New Firefox release addresses jar XSS Vulnerability

The guys over at Mozilla Foundation have pushed out a new release of Firefox, the new 2.0.0.10 release addresses three security issues within the Firefox browser.

Patch Tuesday Cometh Again

So it is that time of the month again and Microsoft have something in store for system administrators again. This month they have four critical vulnerabilities and two important vulnerabilities.

Remember TJX?

Remember the TJX hack from earlier in the year? Well more details have been released by the Canadian Privacy Commissioner about how all the credit card information stolen in the hack actually got out.

Microsoft Christmas Presents to Sys Admins

Well it is that time of the month again, the goose is getting fat and Microsoft have released this months slew of patches. This month we have three critical patches and four important rated patches.

Even Incident Response Teams are not Safe

It seems that the Chinese Internet Security Response Team (C.I.S.R.T) has been a target for attack. In a post to the English language site they confirm that there has been a problem.

Pinch Authors Pinched

Two Russians have been arrested in connection with creating and distributing the Pinch Trojan family, according to Nikolay Patrushev, head of the Russian FSB (Federal Security Agency) the two men had been identified are awaiting trial.

Is the New Mac Trojan Worth the Hype

Last week a new bit of Malware hit the streets targeting Apple OS X, there has been some over reaction on both sides of the fence about how significant this new development is. So some measured response is required.

Another Copy Protection System Lets the Hackers In

Just like the little Sony DRM rootkit problem from 2005 that could be used for no good, it seems a component of Macrovision copy protection included within Windows XP and Windows 2003 can be used to elevate privileges and compromise systems.

iPhone Hacks Galore

At the beginning of the week those who had iPhone which had been updated to version 1.1.1 firmware and wanted to unlock or activate without talking to AT T, well out of luck. Then just 4 days later the entire ball park has changed.

Adware goes old school viral

It seems that one of the adware authors has been taking some lessons from the old school virus writers on how make it extra hard to get rid of their crap and to ensure that their adware always gets run on system startup.

High Risk Vulnerability Linux Kernel Patched

A critical local Linux kernel vulnerability was patched last week in the kernel 2.6.22.7 release in 2.4.35.3. An official advisory was released by COSEINC describing the issue. However just days after this update the kernel had yeah another update to address an issue that will be referenced by CVE-2007-4571.

Electronic Jihad did you notice it?

Well for the last couple of weeks we’ve have lots of warnings of pending Electronic Jihad by various sources in Islamic Fundamentalist Computer Underground. It was all set to happen on November 11th to kick off mass Denial of Service of ‘Christian West’ targets.

Autonomy release the legal attack dogs against Secunia

It seems that in these days where disclosure of Security vulnerabilities is the norm, and most vendors actually have embraced the concept that keeping these quiet actually will harm their business more, the people at Autonomy have been living under a rock and don’t want anyone to know their products contain security problems.

Apple iPhone Steps Into the Bullseye

Well it wasn’t long before the Apple iPhone became the target of the security community. From the day of release the iPhone was a target for a different type of hacker in the traditional sense of the word. Those hackers where the people looking to unlock the secrets of the iPhone and make it work without the restrictions that Apple and AT T had placed on it.

ARP Spoofing Malware

ARP Spoofing is a technique that every security consultant will scare their clients with as a means to prove the point that nothing within the network is safe from eavesdropping. So what is it? ARP spoofing, also known as ARP poisoning, is a technique used to attack an Ethernet network. It allows an attacker to sniff data frames on a local area network (LAN), modify the traffic, or stop the traffic altogether. Something that should be mentioned here from the outset; this is nothing new, ARP Spoofing is well known and understood in the security community, such an understanding has resulted in technologies being developed to combat the attack. What is new, however, is that malware authors have seen the potential of this attack and are starting to use it.