• CNET
  • All forgery posts

forgery

Video of child-snatching eagle an animation-student fake

Alas for those excited by a video seemingly showing an eagle's unsuccessful attempt to carry off a child: it's not real.

"A shadow analysis revealed some pretty severe inconsistencies," said Kevin Connor, president of Fourandsix, an imaging forensics specialist. "It appears to be a fake."

Just as Fourandsix was digging into the matter, a Montreal school said animation students were behind the video. It "was made by Normand Archambault, Loic Mireault, and Felix Marquis-Poulin, students at Centre NAD, in the production simulation workshop class of the Bachelors degree in 3D Animation and Digital Design," a statement from the center said. "Hoaxes produced in this class have already garnered attention, amongst others a video of a penguin having escaped the Montreal Biodome." … Read more

Google RatProxy looks for cross-site flaws

Google released a free tool Tuesday that should help Web developers find and fix cross-site vulnerabilities.

The tool, RatProxy, is described by Google as "a semi-automated, largely passive Web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments."

The tool is versatile, detecting and ranking a broad class of vulnerabilities. Included are script injections, cross-site trust attacks, content-serving vulnerabilities, cross-site request forgeries (XSRF), and cross-site scripting (XSS).

RatProxy runs on Linux, FreeBSD, … Read more

Mozilla patches three Firefox security vulnerabilities

Mozilla on Monday released Firefox version 2.0.0.10. The update addresses three high-impact security vulnerabilities. Two concern cross-site request forgeries, which can be used to steal personal information while visiting certain sites, and one concerns memory corruption.

The update is being pushed out to all current Firefox users. New users can download the current Firefox release from the Mozilla site (or download the English versions for Windows or Mac from CNET Download.com).

The first cross-site request forgery vulnerability could allow an attacker to generate a fake HTTP referer header by exploiting a timing condition when setting the … Read more