LD Software

HTML5 - The Ugly

Monty@ld-software.co.uk — Fri, 02 Dec 2011 10:11:31 +0000

Author: Monty

Posted: Fri 02 Dec 2011, 10:11

HTML5 - The Ugly
This post is the third and final entry for our 3-part series on HTML5. You may check the previous two entries, HTML5 - The Good, and HTML5 - The Bad. Welcome to the final part of our miniseries on HTML5 and the security issues surrounding it. Today, we are going to look at what, in [...]
Post from: TrendLabs | Malware Blog - by Trend Micro

HTML5 - The Ugly

Author: Robert McArdle (Senior Threat Researcher)
Category: Security
Publish Date: Wed, 30 Nov 2011 12:00:33 +0000
Read more... - Read comments...

Source: TrendLabs | Malware Blog - by Trend Micro
Description: Threat News and Information Direct from the Experts

HTML5 - The Bad

Monty@ld-software.co.uk — Fri, 02 Dec 2011 10:11:31 +0000

Author: Monty

Posted: Fri 02 Dec 2011, 10:11

HTML5 - The Bad
This post is the second of a 3-part series of blog entries on HTML5. You can also check the first part: HTML - The Good. Yesterday, we started the first of a three-part series investigating the new HTML5 standard. We started this by looking at some of the new features which are going to improve [...]
Post from: TrendLabs | Malware Blog - by Trend Micro

HTML5 - The Bad

Author: Robert McArdle (Senior Threat Researcher)
Category: Security
Publish Date: Tue, 29 Nov 2011 12:39:13 +0000
Read more... - Read comments...

Source: TrendLabs | Malware Blog - by Trend Micro
Description: Threat News and Information Direct from the Experts

Merry Christmas, ZeuS

Monty@ld-software.co.uk — Fri, 02 Dec 2011 10:11:31 +0000

Author: Monty

Posted: Fri 02 Dec 2011, 10:11

Merry Christmas, ZeuS
This morning, I came across an entertaining Christmas-themed ZeuS Web panel while monitoring online forums. Here's what it looks like: I investigated the contents of the web panel package, which turned out to be Ghost Panel with a modified skin: As our readers probably recall, the Ghost Panel is an altered version of the last [...]
Post from: TrendLabs | Malware Blog - by Trend Micro

Merry Christmas, ZeuS

Author: Roland Dela Paz (Threat Response Engineer)
Category: Botnet Security
Publish Date: Mon, 28 Nov 2011 21:39:29 +0000
Read more... - Read comments...

Source: TrendLabs | Malware Blog - by Trend Micro
Description: Threat News and Information Direct from the Experts

HTML5 - The Good

Monty@ld-software.co.uk — Fri, 02 Dec 2011 10:11:31 +0000

Author: Monty

Posted: Fri 02 Dec 2011, 10:11

HTML5 - The Good
This post is the first of a 3-part series of blog entries on HTML5 HTML5 is the fifth revision of the language that makes the web work, and this Wednesday we will be releasing a paper detailing some of the new attacks that are made possible by this technology. Over the next three days we'll [...]
Post from: TrendLabs | Malware Blog - by Trend Micro

HTML5 - The Good

Author: Robert McArdle (Senior Threat Researcher)
Category: Security
Publish Date: Mon, 28 Nov 2011 12:09:20 +0000
Read more... - Read comments...

Source: TrendLabs | Malware Blog - by Trend Micro
Description: Threat News and Information Direct from the Experts

Google Secures Searches, Shuts Out BHSEO Scammers

Monty@ld-software.co.uk — Fri, 02 Dec 2011 10:11:31 +0000

Author: Monty

Posted: Fri 02 Dec 2011, 10:11

Google Secures Searches, Shuts Out BHSEO Scammers
Last month, Google announced that they were making search more secure for their users. They announced that users already signed in to Google would have a more secure experience. This meant two things: first, search queries and results would now be sent via HTTPS. This protects the searches of users with unsecured Internet connections, such [...]
Post from: TrendLabs | Malware Blog - by Trend Micro

Google Secures Searches, Shuts Out BHSEO Scammers

Author: David Sancho (Senior Threat Researcher)
Category: News Security
Publish Date: Fri, 25 Nov 2011 09:43:27 +0000
Read more... - Read comments...

