exploit

Rafe and Molly square off over the reuse of air conditioning technology, the fail whale sinks a deal between Facebook and Twitter, Gmail is cracked, and an enterprising astronaut creates the ultimate in must-have space tech: a zero-G coffee cup.

Twitter rebuffs a Facebook poke? http://news.cnet.com/8301-17939_109-10106391-2.html

Gmail exploit may allow attackers to forward e-mail http://news.cnet.com/8301-1009_3-10106275-83.html http://www.makeuseof.com/tag/breaking-gmail-security-flaw-more-domains-get-stollen/

EU strikes down French “3 strikes” copyright infringement law http://tech.slashdot.org/article.pl?sid=08/11/23/1952248

Has … Read more

Developers of third-party iPhone Apps may have a way to circumvent Apple's iTunes App Store approval process for their updated Apps by executing arbitrary code from within their own applications whenever they choose to do so.

The newly discovered exploit reveals itself via a technique discovered by developer Patrick Collison and is documented on his blog. Essentially, Collison, discovered a workaround that allows for the display of dynamic default.png images. These images load whenever apps are launched on the iPhone. An Xcode Project demoing the exploit can be downloaded and a video demoing the exploit can be found … Read more

The U.S. Computer Emergency Readiness Team has warned of a vulnerability in SAP GUI, the graphical user interface client in the German company's enterprise resource-planning software.

The unspecified flaw can cause Microsoft's Internet Explorer browser to crash in an exploitable manner. The flaw lies in an ActiveX control called MDrmSap, a component of SAP GUI.

US-CERT warned in an advisory, updated on Monday, that if users are fooled into viewing a specially crafted HTML document, external attackers might be able to gain control of their system, with their privileges.

A patch is available from SAP, through SAP … Read more

While Microsoft has labeled Thursday's emergency patch MS08-067 as "critical" and provided a rareout-of-cycle fix because its exploit could easily be used as worm on a compromised network, one security researcher doesn't think it will happen that way.

"It's likely we're going to see this packaged with some other attack." said Ben Greenbaum, senior research manager at Symantec. "A Web-based attack, for example. We're looking out for are exploits of this being bundled with client-side exploits or Trojans so that the worm can get past corporate firewalls and get … Read more

On Thursday, Microsoft announced four security bulletins for Tuesday. The announcement is intended as a heads-up for IT departments before Patch Tuesday. All four are considered critical, the most serious ranking offered by the software giant.

Among the critical patches, two affect Windows Media Player, one affects Windows, while the other affects Microsoft Office. All could enable remote code execution if exploited.

Starting next month, Microsoft will be sharing the technical details of new vulnerabilities to give software developers a catch to update affected products before the public announcement. Also in October, Microsoft will start providing each bulletin with an … Read more

Microsoft issued a security advisory late Tuesday that malicious attackers are targeting versions of its Office Excel with vulnerabilities.

Microsoft Office Excel 2003 with Service Pack 2; Excel Viewer 2003; Excel 2002; Excel 2000; and Microsoft Excel 2004 for the Mac are affected by the security vulnerabilities, according to the advisory.

People who open a malicious e-mail attachment or visit a malicious Web site may find that their systems are compromised and that arbitrary remote code is executed. Computers configured to allow the user to have administrative user rights are at greater risk that those with few user rights on … Read more

Grisoft, maker of AVG antivirus and Internet security software, on Wednesday announced the acquisition of Exploit Prevention Labs, maker of the LinkScanner family of safe Web-browsing applications.

Unlike other safe-surfing applications, which tend to rely on databases, LinkScanner uses technology that determines, as the page is downloaded onto your browser, whether it is tainted with malicious software.

In CNET Reviews testing, LinkScanner has detected recent changes on Web pages where other safe surfing applications, such as McAfee SiteAdvisor, has not. One limitation of LinkScanner is its inability to determine whether a page is fraudulent; LinkScanner determines only whether the page … Read more

Those of you who haven't yet installed a link scanning or Web site rating program for your Firefox or IE-based browser should hop to it--and consider using LinkScanner Lite when you do.

I've been using LinkScanner Lite and McAfee Site Adviser on both Firefox and IE browsers. Overkill? No way. Each program serves the greater goal of alerting you to dangerous links but differ in their approaches.… Read more

Security researchers on Tuesday found PHP exploit code embedded in a GIF on a major image hosting site. The exploit code slipped through the proverbial gates with the aid of a legitimate image at the beginning of the file, according to a posting on the Sans Internet Storm Center.

"It is a clever way to pass exploit code to others without it setting off alarms or attracting attention all while bypassing network security tools," the Sans security blog noted.

Malicious attackers planted PHP coded exploit script within an image file. PHP is often used as a programming language … Read more