to its iOS mobile operating system.
There is a serious security issue with a variety of HTC Android phones that enables any app with Internet permissions to access a huge amount of private data on the device, including call logs, email addresses, SMS messages, last known GPS location and more. The problem was introduced via an update to the HTC phones that installed a tool called HTCLogger that collects the data.
QR codes have been showing up everywhere in the last few months, from magazine ads to the sides of buses to, oddly, billboards. And now they’ve shown up on the list of ways that attackers are delivering malware to victims, with the emergence of a new Android-based Trojan that is hiding on malicious sites linked to by some QR codes.
With the use of social media platforms such as Twitter, Facebook and Google+ becoming more and more prevalent in the enterprise, companies are having to come to grips with additional security concerns that they bring with them. But, according to the results of a new survey of IT and security professionals, that process is still in its early stages in many companies.
Cisco has patched a string of serious vulnerabilities in its IOS networking software, including some that could be used for remote code execution, and also fixed flaws in some of its other products. In all, Cisco released 10 advisories, nine of which concerned IOS vulnerabilities.
Bug bounty programs have been around in various forms for more than 15 years now, and many of the larger software companies, including Mozilla and Google, have established rewards for people who report bugs. But, aside from the amount of money that’s paid out when bugs are fixed, there hasn’t been much raw data available about the the way the programs operate. Now, Mozilla has released some numbers on its program that show how effective it has been.
Microsoft has relased a security advisory about the TLS/SSL attack developed by Juliano Rizzo and Thai Duong and also has made a FixIt tool available to help server administrators switch on support for newer versions of the protocol that aren’t vulnerable to the attack.
The revelation last week that researchers Thai Duong and Juliano Rizzo had developed a new attack on SSL that gives them the ability to decrypt some protected sessions on the fly sparked a lot of discussions about the inherent problems of the protocol and whether it has outlived its usefulness. But it’s not just SSL that’s the problem; it’s the slow accumulation of security problems in the key protocols and systems on which the Internet–and much of our world–rely that has become the real issue.