Source: TrendLabs | Malware Blog - by Trend Micro
Description: Threat News and Information Direct from the Experts

Vuln: CoDeSys Buffer Overflow Vulnerability and Integer Ove

Monty@ld-software.co.uk — Fri, 02 Dec 2011 10:11:25 +0000

Author: Monty

Posted: Fri 02 Dec 2011, 10:11

Vuln: CoDeSys Buffer Overflow Vulnerability and Integer Overflow Vulnerability
CoDeSys Buffer Overflow Vulnerability and Integer Overflow Vulnerability

Publish Date: 2011-12-01
Read more...

Source: SecurityFocus Vulnerabilities
Description: SecurityFocus is the most comprehensive and trusted source of security
information on the Internet. We are a vendor-neutral site that provides
objective, timely and comprehensive security information to all members of
the security community, from end users, security hobbyists and network
administrators to security consultants, IT Managers, CIOs and CSOs.

Vuln: Serendipity 'serendipity[filter][bp.ALT]' Parameter C

Monty@ld-software.co.uk — Fri, 02 Dec 2011 10:11:25 +0000

Author: Monty

Posted: Fri 02 Dec 2011, 10:11

Vuln: Serendipity 'serendipity[filter][bp.ALT]' Parameter Cross Site Scripting Vulnerability
Serendipity 'serendipity[filter][bp.ALT]' Parameter Cross Site Scripting Vulnerability

Publish Date: 2011-12-01
Read more...

Source: SecurityFocus Vulnerabilities
Description: SecurityFocus is the most comprehensive and trusted source of security
information on the Internet. We are a vendor-neutral site that provides
objective, timely and comprehensive security information to all members of
the security community, from end users, security hobbyists and network
administrators to security consultants, IT Managers, CIOs and CSOs.

Vuln: Oracle Java SE CVE-2011-3552 Remote Java Runtime Envi

Monty@ld-software.co.uk — Fri, 02 Dec 2011 10:11:25 +0000

Author: Monty

Posted: Fri 02 Dec 2011, 10:11

Vuln: Oracle Java SE CVE-2011-3552 Remote Java Runtime Environment Vulnerability
Oracle Java SE CVE-2011-3552 Remote Java Runtime Environment Vulnerability

Publish Date: 2011-12-01
Read more...

Source: SecurityFocus Vulnerabilities
Description: SecurityFocus is the most comprehensive and trusted source of security
information on the Internet. We are a vendor-neutral site that provides
objective, timely and comprehensive security information to all members of
the security community, from end users, security hobbyists and network
administrators to security consultants, IT Managers, CIOs and CSOs.

Bugtraq: [SECURITY] [DSA 2356-1] openjdk-6 security update

Monty@ld-software.co.uk — Fri, 02 Dec 2011 10:11:24 +0000

Author: Monty

Posted: Fri 02 Dec 2011, 10:11

Bugtraq: [SECURITY] [DSA 2356-1] openjdk-6 security update
[SECURITY] [DSA 2356-1] openjdk-6 security update

Read more...

Source: SecurityFocus Vulnerabilities
Description: SecurityFocus is the most comprehensive and trusted source of security
information on the Internet. We are a vendor-neutral site that provides
objective, timely and comprehensive security information to all members of
the security community, from end users, security hobbyists and network
administrators to security consultants, IT Managers, CIOs and CSOs.

Bugtraq: Re: Serendipity 'serendipity[filter][bp.ALT]' Cros

Monty@ld-software.co.uk — Fri, 02 Dec 2011 10:11:24 +0000

Author: Monty

Posted: Fri 02 Dec 2011, 10:11

Bugtraq: Re: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability
Re: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability

Read more...

Source: SecurityFocus Vulnerabilities
Description: SecurityFocus is the most comprehensive and trusted source of security
information on the Internet. We are a vendor-neutral site that provides
objective, timely and comprehensive security information to all members of
the security community, from end users, security hobbyists and network
administrators to security consultants, IT Managers, CIOs and CSOs.

