tag
FireFox

Firefox 34 disables SSL 3.0 and tackles eight security fixes

Firefox 34, the latest version of the Mozilla’s popular web browser has disabled support for SSL 3.0 in reaction to the POODLE exploit, reported by We Live Security back in October.

Data breach burns Firefox – add-on creators hit by email leak

After a technical error on a Mozilla database, thousands of email addresses and encrypted passwords were exposed for nearly a month – leaving 78,000 Mozilla app developers vulnerable to hackers.

Adobe publicó un parche para el Zero-day en Internet Explorer

Adobe lanzó ayer un parche para Adobe Flash, que imposibilita la ejecución del zero-day en Internet Explorer. Fue publicado pocas horas después de que el gobierno de Estados Unidos recomendara a los usuarios de Internet Explorer que cambiaran de navegador, según el comunicado de prensa del United States Computer Emergency Readiness Team (US CERT). La actualización

Sandboxing: jugando en un ambiente controlado

El escalar privilegios suele estar entre los objetos principales de los atacantes, porque de lograrlo podrán hacer lo que deseen con el sistema vulnerado. En este contexto se hace presente el sandboxing, una técnica que permite aislar una ejecución para que los recursos generales del sistema no se vean comprometidos. Uno de los placeres más

Firefox, Internet Explorer y Adobe vulnerados en concurso de ethical hacking

Esta semana se ha desarrollado el concurso Pwn2Own, en el que se repartieron $400.000 a algunos participantes que han logrado vulnerar aplicaciones tan populares como Internet Explorer, Safari, Mozilla Firefox y algunos productos de Adobe. El grupo francés Vupen, conocido por comercializar las vulnerabilidades que han encontrado, se alzó con el premio más grande otorgado,

Google's data mining bonanza and your privacy: an infographic

Do you use Google? These days the question sounds almost absurd. If you use the Internet, or an iPhone, or an Android phone, or a Kindle or an iPad, then of course you use Google in some shape or form. And if you take a keen interest in how your personal information is used, you

Cycbot: Ready to Ride

Although the “Ready to Ride” group originated in Russia it distributes Win32/Cycbot outside the borders of the Russian Federation. Going by the prices per installation the primary target of the group is the US.

Facebook and Microsoft De-cloak Chrome – MS Neuters Their Privacy Advocate

What’s wrong with this picture? Yes, that’s right, I am using Google’s incognito mode and Clicker knows exactly who I am! I have previously blogged here and here about Facebook’s instant personalization, but let me spell it out for you. Facebook “Instant Personalization” destroys Google Chrome’s “Incognito mode”. There is nothing incognito about opening a

Adobe Flash, The Spy in Your Computer – Part 3

In the first two parts (Part 1, Part 2) of this series I discussed some of the privacy issues associated with Flash and also explained the configuration options that Adobe offers. If you are willing to go through the hassle of creating an mms.cfg file and maintaining it then you really do have the ability

CanSecWest: Mitigation versus Impregnability

Inevitably, CanSecWest  2010 kicked off with the promised and eagerly-awaited Pwn2Own hacking contest, in which a number of effective protection strategies (DEP, code signing, ASLR [1]) failed to prevent determined vulnerability researchers making loadsamoney by circumventing them with attacks on Firefox and IE8 on Windows 7, Safari, and the iPhone. For details and extensive comment see: http://macviruscom.wordpress.com/2010/03/25/and-the-firewalls-came-tumbling-down/ http://kevtownsend.wordpress.com/2010/03/25/sacred-cows-fall-at-pwn2own/

Firefox Add-ons Infected

Perhaps you read the Mozilla blog at http://blog.mozilla.com/addons/2010/02/04/please-read-security-issue-on-amo/ where it was revealed that two add-ons for Firefox were infected with Trojans. In this case the distribution was very small, so not many users were infected, but this type of attack is likely to grow. A large part of the time I worked at Microsoft I

Fake Firefoxfur

There's an interesting post by Lee Graves about fake Firefox updates that actually push adware. It's pretty comprehensive, and lots of other blogs have picked up on it, so I won't rehash the issue here. However, I notice that The Register have credited us with the story (though they may have changed it by the

SSL: to certify web security is not to guarantee it

Hard on the heels of the translated blog by Sebastián Bortnik that I posted at the weekend comes news from the Register (http://www.theregister.co.uk/2009/10/05/fraudulent_paypay_certificate_published/) of a bogus Paypal SSL certificate released yesterday exploiting a bug in Microsoft’s crypto API that has remained unpatched for more than two months, when Moxie Marlinspike (can I have a handle

Truth, Fiction and HTTPS

Update, 19th October. I was recently contacted indirectly by Eddy Nigg of StartCom, who points out, quite rightly, that this issue is not specific to StartCom, nor a problem created by StartCom. He commented further in a comment to Dan Raywood’s article for SC Magazine arising from this blog entry, and I think it’s only

Firefox: More Security, Less Privacy?

Perhaps I imagined it, but a few days ago when I allowed Firefox to update to fix security vulnerabilities my privacy settings were reset to less private settings. I had Firefox set to clear the history on exit, and prompt me. I also had it set not to accept third party cookies. After the upgrade

Shorteners/Redirectors: short of ideas

We’ve been having some discussion internally about shortened URLs, with specific reference to pointing to web resources on Twitter, where you can’t actually avoid using shortened URLs, because an uncompressed URL is automatically shortened using bit.ly. You may remember that I discussed these issues before here, The main problem, of course, is that it’s all too

Compressed URLs & Twitter

The Research team in San Diego has several Twitter accounts that we use, both to follow other people and to keep people who follow us informed about hopefully useful stuff like blogs and new papers. http://twitter.com/esetresearch is the official team Twitter account, but we also post stuff to http://twitter.com/ESETLLC and http://twitter.com/ESETblog, which have more followers at

Competing and Cooperating (Don’t Attack the Customer)

In the security industry there is fierce competition. At least in the anti-malware segment there is also tremendous cooperation. I am writing from the 3rd annual CARO workshop where researchers from several anti-malware companies are sharing important information with their competitors. Quite a while back there both PCTools and ESET had false positives on each

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.