Of the four browsers that were targeted in this year’s Pwn2Own contest at CanSecWest, only Google Chrome wasn’t successfully hacked despite the $5000 reward offered: The contest uncovered 4 new and unique critical vulnerabilities affecting the latest and greatest versions of IE, Safari and FireFox. The Chrome browser gets a small nod for being impacted by one [...]
Entries for March, 2009
Almost a month after admitting there was an easily exploitable buffer overflow in its Reader product, Adobe has finally managed to produce patches for Adobe Reader versions 7 and 8.
If the rumors about IBM buying Sun weren’t enough, this news should prove once and for we live in interesting times: Silverlight has made its way to YouTube. It’s used on the CBS March Madness channel, and the feeds themselves are not served by Google, but it is an interesting development nonetheless.
Along with the release of Microsoft’s Internet Explorer 8, a report by research firm NSS was presented that shows the new version of Internet Explorer is better at protecting users from malware. The (Microsoft-sponsored) study looked at the blacklist features of all modern browsers, using real malware URL’s, over a period of several days. The [...]
… when it doesn’t patch! That was an easy question, but Microsoft has a different opinion on this. In this blog post at 360 Security, Tyler Reguly explains why he thinks MS09-08 is not really a patch; it doesn’t actually fix the vulnerability that it is supposed to fix.
As most of you know the dsbl.org blacklist shut down almost a year ago. While they have officially been down for almost a year, many people were still had this RBL configured in their mailservers or anti-spam software, causing lots of queries on their nameservers. As of today, they have prevented this by changing their [...]
Last week, Matthew Dempsky posted an attack against Dan Bernstein’s djbdns software. Djbdns is one of several alternatives for the popular BIND nameserver, and is backed by a unique security guarantee that offers $1000 to the first person to publicly report a verifiable security hole in djbdns. The problem found by Dempsky allows an attacker [...]