ZDNet Must Read:
Microsoft confirms 'detailed' Windows 7 exploit
Microsoft has issued a security advisory to acknowledge a crippling denial-of-service flaw affecting its newest operating systems -- Windows 7 and Windows Server 2008 R2.... Continued »
Category: Open source
November 19th, 2009
Inside the Google Chrome OS security model
Google plans to use a combination of system hardening, process isolation, verified boot, secure auto-update and encryption to thwart malicious hackers from planting malware on its new Google Chrome OS. Read the rest of this entry »
November 19th, 2009
Microsoft finds security hole in Google Chrome Frame
Back in September, when Google launched the Google Chrome Frame plug-in for Internet Explorer users, Microsoft immediately warned that the move would increase the attack surface and make IE users less secure.
Now comes word that a security researcher in the Microsoft Vulnerability Research (MSVR) has discovered a “high risk” security vulnerability that could allow an attacker to bypass cross-origin protections. Read the rest of this entry »
November 18th, 2009
Mozilla locks out rogue Firefox add-ons
Mozilla has made a significant tweak to this Firefox 3.6 code base to block rogue add-ons from loading in the browser’s application components directory.
This will most certainly block developers and software vendors from silently installing Firefox add-ons without explicit user permission. It will also significantly reduce browser crashes linked to third-party add-ons, Mozilla said. Read the rest of this entry »
November 9th, 2009
Mac OS X mega patch covers 58 security vulnerabilities
Apple has dropped another mega-patch to cover a total of 58 documented vulnerabilities affecting the Mac OS X ecosystem.
The majority of the flaws could allow a remote attacker to gain complete control of an unpatched system, meaning that this update carries an “extremely critical rating.” Read the rest of this entry »
November 6th, 2009
High-risk flaw dings Google Chrome
Google has pushed out a Chrome browser update to fix a pair of security vulnerabilities that expose uses to malicious hacker attacks.
One of the flaws carry a “high-risk” rating because of the threat of arbitrary code execution. Read the rest of this entry »
October 28th, 2009
Opera browser dinged by code execution flaw
Mozilla isn’t the only alternative browser maker struggling with serious security problems.
On the same day Mozilla shipped a Firefox update to fix multiple critical vulnerabilities, Opera dropped a major patch to fix three documented flaws, including a memory corruption issue that exposes users to code execution attacks. Read the rest of this entry »
October 28th, 2009
Firefox hit by multiple drive-by download flaws
Mozilla’s flagship Firefox browser is vulnerable to at least 11 “critical” vulnerabilities that expose users to drive-by download attacks that require no user interaction beyond normal browsing.
The open-source group shipped Firefox 3.5.4 with patches for the vulnerabilities, which range from code execution risk to the theft of information in the browser’s form history. Read the rest of this entry »
October 19th, 2009
Microsoft: Human error caused critical SMB2 vulnerability
Microsoft is blaming human error for one of the critical SMB v2 vulnerabilities that exposed Windows users to remote code execution attacks and argues that it’s near impossible to catch these types of bugs with existing code review tools and techniques.
According to a post-mortem of the issue by Redmond security guru Michael Howard (right), the company detected the vulnerable code “very late” in the Windows 7 development process but argued that there are no static analysis tools or SDL requirements that would spot this type of human error.
October 19th, 2009
Mozilla blocks (then unblocks) dangerous MS .NET Firefox add-on
FINAL UPDATE: In the Threatpost podcast above, Mozilla’s Mike Shaver explains what happened (.mp3)
[ UPDATE: Mozilla has now removed the extension from the blocklist after Microsoft clarified some information in its bulletin on how Firefox users were affected. I'll attempt to get to the bottom of what appears to be a case of miscommunication ]
Mozilla has added the Microsoft .NET Framework Assistant add-on to its blacklist, a move that effectively disables the dangerous extension and plug-in for all Firefox users.
The move comes in the wake of an admission from Microsoft that the add-on was exposing users to drive-by malware downloads via a remote code execution vulnerability. Read the rest of this entry »
October 16th, 2009
Oracle to fix 38 database, product vulnerabilities
Oracle has announced plans to ship a Critical Patch Update (CPU) with fixes for at least 38 security vulnerabilities in a wide range of database and server products.
