BrandiCook writes: "The Department of Defense (DoD) has weighed in with its own support for open source. The DoD provides a nice analogy: “Imagine if only the manufacturer of a rifle were allowed to clean, fix, modify or upgrade that rifle. The military often finds itself in this position wit taxpayer funded, contractor developed software: one contractor with a monopoly on the knowledge of a military software system and control of the software source code.” Open technology offers increased agility and flexibility, fast delivery, increased innovation, reduced risk, lower cost and information assurance and security, the DoD asserts."
Trailrunner7 writes: A new paper from researchers at Verizon Business identifies a method through which an attacker can bypass Internet Explorer Protected Mode and gain elevated privileges once he's successfully exploited a bug on the system. Protected Mode in Internet Explorer is one of a handful of key security mechanisms that Microsoft has added to Windows in the last few years. It is often described as a sandbox, in that it is designed to prevent exploitation of a vulnerability in the browser from leading to more persistent compromise of the underlying system. Protected Mode was introduced in Windows Vista and Internet Explorer 7, and other software vendors have followed Microsoft's lead, introducing sandboxes in applications such as Adobe Reader X and Google Chrome.
In their research, the Verizon Business team found a method that, when combined with an existing memory-corruption vulnerability in the browser, enables an attacker to bypass Protected Mode and elevate his privileges on the compromised machine. The technique enables the attacker to move from a relatively un-privileged level to one with higher privileges, giving him complete access to the logged-in user's account.