vulnerability

Mozilla released a new version of Firefox (Windows, Mac) today, one day after yanking the Web browser to address security flaws.

Firefox 16 was pulled off Mozilla's installer page yesterday, just one day after its release, to fix a vulnerability that could have allowed a malicious site to identify which Web sites a user had visited, said Michael Coates, Mozilla's director of Security Assurance. The flaw was publicly disclosed yesterday by security researcher Gareth Heyes, who published proof-of-concept code to demonstrate the vulnerability.

Though Mozilla said it had no evidence that the vulnerability was being exploited in the … Read more

A new company called ZeroVulnerabilityLabs says that it has solved the Gordian knot of exploits, slicing through the complicated, Hydra-headed problem with a single stroke from a software weapon it calls ExploitShield.

Available exclusively today from Download.com, the first ExploitShield Browser Edition beta (download) appears to stop all manner of exploits, from those affecting browsers directly to browser plug-ins like PDF readers, Flash, and Java, to Microsoft Office components, to a handful of media players. The potential for raising the level of computer security here is huge, as a vast number of threats are actually mutations of malware, sold in kits like BlackHole, … Read more

A researcher showed today that Oracle's databases could be hacked with brute-force attacks using only the database's name and a username, according to Kaspersky Lab Security News.

Esteban Martinez Fayo, who works for AppSec Inc., was demonstrating his discovery at a security conference in Argentina and said that within just five hours on a regular PC using a special tool he could hack through easy passwords and access users' data.

"It's pretty simple," Martinez Fayo told the security blog Dark Reading. "The attacker just needs to know a valid username in the database, and … Read more

A developer is taking Virgin Mobile USA to task, arguing that its username and password handling put users at risk.

Kevin Burke yesterday took to his personal blog to report that Virgin Mobile's authentication process only allows for users to input numbers as their account PIN. What's worse, he says, the password is limited to six numbers, leaving "only one million possible passwords you can choose."

"This is horribly insecure," Burke wrote. "Compare a 6-digit number with a randomly generated 8-letter password containing uppercase letters, lowercase letters, and digits -- the latter has … Read more

More than 50 percent of Android devices have serious vulnerabilities that are unpatched because carriers are often slow to update the software, a mobile security researcher says.

"Since we launched X-Ray [Android app used for scanning for vulnerabilities], we've already collected results from over 20,000 Android devices worldwide. Based on these initial results, we estimate that over half of Android devices worldwide have unpatched vulnerabilities that could be exploited by a malicious app or adversary," Jon Oberheide, chief technology officer at Duo Security, wrote in a blog post. The results are then extrapolated using Google's … Read more

The Auslogic Registry Cleaner is an application for cleaning up problematic and error-filled files or folders on your computer, making it run more efficiently.

This is a good application to have, and it is pretty easy to use. You don't have to be a very advanced computer user to use it properly. There are a few scan options for more advanced users, but this Registry Cleaner already selects a default list of the drives and items it will search and repair. The Scan and Repair processes were very quick. It took half a minute to scan a little over … Read more

While 3D printing has shown much promise in helping to treat physical ailments and disabilities, there may be more nefarious applications in the near future.

The security of high-end handcuffs can be defeated by plastic keys cheaply produced with a laser cutter and 3D printer, a man who identified himself as "Ray" demonstrated last week at a Hackers on Planet Earth conference workshop, according to a Forbes report.

His 3D-printer-produced replica keys opened handcuffs produced by German manufacturer Bonowi and British maker Chubb, both of which try to restrict distribution of keys that open their locks to law-enforcement … Read more

There's a pretty good chance you've scanned a QR code with your smartphone. QR is short for "quick response." Hidden in those lines are embedded code only your smartphone can read that points it to a new location on the Web. Online marketing gurus are singing the digital praises for the inexpensive cost with maximum return on investment.

The real estate industry is one example. Agents are able to market their hottest properties and themselves by embedding QR codes into their signs and brochures. QR design companies say they're seeing exponential growth in their business … Read more

Yahoo made its first foray into the browser business this evening, but did it give us an unfinished product?

As my colleague Rafe Needleman explains, Axis is an aggressive product designed to eliminate the middleman in the usual search process and take visitors from query process straight to the desired page.

However, this doesn't appear to be the only step Yahoo skipped; the struggling Internet pioneer also left out an explanation of its terms of service. A search for those basic rules turns up a placeholder page that informs users:"Terms will go here."

Granted, most users … Read more