| 

What you need to know about BERserk and Mozilla

  • Post author: Omid Farhang
  • Post published: September 25, 2014
  • Reading Time: 1 min
  • Word Count: 193 words

The Intel Security Advanced Threat Research Team has discovered a critical signature forgery vulnerability in the Mozilla Network Security Services (NSS) crypto library that could allow malicious parties to set up fraudulent sites masquerading as legitimate businesses and other organizations. The Mozilla NSS library, commonly utilized in the Firefox web browser, can also be found in Thunderbird, Seamonkey, and other Mozilla products. Dubbed “BERserk”, this vulnerability allows for attackers to forge RSA signatures, thereby allowing for the bypass of authentication to websites utilizing SSL/TLS. Given that certificates can be forged for any domain, this issue raises serious concerns around integrity and confidentiality as we traverse what we perceive to be secure websites. ...

Continue Reading What you need to know about BERserk and Mozilla

Chrome 28 with new Blink engine and Rich Notifications

  • Post author: Omid Farhang
  • Post published: July 10, 2013
  • Reading Time: 2 min
  • Word Count: 384 words

Cross-posted from H-Online: Google has released the stable version 28 of its Chrome browser. It is the first version to use the new Blink engine for rendering web pages and it appears that the new engine will allow web pages to be loaded about ten per cent faster. The developers say that the increased speed is also thanks to the new threaded HTML parser, which frees up the JavaScript thread, allowing DOM content to be displayed faster. The HTML parser also takes fewer breaks, which is said to result in time savings of up to 40 per cent. Another contributor to the faster working speed is the optimized V8 JavaScript engine. ...

Continue Reading Chrome 28 with new Blink engine and Rich Notifications

WordPress hardened with XSS, DoS and SSRF fixes

  • Post author: Omid Farhang
  • Post published: June 25, 2013
  • Reading Time: 1 min
  • Word Count: 195 words

With the second security and maintenance release of WordPress 3.5, the developers of the popular open source blogging software have closed 12 bugs, seven of them security issues. In their announcement, the developers “strongly encourage” all users to update all their installations of the software to version 3.5.2 immediately. In addition to the fixed vulnerabilities, the new release also includes some proactive changes intended to harden the platform against attacks. ...

Continue Reading WordPress hardened with XSS, DoS and SSRF fixes

Symantec updates Norton 2013 range to v20.4

  • Post author: Omid Farhang
  • Post published: June 19, 2013
  • Reading Time: 2 min
  • Word Count: 223 words

Symantec has updated its suite of Windows security products with the release of Norton Antivirus 2013 v20.4, Norton Internet Security 2013 v20.4 and Norton 360 2013 v20.4. Version 20.4 is primarily a bug-fix release, with some notable fixes, but also tweaks the user interface. One visible change for users who also have Malwarebytes Anti-Malware Free installed as additional protection is a fix that prevents Norton from blocking or flagging up MBAM as incompatible. ...

Continue Reading Symantec updates Norton 2013 range to v20.4

Apple closes QuickTime vulnerabilities on Windows

  • Post author: Omid Farhang
  • Post published: May 23, 2013
  • Reading Time: 1 min
  • Word Count: 162 words

Apple has released a security update for its QuickTime media framework for Windows. Version 7.7.4 of the software closes 12 critical security holes causing memory corruption and buffer overflows when processing a number of media formats. The vulnerabilities affect Windows 7, Vista and XP SP2 or later and could be exploited to cause arbitrary code execution and application crashes. The vulnerabilities affected the playback of MP3, H.263, H.264, TeXML, JPEG, QTIF, Sorenson Video and FPX files as well as the handling of dref, enof and mvhd atoms within the program. All of the problems were reported by researchers working with HP’s Zero Day Initiative, five of them by Tom Gallagher and Paul Bates from Microsoft. ...

Continue Reading Apple closes QuickTime vulnerabilities on Windows

Ubuntu 13.04 Raring Ringtail is out, What's new?

  • Post author: Omid Farhang
  • Post published: April 25, 2013
  • Reading Time: 3 min
  • Word Count: 565 words

Canonical has released Ubuntu 13.04 Raring Ringtail, most likely the last release of Ubuntu that will primarily cater for laptop and desktop users. For Ubuntu 13.04, Canonical focused on tightening up the core of the OS and polishing the Unity interface in preparation for Ubuntu’s smartphone and tablet debut, which is slated to occur in October with the release of version 13.10. There’s also the usual slew of package updates, a new Linux kernel, and a couple of new features, too. ...

Continue Reading Ubuntu 13.04 Raring Ringtail is out, What's new?

Microsoft patches the security update 2823324

  • Post author: Omid Farhang
  • Post published: April 24, 2013
  • Reading Time: 1 min
  • Word Count: 146 words

Microsoft is making another attempt to close the privilege elevation hole in the NTFS filesystem’s kernel driver for Windows 7 and Server 2008, including R2. The new patch, 2840149, supersedes security update 2823324, which Microsoft released on its April Patch Tuesday. However, shortly after releasing it, the software giant had to recall the first update because it caused problems with various third-party programs; it crippled computers and triggered error messages. Kaspersky’s anti-virus programs also started acting up once the update was installed, erroneously assuming that they no longer had a valid licence and discontinuing operation. When re-releasing the update, Microsoft didn’t clarify whether this was the reason for the system malfunctioning. ...

Continue Reading Microsoft patches the security update 2823324

Microsoft to plug holes in Windows Defender in Patch Tuesday

  • Post author: Omid Farhang
  • Post published: April 5, 2013
  • Reading Time: 1 min
  • Word Count: 190 words

Microsoft’s Patch Tuesday on 9 April will be an important spring cleaning day; the company plans to implement nine security bulletins. One of the bulletins deals with vulnerabilities in Windows Defender for Windows 8 and RT; the hole is rated as important and can be exploited to achieve elevated privileges. The headline bulletins will be the two critical security holes, one of which affects all versions of Windows and Windows Server, and another critical vulnerability which can be found in all versions of Internet Explorer. Whether the Internet Explorer fix will be addressing the IE vulnerability revealed at the recent Pwn2Own contest is unclear though. Both critical holes allow for remote code execution. ...

Continue Reading Microsoft to plug holes in Windows Defender in Patch Tuesday

Google updates all Chrome editions

  • Post author: Omid Farhang
  • Post published: November 29, 2012
  • Reading Time: 2 min
  • Word Count: 416 words

h-online: Google has updated the Stable, Beta and Developer Channels of the desktop version of its Chrome browser with a number of bug fixes and improvements. The Stable Channel update closes seven security vulnerabilities, three of them rated High, and includes bug fixes. New stable Chrome versions for iOS and Android have also been released and include minor improvements. The iOS version of the browser now supports Apple’s Passbook application. ...

Continue Reading Google updates all Chrome editions

Firefox 16 re-released fixing multiple vulnerabilities

  • Post author: Omid Farhang
  • Post published: October 12, 2012
  • Reading Time: 2 min
  • Word Count: 421 words

The H-Online: The latest version of Firefox, version 16, has returned to Mozilla’s servers with the release of Firefox 16.0.1 after the discovery of vulnerabilities caused the organization to remove the just-released open source web browser from circulation. Mozilla’s security blog post described the problem as just that of a malicious web site being able to potentially determine the URLs and parameters used and suggested downgrading to Firefox 15.0.1, despite the numerous critical bugs fixed in Firefox 16. ...

Continue Reading Firefox 16 re-released fixing multiple vulnerabilities