On TechRepublic: Windows 7 keyboard shortcut cheat sheet
BNET Business Network:
BNET
TechRepublic
ZDNet

ZDNet Must Read:

Microsoft confirms 'detailed' Windows 7 exploit

Microsoft has issued a security advisory to acknowledge a crippling denial-of-service flaw affecting its newest operating systems -- Windows 7 and Windows Server 2008 R2.... Continued »

Category: Google Chrome

November 19th, 2009

Microsoft finds security hole in Google Chrome Frame

Posted by Ryan Naraine @ 9:49 am

Categories: Anti Virus, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Google, Google Chrome, Malware, Microsoft, Open source, Patch Watch

Tags: Google Inc., Microsoft Corp., Google Chrome, Web Browsers, Security, Viruses And Worms, Internet, Ryan Naraine

Back in September, when Google launched the Google Chrome Frame plug-in for Internet Explorer users, Microsoft immediately warned that the move would increase the attack surface and make IE users less secure.

Now comes word that a security researcher in the Microsoft Vulnerability Research (MSVR) has discovered a “high risk” security vulnerability that could allow an attacker to bypass cross-origin protections. Read the rest of this entry »

November 6th, 2009

High-risk flaw dings Google Chrome

Posted by Ryan Naraine @ 9:18 am

Categories: Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Google, Google Chrome, Open source, Patch Watch, Responsible disclosure

Tags: Google Inc., Web Browser, Google Chrome, Arbitrary Code Execution, Details, Web Browsers, Security, Internet, Ryan Naraine

Google has pushed out a Chrome browser update to fix a pair of security vulnerabilities that expose uses to malicious hacker attacks.

One of the flaws carry a “high-risk” rating because of the threat of arbitrary code execution.  Read the rest of this entry »

October 19th, 2009

Mozilla blocks (then unblocks) dangerous MS .NET Firefox add-on

Posted by Ryan Naraine @ 5:29 am

Categories: Adobe, Anti Virus, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Firefox, Google, Google Chrome, Malware, Microsoft, Mozilla, Open source, Patch Watch, Pen testing, Uncategorized

Tags: Mozilla Firefox, Microsoft Corp., Mozilla Corp., Add-on, Web Browsers, Spyware, Adware & Malware, Cyberthreats, Security, Viruses And Worms, Internet

FINAL UPDATE: In the Threatpost podcast above, Mozilla’s Mike Shaver explains what happened (.mp3)

[ UPDATE: Mozilla has now removed the extension from the blocklist after Microsoft clarified some information in its bulletin on how Firefox users were affected.  I'll attempt to get to the bottom of what appears to be a case of miscommunication ]

Mozilla has added the Microsoft .NET Framework Assistant add-on to its blacklist, a move that effectively disables the dangerous extension and plug-in for all Firefox users.

The move comes in the wake of an admission from Microsoft that the add-on was exposing users to drive-by malware downloads via a remote code execution vulnerability. Read the rest of this entry »

October 16th, 2009

Microsoft exposes Firefox users to drive-by malware downloads

Posted by Ryan Naraine @ 9:24 am

Categories: Adobe, Anti Virus, Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Firefox, Flash, Google, Google Chrome, Hackers, Malware, Metasploit, Microsoft, Mozilla, Open source, Passwords, Patch Watch, Pen testing

Tags: Google Inc., Mozilla Firefox, Vulnerability, Malware, Microsoft Internet Explorer, Microsoft Corp., Attack Vector, Web Browser, Google Chrome, Plug-in

Remember that Microsoft .NET Framework Assistant add-on that Microsoft sneaked into Firefox without explicit permission from end users?

Well, the code in that add-on has a serious code execution vulnerability that exposes Firefox users to the “browse and you’re owned” attacks that are typically used in drive-by malware downloads. Read the rest of this entry »

October 9th, 2009

Mozilla 'Plugin Check' keeps Firefox add-ons secure

Posted by Ryan Naraine @ 9:06 am

Categories: Adobe, Botnets, Browsers, Data theft, Exploit code, Firefox, Flash, Google Chrome, Mozilla, Open source, Patch Watch

Tags: Mozilla Firefox, Web Browser, Mozilla Corp., Plug-in, Web Browsers, Internet, Ryan Naraine

Mozilla has expanded its Plugin Check service to provide an easy way for Firefox users to pinpoint browser add-ons that might be vulnerable to hacker attacks.

