From the category archives:

Vulnerabilities

» News

Multiple Vulnerabilities on McAfee.com

Recently YGN Ethical hacker Group publicly disclosed about multiple vulnerabilities on McAfee portal @ Full Disclosure mailing list that could lead to cross-site scripting attacks. Initially group reported these vulnerabilities to McAfee in February 2011, but even after a month they found that vulnerabilities were not fixed completely,  which lead them to disclosing it publicly [...]

Read Ahead →

» News

MySQL.Com Vulnerable to Blind SQL Injection

The MySQL website offers database software, services and support for your business, including the Enterprise server, the Network monitoring and advisory services and the production support. The wide range of products include: Mysql clusters, embedded database, drivers for JDBC, ODBC and Net, visual database tools (query browser, migration toolkit) and last but not least the [...]

Read Ahead →

» News

Does RSA SecurID Breach really matters?

RSA recently announced discovery of a breach in to their systems, concerning about a sophisticated attack extracting data on their SecurID two-factor authentication products in an open letter from RSA’s Executive Chairman, Arthur W. Coviello. RSA SecurID solutions covers 70% of world two-factor authentication market. Two-factor authentication also known as something you have [hardware token, [...]

Read Ahead →

» News

RSA SecureID Hacked

“Certain information being extracted from RSA’s systems”. Thats what RSA’s executive chairman Art Coviello admitted. There is a possiblity that encryption seed details related to RSA SecureID might have been compromised which would leave only the PIN as the confedential detail in case of commonly used 2 factor authentication tokens. Details – http://www.channelweb.co.uk/crn-uk/news/2035401/rsa-security-breach-sparks-reseller-concern

Read Ahead →

» News

Google Chrome Multiple Vulnerabilities

Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact while others can be exploited by malicious people bypass certain security restrictions, disclose system information, and compromise a user’s system. Google announced these detailed just a day before pwn2own contest. Secunia did a complete analysis of Google’s blogpost and reported it [...]

Read Ahead →

» News

Yet one more Zero Day MS vulnerability

Windows users warned of a new unpatched vulnerability that attackers could exploit to steal information and dupe people into installing malware. Microsoft acknowledged that a bug in Windows’ MHTML (MIME HTML) protocol handler can be used by attackers to run malicious scripts within Internet Explorer (IE). “The best way to think of this is to [...]

Read Ahead →

» News

Important Security Update for Version 3.0.4 of WordPress

It has been made available directly through the update page in one’s dashboard.  One can also download it from here too. It is a very significant update to apply to our sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. As a security researcher, one [...]

Read Ahead →

» News

Critical Bugs in all versions of IE

Microsoft has recently confirmed critical bugs in all its IE versions. The vulnerability is in the IE’s HTML engine which can be exploited by directing the users to the malicious websites. More Details – http://www.itnews.com/browsers/26654/microsoft-confirms-critical-ie-bug-works-fix

Read Ahead →

» Articles

Beware :- Firesheep Firefox Add-on can hijack Facebook And Twitter Accounts over an open Wi-Fi connection

The add-on, named ‘Firesheep’, was released by web application developer Eric Butler during the ToorCon security conference held in San Francisco and is designed to hijack a user’s current internet session over the unsecured Wi-Fi network. The main motive behind the release of the add-on is to make people aware of the dangers of accessing [...]

Read Ahead →

» News

Multiple vulnerabilities reported in Google Chrome

Several vulnerabilities due to use-after-free and memory corruption errors were reported in Google Chrome. Exploitation of these vulnerabilities allowed a remote attacker to disclose potentially sensitive information, cause denial of service or compromise an affected system. For more information refer: http://www.cert-in.org.in/vulnerability/civn-2010-221.htm

Related Posts Plugin for WordPress, Blogger...

Read Ahead →

← Previous Entries

Next Entries →