flaw

Possible IE bug would let hackers track mouse moves

Microsoft is investigating a possible flaw in its Internet Explorer Web browser that allegedly enables attackers to track users' mouse cursor anywhere on the screen, even if the browser window isn't in use.

The alleged flaw, which security firm Spider.io says it discovered a few months ago, compromises the security of virtual keyboards and virtual keypads in all supported versions of the browser since IE6, the security firm reports.

"As long as the page with the exploitative advertiser's ad stays open -- even if you push the page to a background tab or, indeed, even if … Read more

Yahoo Mail hijacking exploit selling for $700

An exploit selling for $700 may put millions of Yahoo Mail users at risk of having their e-mail account hijacked and their browsers redirected to malicious sites.

Marketed by an allegedly Egyptian hacker on a cybercrime forum, the exploit targets a cross-site scripting (XSS) vulnerability in Yahoo.com that allows attackers to steal and replace tracking cookies, as well as read and send e-mail from a victim's account. Typically, an attacker will encode a malicious link in e-mails; the script is executed when the unsuspecting recipient clicks on the link, allowing access to the cookies and other sensitive information. … Read more

Microsoft promises fix for IE security flaw in next few days

Microsoft said today it will issue a fix soon for a security flaw that affects users of Internet Explorer versions 6 through 9.

Uncovered this past weekend, the security hole could compromise the PCs of IE users who surf to a malicious Web site. The flaw is being actively exploited to deliver a back-door trojan known as "Poison Ivy."

The software giant said in a security advisory this afternoon that a solution to the flaw would be released in the next few days.

"While we have only seen a few attempts to exploit the issue, impacting an … Read more

Amazon addresses security exploit after journalist hack

When tech reporters get hacked, it seems like tech companies pay attention.

Wired reporter Mat Honan's entire online life was compromised by a hacker named Phobia four days ago. Phobia used Honan's AppleCare and Amazon IDs, along with his billing address and last four digits of his credit card to get into his various online accounts. Apple responded yesterday saying that it was looking into how users can reset their account passwords to ensure data protection; and Amazon responded today.

"We have investigated the reported exploit, and can confirm that the exploit has been closed as of … Read more

SMS flaw reportedly found in Windows Phone 7.5

Devices running Microsoft's Window Phone are susceptible to a denial-of-service attack that disables their messaging function, a tipster has told WinRumors.com.

A malicious SMS sent to a Windows Phone 7.5 device will force it to reboot and lock down the messaging hub (see video below). WinRumors said tests revealed that the flaw affected a variety of devices running different builds of the mobile operating system. A Facebook chat message and Windows Live Messenger message will also trigger the bug.

So far, the only solution to the messaging hub bug appears to be a hard reset and wipe … Read more

iPad 2 Smart Cover 'flaw' discovered in iOS 5

iPad 2 owners who use the Smart Cover and Smart Cover unlocking in iOS 5 are exposed to a bug that can potentially leave sensitive information open to others, Apple blog 9to5Mac is reporting.

According to the blog, if users have Smart Cover unlocking enabled in iOS 5 and use a Smart Cover to protect the iPad 2, the last screen they left open before locking the tablet can be accessed with some trickery.

In order to recreate the flaw, 9to5Mac says users must have the iPad 2 password-protected. After the device is locked, those who want to gain access to data need to hold the power button down so the software reveals the slider allowing them to power the tablet down. On that screen, users must close the Smart Cover over the iPad 2, open it back up, and click the "cancel" key. Upon doing so, they'll be brought to the last screen that was open on the tablet.… Read more

HTC cooking up fix for security flaw

HTC is promising to plug a security hole in its Android phones that gives certain mobile apps access to a user's personal information.

Recently discovered by a trio of researchers, the vulnerability can expose e-mail addresses, network and GPS locations, phone numbers, SMS data, and system logs to apps that connect to the Internet. The flaw exists among HTC's portfolio of Android phones, including the Evo 3D, the Evo 4G, and the Thunderbolt, and has been traced to a logging tool that HTC recently installed during a software update.

Related stories: • Thunderbolt, other HTC phones have big security hole, report claims • Security duo finds another pair of vulnerabilities in Android • Android hole could be used to disable antivirus apps

In a statement released today, HTC acknowledged the security hole in its software but tried to assuage its users about the impact.

"HTC takes claims related to the security of our products very seriously. In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers' data, there is a vulnerability that could potentially be exploited by a malicious third-party application," the company said in its statement. "A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability."

… Read more

The 404 916: Where just cause we can doesn't mean we should (podcast)

The 404 welcomes back infamous guest Stoopid Andy to the show, to explain that one can never have enough RAM installed on a desktop machine--even if that supercomputer you're running is only used for occasionally checking e-mail.

As the calm before the iPhone 5 announcement storm hits, we'll discuss some of the headlines that are guaranteed to be forgotten 24 hours from now. They include a gaping security flaw that affects HTC Android devices, the Xbox 360's new leaked dashboard interface, and how Google Chrome is taking a sizable bite out of the browser market.

Finally, we ask "do you still use the United States Postal Service?" A couple of USPS commercials hit the Web today and we're having a tough refraining from picking them apart. They suggest doing business through snail mail is not only hackproof, but safer. We, along with dumpster divers across the world, politely disagree as you'll see in today's episode.

The 404 Digest for Episode 916

HTC security flaw New 360 dashboard looks all mobile-phoney Chrome could overtake Firefox browser share in 2012 Arrested Development return sounds very likely! USPS thinks human hands are safer than 256-bit encryption

Episode 916 Subscribe in iTunes (audio) | Subscribe in iTunes (video) | Subscribe in RSS Audio | Subscribe in RSS Video… Read more

Microsoft MHTML flaw targeted by hackers

Microsoft has warned that hackers are targeting a zero-day flaw that affects all Windows operating systems.

The flaw, which was first highlighted by Microsoft in an advisory in January, allows an attacker to inject a client-side script into the response to a request made by Internet Explorer. The script could allow a hacker to compromise the user--by performing actions online that appear to have originated from the user; by stealing information from the user; or by otherwise trying to fool them.

The company updated its January security advisory on Friday, saying that it had seen attacks in the wild.

Read … Read more