The new service, available here, effectively scans the browser for all installed plug-ins and provides one-click options to apply patches if an outdated plugin is found. Read the rest of this entry »

September 24th, 2009

Microsoft says Google Chrome Frame doubles IE attack surface

Posted by Ryan Naraine @ 7:00 am

Categories: Anti Virus, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Google, Google Chrome, Malware, Microsoft, Pen testing, Phishing

Tags: Google Inc., Microsoft Internet Explorer, Microsoft Corp., Google Chrome, Attack, Web Browsers, Cyberthreats, Spyware, Adware & Malware, Security, Viruses And Worms

Google’s decision to introduce a plug-in that runs Google Chrome inside Microsoft’s Internet Explorer isn’t sitting well with the folks at Redmond.

The Google Chrome Frame, which is presented as a  seamless way to bring Google Chrome’s open web technologies and speedy JavaScript engine to Internet Explorer, has increased the attack surface for IE users, Microsoft said today. Read the rest of this entry »

August 25th, 2009

High-risk vulnerabilities hit Google Chrome

Posted by Ryan Naraine @ 1:21 pm

Categories: Anti Virus, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Google, Google Chrome, Malware, Open source, Passwords, Patch Watch, Phishing, Responsible disclosure, Spyware and Adware, Vulnerability research

Tags: Google Inc., Attacker, Vulnerability, Google Chrome, Security, Ryan Naraine

Multiple serious security flaws in the Google Chrome browser could expose users to code execution attacks, according to an advisory released today.

The flaws, rated “high risk,” have been addressed in Google Chrome 2.0.172.43, which is released automatically to Chrome users.

Details on the serious issues:

Read the rest of this entry »

August 7th, 2009

Browser flaws expose users to man-in-the-middle attacks

Posted by Ryan Naraine @ 10:55 am

Categories: Anti Virus, Apple, Arbitrary Code Execution, Browsers, Complex Attacks, Denial of Service (DoS), Exploit code, Firefox, Google, Google Chrome, Microsoft, Mozilla, Open source, Pen testing, Responsible disclosure, Vulnerability research

Tags: Flaw, Web Browser, Attack, Web Browsers, Internet, Ryan Naraine

Security researchers at Microsoft have found a way to break the end-to-end security guarantees of HTTPS without breaking any cryptographic scheme.

During a research project (.pdf) concluded earlier this year, the Microsoft Research team discovered a set of vulnerabilities exploitable by a malicious proxy targeting browsers’ rendering modules above the HTTP/HTTPS layer.

Read the rest of this entry »

July 16th, 2009

Mozilla, Google plug high-risk browser holes

Posted by Ryan Naraine @ 9:38 pm

Categories: Anti Virus, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Firefox, Google, Google Chrome, Hackers, Mozilla, Open source, Passwords, Patch Watch, Responsible disclosure, Viruses and Worms, Vulnerability research, Zero-day attacks

Tags: Google Inc., Mozilla Firefox, Vulnerability, Web Browser, JIT, Mozilla Corp., Web Browsers, Security, Internet, Ryan Naraine

Just 48 hours after the release of exploit code targeting a zero-day vulnerability in Firefox 3.5, Mozilla’s security response team has rushed out a patch to protect users from code execution attacks.

With Firefox 3.5.1, rated a “critical” update, the open-source group corrects a browser crash that could result in an exploitable memory corruption problem.

Read the rest of this entry »

June 11th, 2009

Google plugs 'high risk' WebKit holes in Chrome

Posted by Ryan Naraine @ 7:50 am

Categories: Anti Virus, Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Exploit code, Google, Google Chrome, Hackers, Malware, Open source, Patch Watch, Pen testing

Tags: Google Inc., Attacker, Web Browser, Google Chrome, Sandbox, Web Browsers, Security, Internet, Ryan Naraine

Google has shipped a Chrome browser update to fix two serious security issues in WebKit.

According to Google Chrome program manager Mark Larson, the most serious of the two flaws could allow hackers to execute harmful code in the browser’s sandbox.  It is rated “high severity.”

Read the rest of this entry »

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

Most Popular Posts

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Enterprise Applications

  • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
  • New Online Dashboard
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline