Spyware, Viruses, & Security forum

General discussion

NEWS - February 15, 2007

by Donna Buenaventura / February 15, 2007 5:26 AM PST

Firefox cookie-stealing vulnerability

A new zero-day vulnerability in Mozilla Firefox allows malicious web sites to forge authentication cookies for certain web sites.

The problem lies in the way Firefox handles writes to 'location.hostname' DOM property, says Michal Zalewski, an independent security researcher.

According to Zalewski, it is possible for a malicious script to set the value of the hostname property that would not be accepted as a hostname when parsing a regular URL.


Discussion is locked
You are posting a reply to: NEWS - February 15, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - February 15, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Broadband routers welcome drive-by hackers
by Donna Buenaventura / February 15, 2007 5:27 AM PST

Still using the default password that came with that nice broadband router you installed at home? Time to get off your butt and change it: visiting the wrong website is enough to have key settings changed on the most popular models.

Symantec warns attackers can employ a simple piece of JavaScript to modify a router's domain name server settings. Once the router is rebooted, a rogue DNS will send the victim to spoofed websites with malicious intent.


Collapse -
Hack lets intruders sneak into home routers
by Donna Buenaventura / February 15, 2007 7:58 AM PST

If you haven't changed the default password on your home router, let this recent threat serve as a reminder.

Attackers could change the configuration of home routers using JavaScript code, security researchers at Indiana University and Symantec have discovered. The researchers first published their work in December, but Symantec publicized the findings on Thursday.

The researchers found that it is possible to change the DNS, or Domain Name System, settings of a router if the owner uses a connected PC to view a Web page with the JavaScript code. This DNS change lets the attacker divert all the Net traffic going through the router. For example, if the victim types in "www.mybank.com," the request could be sent to a similar-looking fake page created to steal sensitive data.


Collapse -
0-day attack hits Word
by Donna Buenaventura / February 15, 2007 5:29 AM PST

A new, yet-to-be-patched security hole in Word is being used in targeted cyberattacks, Microsoft has warned.

When a user opens a rigged Word file, it may corrupt system memory in such a way that an attacker could gain complete control over the PC, Microsoft said in a security advisory posted late Wednesday. Office 2000 and Office XP are at risk, the company said. The two recent versions, Office 2003 and 2007, are not affected.

As with most of the Office vulnerabilities, an attacker would have to trick a user into opening a malicious file to be successful. The vulnerability is being exploited in "very limited, targeted attacks," Microsoft said. A security update to repair the problem is in the works, it added.


Collapse -
FTC Asks Court to Order Permanent Halt to Telephone Record
by Donna Buenaventura / February 15, 2007 7:55 AM PST


The Federal Trade Commission has asked a U.S. district court to order a permanent halt to operations that deceptively obtained and sold consumers’ confidential phone records without their knowledge or consent. The agency alleges the practice is not only unfair and deceptive in violation of federal law, but could endanger consumers’ safety. The agency also will ask the court to order the defendants to give up their ill-gotten gains.


Collapse -
'Storm' Worm Touches Down on IM
by Donna Buenaventura / February 15, 2007 7:56 AM PST

The Storm worm that wreaked havoc in January has opened up a new front in its war against users—instant messaging.

The Trojan virus that was responsible for countless spam e-mails sent around the globe has spawned a new variant that is using AOL Instant Messenger, Google Talk and Yahoo Messenger to proliferate. The worm attacks by detecting when someone is chatting and sending out a message with a link to the first stage of malware on a site. If the user clicks the link, the first stage will execute.


Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!