A Web developer has documented a proof-of-concept attack that could have been used to hijack accounts and steal private information on Facebook and MySpace. The attack leveraged a serious security oversight in XML configuration files used to define the cross-domain access policy for Flash applications.The discovery was made while 24-years-old Dutch Web developer Yvo Schaap tried to find a workaround to a problem he was having with one of his Facebook applications. “I found a solution to one of my function limitations. Surprisingly, when looked into more carefully my solution allowed full access and control to the Facebook user account... [read more >>] Malwarebytes accuses Chinese antivirus vendor IObit of stealing its intellectual property and threatens to pursue legal action. Despite the solid evidence presented by Malwarebytes, IObit denies any wrongdoing and plans to respond through its lawyers.Malwarebytes Corporation is a US-based company developing several security-oriented applications. Its flagship and most popular product is called Malwarebytes' Anti-Malware (MBAM), which comes in both free and commercial flavors and is particularly renowned for its ability to remove rogueware.In a post published on its official blog yesterday, Malwarebytes takes aim at IObit for allegedly ... [read more >>] Security researchers report that a wave of Halloween-themed threats are out to get you. Beware of dodgy e-cards, screensaver downloads, poisoned search results, and spam, they warn.In this day and age, it goes almost without saying that the Internet is a scary place on every holiday. But Halloween in particular is a special time for Internet users, if not for the unusual high number of threats floating around, at least for the irony - this holiday is all about scary stuff. And guess what, according to numerous security experts, you should be scared.There are a few types of tricks that users should be particularly wary about. Free downloads ... [read more >>] Internet users resolving DNS requests through the OpenDNS were not able to access pages on the Ebay UK website yesterday. The problem was caused by a bogus entry in the phishing filter used by the service.The reports started flowing in around last night, when many users trying to access any page starting with http://cgi.ebay.co.uk received a "Phishing Site Blocked" error. "Phishing is a fraudulent attempt to get you to provide personal information under false pretenses. We prevented you from loading this page as part of our safer, faster, and smarter DNS service. […] Powered by OpenDNS," the message read.The problem lasted for about ... [read more >>] A former antivirus analyst ostracized by the AV community for unethical behavior is accusing Kaspersky Lab of injecting malicious code into his newly launched website. Researchers with the Russian antivirus vendor portray the former white hat as a cyber-criminal associated with the Sinowal gang.Peter Kleissner is an 18-year-old hacker living in Vienna, Austria. He made a name for himself partially due to a research paper regarding master boot record (MBR) rootkits, which he presented at the 2009 Black Hat security conference. MBR rootkits consist of malicious code that is able to execute before the operating system and reinfect it on every ... [read more >>] It is finally here. Today Windows 7's life begins officially, and, considering the waves of consideration it has raked from computer experts all over the world, it is going to change the Windows experience among users. Furthermore, it will finally give Vista skeptics a reason to give up on Windows XP and head to a new and improved Windows.Today's launch of Windows 7 seems to have spurred a lot of commotion on the web as software developers came prepared to expand their user database and spread their applications at any cost. Their cost, that is, because the end-user will receive full license keys for free. And not just any softwar... [read more >>] Firefox's automatic disabling of an extension and plug-in developed by Microsoft has led to a heated debate regarding the ethical aspects of the decision. ClickOnce-dependent users cried foul as they could not add a manual exception and Mozilla promised to provide a more granular blocklist override mechanism.Last Friday evening, Mozilla took the drastic measure of adding the ".NET Framework Assistant” extension and the “Windows Presentation Foundation (WPF)” plug-in to its “Add-ons Blocklist,” citing security reasons. Both add-ons are developed by Microsoft to support some of its new technologies and were ... [read more >>] Microsoft's recent Patch Tuesday addressed a remote code execution vulnerability affecting the Windows Presentation Foundation (WPF) hosting process. Mozilla acted to protect its users by adding the Windows Presentation Foundation plug-in for Firefox to its blocklist, along with the .NET Framework Assistant extension. With Service Pack 1 update for Microsoft .NET Framework 3.5, released back in August 2008, Microsoft also added ClickOnce support for Firefox in the form of a Firefox extension called Microsoft .NET Framework Assistant. A related Windows Presentation Foundation plug-in has also been installed in the browser to support ot... [read more >>] Adobe has released its second quarterly security update, which addresses 29 vulnerabilities in its Reader and Acrobat products. Exploitation of the majority of these flaws could result in arbitrary code execution and one of them is already being actively targeted in Web attacks since last week.On October 8, Adobe announced that an unpatched vulnerability affecting the latest versions of Adobe Reader and Acrobat was being exploited in the wild via maliciously crafted PDF files. This flaw, identified as CVE-2009-3459, has now been patched in the newly released Adobe Reader/Acrobat 9.2.0, 1.8.7 and 7.1.4, respectively.Ten other confirmed arbit... [read more >>] Attackers are exploiting a zero-day vulnerability in the latest versions of Adobe's Reader and Acrobat products to compromise computers. The company recommends disabling JavaScript as a temporary solution until a patch is shipped on October 13.The vulnerability, identified as CVE-2009-3459, can be used to remotely execute arbitrary code on a computer running the latest Windows flavor of Adobe Reader or Acrobat (9.1.3). In order to exploit it, attackers have to trick users into opening maliciously crafted PDF files.Adobe credits Chia-Ching Fang and the Taiwanese Information and Communication Security Technology Service Center with the d... [read more >>] | 
RSS
