Just two weeks ago, Mozilla released a security update for their Firefox web browser, and today they are releasing another security update to fix 3 security vulnerabilities. All of the vulnerabilities were marked critical. MFSA 2008-36 - Crash with malformed GIF file on Mac OS X MFSA 2008-35 - Command-line URLs launch multiple tabs when [...]
By now, I think everyone has heard about the cache poisoning vulnerability in many DNS servers. Many are using Dan Kaminsky's online testing tool at doxpara.com to test their own servers, but Dan's server leaves the results exposed to the public. For those that want to test their DNS servers and not have the results [...]
Today, Sun released an update to their Java Runtime Environment (JRE) and Java Development Kit (JDK) to fix several security vulnerabilities. The latest JRE and JDK is version 6 update 7. John Heasman of NGSSoftware put his thoughts on the various security vulnerabilities in a post called 'Time to updated your JRE again'. It looks [...]
Yesterday, Dan Kaminsky announced that there is a fundamental flaw in the DNS protocol that can allow attackers to spoof domains to any DNS server. Because it is a fundamental flaw in the DNS protocol, many implementations of DNS servers are vulnerable. Yes, that means BIND, Cisco, Microsoft, and many others are vulnerable. Luckily, Dan [...]
Everyone's favorite free open-source encryption software TrueCrypt just released a new version over the weekend. TrueCrypt 6.0's biggest new feature is the ability to create and run an encrypted hidden operating system whose existence is impossible to prove! Some of the other enhancements include support for multi-core processors and multi-processor systems, and the ability to [...]
This post is part of the information security communities project. Hey everyone! My Name is Steven McGrath, and as a security professional local to the Chicago area, I thought it would be best to share a list of events that I am familiar with in the area: Chicago 2600 - Chicago 2600 is an informal [...]
DeepSec is an in-depth security conference in Vienna, Austria. Last year it was held on November 20th through the 23rd, and from the speaker lineup, it looked like a very good conference. Everyone can now enjoy the presentations, as the DeepSec 2007 videos are online at Google video. Here are some of the DeepSec 2007 [...]
Yesterday, Google released their open-source passive web application security assessment tool called ratproxy. This utility, developed by our information security engineering team, is designed to transparently analyze legitimate, browser-driven interactions with a tested web property and automatically pinpoint, annotate, and prioritize potential flaws or areas of concern. The proxy analyzes problems such as cross-site script [...]
Mozilla released yesterday an update to the 2.0.0.x version of Firefox, fixing 12 security bugs. The Firefox 2.0.0.15 release fixed 12 security vulnerabilities, 4 of which were rated critical. So for those that are not using the recently released Firefox 3.0, I would suggest upgrading now to Firefox 2.0.0.15.
This post is part of the information security communities project, and was guest blogged by Stacy Thayer, the founder and executive director of SOURCE Conference. The East Coast is home to some of the world's leading computer security professionals. The computer security industry has been active for many years and is now experiencing rapid growth. [...]