The most serious vulnerabilities (CVSS score of 10.0) affect Oracle Core RDBMS, Oracle JRockit and Oracle Network Authentication. The patches are due on Tuesday, October 20, 2009.
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.
For daily updates on Ryan's activities, follow him on Twitter.
Subscribe to Zero Day via Email alerts or RSS.
SponsoredWhite Papers, Webcasts, and Downloads
- Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now
- Finally, an easier way for Small and Mid-Sized Companies to Run Their Business Applications: IBM Smart Business IBM From the PC to the Internet to every piece of hardware and software in ... Download Now
- Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
Recent Entries
- Opera patches ‘extremely severe’ security hole
- Exploit published for critical IE 7 zero-day flaw
- Inside the Google Chrome OS security model
- Microsoft finds security hole in Google Chrome Frame
- Mozilla locks out rogue Firefox add-ons
Blogs From Our Sponsors
Most Popular Posts
- Microsoft confirms 'detailed' Windows 7 exploit
- Thousands of web sites compromised, redirect to scareware
- Windows 7's default UAC bypassed by 8 out of 10 malware samples
- Which antivirus is best at removing malware?
- Mac OS X mega patch covers 58 security vulnerabilities
- Microsoft patches Windows worm holes, drive-by download flaws
Top Rated
- Facebook password-reset spam is Bredolab botnet attack+46 votes
- Thousands of web sites compromised, redirect to scareware+43 votes
- Microsoft confirms 'detailed' Windows 7 exploit+43 votes
- Firefox hit by multiple drive-by download flaws+41 votes
- Which antivirus is best at removing malware?+39 votes
- iHacked: jailbroken iPhones compromised, $5 ransom demanded+32 votes
- New LoroBot ransomware encrypts files, demands $100 for decryption+28 votes
- Mac OS X mega patch covers 58 security vulnerabilities+26 votes
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- The more you simplify, the more you save
-
When you transition from your existing Red Hat environment to SUSE Linux Enterprise from Novell, you can recognize dramatic cost savings, perhaps as much 50%
- Learn more >>
- Learn more about tools to grow your business
-
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
- Save time with the UPS Business Essentials Guide
- The best support in the Linux business
-
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
- Learn more >>
- The best support in the Linux business
-
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
- Learn more >>
Archives
Favorite Links
ZDNet Blogs
- All About Microsoft
- The Apple Core
- Between the Lines
- BriefingsDirect
- Collaboration 2.0
- Dev Connection
- Digital Cameras & Camcorders
- Ed Bott's Microsoft Report
- Emerging Tech
- Enterprise Web 2.0
- Forrester Research
- Googling Google
- GreenTech Pastures
- Hardware 2.0
- Home Theater
- iGeneration
- Irregular Enterprise
- IT Project Failures
- Laptops & Desktops
- Lawgarithms
- Linux and Open Source
- Managing L'unix
- The Mobile Gadgeteer
- On Sustainability
- Rational Rants
- The Semantic Web
- Service Oriented
- Smartphones and Cell Phones
- Social Business
- Social CRM: The Conversation
- Software & Services Safari
- Software as Services
- Storage Bits
- Team Think
- Tech Broiler
- Technology and the Global Supply Chain
- Tom Foremski: IMHO
- The ToyBox
- Virtually Speaking
- The Web Life
- ZDNet Education
- ZDNet Government
- ZDNet Healthcare
- Zero Day
White Papers, Webcasts, and Downloads
- Finally, an easier way for Small and Mid-Sized Companies to Run Their Business Applications: IBM Smart Business IBM From the PC to the Internet to every piece of hardware and software in ... Download Now
- Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now
- The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now
-
-
Smart Tech
Expert advice on innovations in healthcare and the green technologies that make it happen.
Find out more
-
Smart Business
Discussion and advice on management issues that revolve around making your world smarter and more useful.
More Smart Advice
-
Smart People
The best and worst moves in the management and strategy trenches.
Learn More
