Along with the release of Microsoft’s Internet Explorer 8, a report by research firm NSS was presented that shows the new version of Internet Explorer is better at protecting users from malware. The (Microsoft-sponsored) study looked at the blacklist features of all modern browsers, using real malware URL’s, over a period of several days. The […]
As most of you know the dsbl.org blacklist shut down almost a year ago. While they have officially been down for almost a year, many people were still had this RBL configured in their mailservers or anti-spam software, causing lots of queries on their nameservers. As of today, they have prevented this by changing their […]
Last week, Matthew Dempsky posted an attack against Dan Bernstein’s djbdns software. Djbdns is one of several alternatives for the popular BIND nameserver, and is backed by a unique security guarantee that offers $1000 to the first person to publicly report a verifiable security hole in djbdns. The problem found by Dempsky allows an attacker […]
Next week, the first real public review of the contenders for the SHA-3 algorithm will take place in Belgium at Leuven University. The competition is run by the National Institute of Standards and Technology (NIST); the winner of the competition will likely become the default hash algorithm for US agencies by 2012, replacing the current […]
A zero-day exploit for Adobe Reader has been making the rounds since yesterday. From Adobe’s advisory: A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are […]
According to this FAQ, Twitter is getting ready to support OAuth sometime next month. This is great news; up until now, every service using Twitter’s API needed your login name and password. That meant problems when changing passwords, and extra ways for your password to be exposed to hackers. With the new OAuth authentication, external […]
As noted last week, I find Microsoft’s severity ratings a bit confusing; but fortunately they also provide an exploitability index that tells us a bit more about how likely Microsoft thinks a particular vulnerability is to be exploited. So let’s have a look at how they rate this months updates:
Following the story about the SQL injection vulnerability on Kaspersky’s website, they have provided a rather detailed account of what happened on their blog. In it, they confirm that there was an issue, and that they don’t think any data was actually exposed using the vulnerability:
An unidentified hacker announced yesterday that he has managed to gain access to databases used by the usa.kaspersky.com website, allowing him to gain access to users accounts, activation codes and possibly personal data about Kaspersky customers.
When the first release candidate for Internet Explorer 8 was released, the accompanying press release mentioned it had the ability to protect users from clickjacking attacks “out of the box”. and that this was possible “without impacting compatibility”. Microsoft has just provided some additional details that show how this protection works; for now, it looks […]