Bugtraq: Re: Serendipity freetag plugin 'serendipity[tagvie

Monty@ld-software.co.uk — Fri, 02 Dec 2011 10:11:24 +0000

Author: Monty

Posted: Fri 02 Dec 2011, 10:11

Bugtraq: Re: Serendipity freetag plugin 'serendipity[tagview]' Cross-Site Scripting vulnerability
Re: Serendipity freetag plugin 'serendipity[tagview]' Cross-Site Scripting vulnerability

Read more...

Source: SecurityFocus Vulnerabilities
Description: SecurityFocus is the most comprehensive and trusted source of security
information on the Internet. We are a vendor-neutral site that provides
objective, timely and comprehensive security information to all members of
the security community, from end users, security hobbyists and network
administrators to security consultants, IT Managers, CIOs and CSOs.

Bugtraq: Ariadne 2.7.6 Multiple XSS vulnerabilities

Monty@ld-software.co.uk — Fri, 02 Dec 2011 10:11:23 +0000

Author: Monty

Posted: Fri 02 Dec 2011, 10:11

Bugtraq: Ariadne 2.7.6 Multiple XSS vulnerabilities
Ariadne 2.7.6 Multiple XSS vulnerabilities

Read more...

Source: SecurityFocus Vulnerabilities
Description: SecurityFocus is the most comprehensive and trusted source of security
information on the Internet. We are a vendor-neutral site that provides
objective, timely and comprehensive security information to all members of
the security community, from end users, security hobbyists and network
administrators to security consultants, IT Managers, CIOs and CSOs.

W3C Invites Implementations of Media Fragments URI 1.0

Solereaper@ld-software.co.uk — Fri, 02 Dec 2011 10:11:21 +0000

Author: Solereaper

Posted: Fri 02 Dec 2011, 10:11

W3C Invites Implementations of Media Fragments URI 1.0
The Media Fragments Working Group invites implementation of the Candidate Recommendation of Media Fragments URI 1.0. Audio and video resources on the World Wide Web are currently treated as "foreign" objects, which can only be embedded using a plugin that is capable of decoding and interacting with the media resource. Specific media servers are generally required to provide for server-side features such as direct access to time offsets into a video without the need to retrieve the entire resource. Support for such media fragment access varies between different media formats and inhibits standard means of dealing with such content on the Web. This specification provides for a media-format independent, standard means of addressing media fragments on the Web using Uniform Resource Identifiers (URI). The Working Group also published today the first draft of a companion document, Protocol for Media Fragments 1.0 Resolution in HTTP, which describes various recipes for processing media fragments URI when used over the HTTP protocol. Learn more about the Video in the Web Activity.

Author: Ian Jacobs
Category: Web Design and Applications
Read more...

Source: W3C News

Comic for December 2, 2011

Monty@ld-software.co.uk — Fri, 02 Dec 2011 10:11:19 +0000

Author: Monty

Posted: Fri 02 Dec 2011, 10:11

Comic for December 2, 2011

Thumbnail, click to enlarge.

Publish Date: Fri, 02 Dec 2011 00:00:00 CST
Read more...

Source: Dilbert Daily Strip
Description: The Official Dilbert Daily Comic Strip RSS Feed

Siri, Don't Lie To Me

Monty@ld-software.co.uk — Wed, 23 Nov 2011 12:37:04 +0000

Author: Monty

Posted: Wed 23 Nov 2011, 12:37

Siri, Don't Lie To Me
Researchers at Applidium have published some�interesting�findings about the protocol used by Siri. For every request the user makes to Siri, the iPhone 4S sends the compressed audio of the request to servers at Apple to first be converted to text. Then, it is mapped into commands that the iPhone can understand, and then sent back [...]
Post from: TrendLabs | Malware Blog - by Trend Micro

Siri, Don't Lie To Me

Author: Ben April (Senior Threat Researcher)
Category: Mobile Security
Publish Date: Mon, 21 Nov 2011 22:11:42 +0000
Read more... - Read comments...

Source: TrendLabs | Malware Blog - by Trend Micro
Description: Threat News and Information Direct from the Experts