Zero Day

Inside the Google Chrome OS security model

Ryan Naraine — Thu, 19 Nov 2009 19:54:36 +0000

Google will use a combination of system hardening, process isolation, verified boot, secure auto-update and encryption that thwart malicious hackers from attacking its new Google Chrome OS.

Microsoft finds security hole in Google Chrome Frame

Ryan Naraine — Thu, 19 Nov 2009 17:49:11 +0000

A security researcher in the Microsoft Vulnerability Research (MSVR) has discovered a "high risk" Google Chrome Frame security vulnerability that could allow an attacker to bypass cross-origin protections.

Mozilla locks out rogue Firefox add-ons

Ryan Naraine — Wed, 18 Nov 2009 18:33:09 +0000

Mozilla has made a significant tweak to this Firefox 3.6 code base to block rogue add-ons from loading in the browser's application components directory.

Thousands of web sites compromised, redirect to scareware

Dancho Danchev — Tue, 17 Nov 2009 20:12:47 +0000

Security researchers have detected a massive blackhat SEO (search engine optimization) campaign consisting of over 200,000 compromised web sites, all redirecting to fake security software, commonly referred to as scareware.

[Sponsored]

NEC

Ads by Pheedo

Microsoft confirms 'detailed' Windows 7 exploit

Ryan Naraine — Mon, 16 Nov 2009 18:25:33 +0000

Exploit code for the vulnerability was released by researcher Laurent Gaffié after failed attempts to get Microsoft's security response center to acknowledge that this was an issue that needs to be patched.

Man-in-the-middle attacks demoed on 4 smartphones

Dancho Danchev — Fri, 13 Nov 2009 23:22:22 +0000

Security researchers test four smartphones (Nokia N95, Windows HTC tilt, Android G1 and Apple iPhone 3G S) and demonstrate man-in-the-middle attacks conducted through compromised Wi-Fi spots.

Microsoft bracing for malware attacks from embedded fonts

Ryan Naraine — Thu, 12 Nov 2009 19:16:09 +0000

It's only a matter of time before malicious hackers start exploiting a critical Windows vulnerability via booby-trapped Web pages or Office (Word or PowerPoint) documents.

Apple Safari exposes Windows to drive-by download attacks

Ryan Naraine — Wed, 11 Nov 2009 21:37:04 +0000

A high-priority Safari update patches vulnerabilities that allow remote code execution (drive-by downloads) if a user simply surfs to a maliciously rigged Web site.

Adobe plugs security hole in Photoshop Elements

Ryan Naraine — Wed, 11 Nov 2009 00:15:15 +0000

Adobe has shipped a patch to cover a security vulnerability affecting its Photoshop Elements software product.

Commercial spying app for Android devices released

Dancho Danchev — Tue, 10 Nov 2009 22:07:56 +0000

A commercial provider of multi-platform spying applications has recently ported its main product to the Android mobile OS.