Adobe has released an advisory about a series of critical vulnerabilities in flash player 9.0.124.0 and earlier. The fix is to install the just-released flash player 10.0.12.36. The interesting thing is that the architecture of some security related things has changed wholeheartedly with player 10 – so things that used to work with 9, may stop working with 10. Potential vulnerabilities have been identified in Adobe Flash Player 9.0.124.0 and earlier that could allow an attacker who successfully exploits these potential vulnerabilities to bypass Flash Player security controls. Adobe recommends users update to the most current version of Flash Player available for their platform. Due to the possibility that these security enhancements and changes may impact existing content, customers are[…]
Category: vendors
From DarkReading.com: With all the talk about hackers launching attacks from legitimate Websites, you’d think that the major security vendors’ sites, at least, would be vulnerability-free. Not so, according to a report issued yesterday by a security watchdog site. The site, XSSed, states that it has verified some 30 cross-site scripting vulnerabilities spread across the Websites of three of the industry’s best-known security vendors: McAfee, Symantec, and VeriSign. The vulnerabilities could make it possible for attackers to launch phishing campaigns from these sites or even distribute malware to the companies’ customers, according to XSSed. Cross-site scripting vulnerabilities aren’t a new type of threat, and they aren’t particularly difficult to defend against. It seems a little crazy that the companies that[…]
From the press release: “We are pleased to be given this opportunity to be directly supporting SAFE’s mission of delivering unique electronic identity credentials for legally enforceable and regulatory compliant digital signatures across the global biopharmaceutical environment,” said Peter Hesse, President and Founder, Gemini Security Solutions. “We have focused significant energy toward helping corporations realize the benefits of digital signatures and identity management standards to safeguard critical information. We are excited to be recognized both as a SAFE partner and a trusted technical expert.” We are glad to officially be a part of the SAFE community. While we have been involved in SAFE since its inception, we are now playing a greater part in the development and adoption of secure[…]
The folks over at the daily wtf have an amusing story about trying to determine if a sales pitch was worth it. Since there’s really only one thing that could cause such a dialog to pop-up so fast, I checked the source code… if (form.id.value=="buyers") { if (form.pass.value=="gov1996") { location="http://officers.federalsuppliers.com/agents.html" } Even if you don’t understand Javascript, you can probably appreciate how terrible this implementation is…
This is great. We covered Microsoft OneCare when it was first announced and again when Vista was nearing release. Now comes news from SecurityFocus that Microsoft OneCare deleted Outlook e-mails… Recent reports suggest Microsoft’s OneCare anti-virus offering suffered a bug that could have caused it to delete or quarantine all e-mail in a user’s Outlook inbox, in certain cases when it finds a virus. Well isn’t that nice. You have a spam/virus email in your PST, so to get rid of it, we’ll just delete the entire PST file. Yikes. Glad they didn’t include it in Vista as Anil had suggested.
Taking profiteering to a new level: I got hacked by my own host. No, it wasn’t a mistake. No, the server didn’t just go down. They hacked it so that they could upsell me on some $2000 security audit and package! “They” seems to be the malicious action of one individual who part-timed on support for the hosting provider and worked at a security consulting firm. Interesting (but illegal) way of drumming up business…