A flaw allows the takeover of computers browsing with Firefox
According to a Norwegian firm security, hackers exploited a flaw in the Firefox browser to take control of computers that visit the official website of the Nobel Peace Prize.
The Mozilla Foundation has confirmed this vulnerability was rated critical. It affects versions 3.5 and 3.6 of its browser.
According to the company Norman ASA, the site of the famous Prize nobelpeaceprize.org "was first suffered an attack that has to inject an iframe pointing to a malicious server.
This server then issues a variety of exploits targeting (and first) only the Firefox browser. One of the achievements is taking control away from Firefox 3.6.11.
To force the installation of malware, attackers exploited a flaw-type "competitive situation" (in English "race condition"). Attack complex that plays on the execution order of instructions, an order which provides different results.
The malicious Windows executable that is installed and then tries to query multiple internet addresses.
If one of them meets the malware launches Shell and open the socket, and gives the attacker access to the victim's computer with the same rights as the logged user.
Mozilla provides a patch is being prepared to plug this loophole.
Meanwhile, installing NoScript extension is recommended to restrict the execution of JavaScript to trusted sites.
Many analysts see clearly the hand of Beijing in this case.
The attack came just three weeks after the Chinese dissident Liu Xiaobo (described as "criminal" by Beijing), has been crowned winner of the Nobel Peace 2010.
Sources :
Security flaw discovered iOS 4.1
A new security flaw was discovered in iOS 4.1, this flaw allows access to the directory of an iPhone protected by a password.
Handling is fairly simple, just to have an iPhone on iOS 4.1 Protecting a password and :
- Click "Emergency Call"
- Type a number at random, ex: 1234
- Tap on "Call" followed immediately:
- Pressing the power button on the top right.
If you were fast enough, you should find yourself in the application "Phone" of the iPhone and can see the different contacts and even call them!
Namely, this flaw does not appear to be present in the beta iOS 4.2 but there is no fix to date for version 4.1, either by Apple or Cydia.
RDS security flaw in Linux Kernel 2.6.30 and higher
A flaw affecting the RDS for Linux allows a user to afford the status of "super user", a fix is luckily available.
A security flaw in Linux issue very recently discovered by a team of researchers. The scientists point the finger and a vulnerability that appeared in version 2.6.30 of the kernel of the operating system free, and that continues to this day.
It is situated in the RDS (Reliable Datagram Sockets) that came with this version of the kernel.
Source : VSR Security
A 12 years old hacker found a critical flaw in Firefox
In the series' value does not expect the number of years "after the young girl of 16 who is developing a site for the British government, this is the hacker of 12 years is a critical flaw in Firefox.
And pocketing $ 3,000 in the passage provided by the Mozilla Foundation for any contributor who help significantly to improve the security of its browser.
Alex Miller is a young boy from San Jose (Calif.) computer enthusiast. Passionate but not insensitive to the gains.
When Mozilla has decided to multiply by six the reward for the discovery of a significant vulnerability, the young prodigy has made up his mind to win the award.
His initial analysis led him to find some flaws, minor, insufficient to receive the jackpot.
Stubborn, Alex Miller continues his research for 10 days at an hour and a half per day, until he uncovers a flaw in the use of application memory.
Tracking down bugs is not easy. Very technical, it concerns only a small community of developers, says essentially Brandon Sterne, head of security at Mozilla, about Alex Miller.
An annoying boy ?
Source : Mercury News
A critical flaw found in Flash Player and Acrobat
Adobe has just emmetre today a bulletin regarding a critical security flaw has been discovered in two of its products.
Indeed, some versions of Flash Player (10.0.45.2, 9.0.262 and earlier 9.0.x and 10.0.x for Windows, Macintosh, Linux and Solaris) and the authplay.dll Adobe Acrobat Reader (9.3 .2 9.x and earlier for Windows, Macintosh and UNIX), Herewith a vulnerability that could allow a hacker to take control of a remote computer.
No official patch does now to correct this loophole, but Adobe says that Flash 10.1 version release candidate there would not vulnerable. The firm adds that Adobe Reader and Acrobat 8.x is not usable by this technique.
A fix will be proposed as soon as possible by the firm. Attacks related to this vulnerability would be very numerous, caution is required for users of the software ..
Certificates
Categories
- Ansermot.ch (9)
- Community (99)
- Development (250)
- Misc (21)
- Projects (25)
- FireStats Charts (12)
- WordPress Blog Farmer (4)
- WP Page Qr (3)
- Social (24)
- System (111)