Lisa Vaas

A security researcher has found a remote vulnerability in the upgrade mechanism in the Firefox extension used by Google Toolbar and Google Browser Sync that could lead to a man-in-the-middle attack and covert installation of malicious software. Christopher Soghoian, a graduate student at Indiana Universitys School of Informatics, discovered that an attacker can silently slip […]

Compared with Windows, the Macintosh platform is still largely untouched by vulnerability exploits. But the prompt release of exploit code for a vulnerability detailed in a May 24 set of updates shows that its catching up fast when it comes to grabbing the attention of exploit writers. “It is very Microsoft. Its something weve grown […]

The Mozilla Foundation has released security updates to fix multiple flaws that could result in system hijacking in its open-source Firefox browser, Thunderbird e-mail client and SeaMonkey Internet applications suite. The bugs, deemed critical, are detailed in Mozillas Security Advisory 2007-12. They include multiple vulnerabilities in Mozillas Layout Engine and in its JavaScript engine that […]

Mac OS X is running with an outdated and vulnerable version of the open-source file and print program Samba, according to Symantecs DeepSight Threat Analyst Team. The vulnerabilities, first published on May 14, involve multiple heap-based buffer overflow weaknesses in Sambas NDR RPC (remote procedure call) request. Samba has been out since 1992 and runs […]

Apple is recommending that all QuickTime users—both on Windows and Mac OS X—download its update for Version 7.1.6 to fix a pair of security glitches. The company posted the updates on May 29. One of the first two problems, in QuickTime for Java, can lead users to having their systems hijacked if they visit a […]

Microsoft Surface—Microsofts new touch-sensitive, flat computing table technology—promises shopping at the users fingertips. Patrons will be able to order food in a restaurant by touching its image. Someday, after Microsoft partners work out the details, theyll also be able to pay for that meal by laying a credit card on the Surface or by using, […]

Chinas military is preparing for electronic warfare by setting up information warfare units that are developing viruses to attack enemy computers and networks, according to the Department of Defenses annual report to Congress. According to the DoD, the PLA (Peoples Liberation Army) has also established tactics to protect its own computer systems and networks and […]

Sun Microsystems says two buffer overflows in the SOCKS module of its Sun Java System Web Proxy Server 4.0 can give a remote attacker the privileges of a superuser. The server acts as a network traffic manager, collecting network data, figuring out where it should go and distributing it accordingly, thus cutting down on the […]

Apple on May 24 released patches for 17 vulnerabilities spanning a host of technologies and a slew of potential unpleasantness: from system takeover to denial of service to password snatching. The patches can be downloaded automatically by enabling Software Update or they can be downloaded at Apples download site. One of the worst bugs, found […]

IBM put out a network IPS on May 22 with inspection rate speeds of 6G bps—what it calls “unsurpassed” performance. McAfee put out an IPS on May 22 that it says is the fastest network intrusion prevention system ever, its 10G-bps IntruShield M-Series platforms. McAfee’s faster at 10G bps, right? Well, when I asked, IBM […]