juct - Slashdot User

Submission + - Mozilla to protect Adobe Flash users (h-online.com) 1

Submitted by

juct

on Friday September 04, 2009 @06:10AM

juct writes: "Firefox is going to check the version of installed Adobes Flash plug-ins and warn users if it discovers an outdated version with potential security holes. Mozilla confirmed this new security feature and said that the Flash version check was part of a wider commitment to "protect users from emerging threats online". Only recently a study confirmed, that 80 per cent of users surf with a vulnerable version of Adobe's plug-in."

Comment english version of the heise story (Score 1) 116

by juct on Tuesday December 30, 2008 @01:42PM (#26269335) Attached to: CCC Hackers Break DECT Telephones' Security

is available on thier UK site: 25C3: Serious security vulnerabilities in DECT wireless telephony

Submission + - Antivirus protection worse than a year ago (heise-security.co.uk)

Submitted by

juct

on Thursday December 20, 2007 @11:35AM

juct writes: "In a test of 17 antivirus products, the german magazine c't concluded, that the effectiveness has fallen off, and more and more pests can now slip past these barriers. Most of the products perform reasonably well if they can rely on their database of signatures. But if they have to detect new malware with heuristics, the results were worse than last year. Besides this c't did the first comprehensive test of behaviour blocking in antivirus products and found that more than half of them did not react on suspicious behaviour at all. The test itself is available only in the printed magazine, heise Security published a summary."

Submission + - Spying on the TOR anonymisation network (heise-security.co.uk)

Submitted by

juct

on Wednesday November 21, 2007 @11:41AM

juct writes: "The long standing suspicion, that the anonymizing network TOR is (ab)used to catch sensitive data by Chinese, Russian and American government agencies as well as hacking groups gets new support. Members of the Teamfurry community found TOR exit-nodes which only forward unencrypted versions of certain protocols. These peculiar configurations invite speculation as to why they are set up in this way. Another tor exit node has been caught doing MITM attacks using fake SSL certificates."

Submission + - OS X Leopard firewall flawed 1

Submitted by cycoj on Monday October 29, 2007 @05:29PM

cycoj writes: German IT magazine Heise takes a look at the new OS X Leopard firewall. They find it flawed. When setting access to specific services and programs for example to only allow SSH access, they found that a manually started service was still accessible. From the article:

"So the first step after starting Leopard should be to activate the firewall. The obvious choice to do so is the option to "Set access to specific services and programs", which promises more control over network traffic. Mac OS X automatically enters all shared resources set up by the user, such as "Remote login" for SSH servers, into the list of accessable resources.

However, initial functional testing quickly dispels any feeling of improved security. A service started for testing purposes was able to be addressed from outside without any difficulty. The firewall records this occurrence."

Even with the firewall set to "Block all incoming connections" ports to netbios, ntp and other services were still open.

"Specifically these results mean that users can't rely on the firewall. Even if users select "Block all incoming connections," potential attackers can continue to communicate with system services such as the time server and possibly with the NetBIOS name server."

Submission + - GeForcing passwords (heise-security.co.uk)

Submitted by

juct

on Thursday October 25, 2007 @08:07AM

juct writes: "Using the GPU GeForce-8 cards Windows NTLM passwords can be cracked up to 25 times faster than previously thought possible. The Russian company Elcomsoft has implemented this in version 2.0 of its Distributed Password Recovery product."

Submission + - Unofficial URI-patch for Windows (heise-security.co.uk)

Submitted by dg2fer on Thursday October 18, 2007 @05:12AM

dg2fer writes: For more than two month, the vulnerability of parsing URIs is known for several Windows programms, including Outlook, Adobe Reader, IRC clients and many more.

The latest Microsoft patches published for October did not include a solution for the URI problem, so according to an article on heise security hackers started to solve the problem theirselfes and published an unofficial patch which cleans up the critical parameters of URI system calls before calling the vulnerable Windows system function.

Submission + - The Morality of Web Advertisement Blocking (cnet.com) 1

Submitted by Anonymous Coward on Tuesday September 11, 2007 @10:44AM

An anonymous reader writes: There has been some recent coverage of the over-hyped boycott of Firefox, in response to the rising popularity of the Adblock Plus Firefox extension. A recent editorial on CNET looks into the issue, and explores the moral and legal issues involved in client-side web advertisement blocking. Whereas TiVo users freeload on the relatively fixed broadcasting costs paid by TV networks, users of web ad-blocking technology are actively denying website owners revenue that would otherwise go to pay for the bandwidth costs of serving up those web pages. If the website designer has to pay for bits each time you view their website without viewing their banner ads, are you engaged in theft? Is this right? CNET has more on the subject....

Submission + - Firefox and IE still not getting along (heise-security.co.uk)

Submitted by

juct

on Thursday July 26, 2007 @12:45PM

juct writes: "A new demo shows how Firefox running under Windows XP SP2 can be abused to start applications. For this to work, however, Internet Explorer 7 needs to be installed. This severe security problem promises another round in the "who-is-to-blame-war" between Mozilla and Microsoft. Mozilla currently is leading the race for a patch, as they have one ready in their bugzilla database."

Submission + - Holes in Firefox password manager (heise-security.co.uk)

Submitted by

juct

on Friday July 20, 2007 @06:22AM

juct writes: "Although the Mozilla developers have fixed a known hole in the password manager of Firefox & Co, a door remains open for exploitation. According to an article on heise Security attackers can still use JavaScript to steal passwords. However, the real problem might not be Firefox' password manager. If users can set up their own pages containing script code on a server, the JavaScript security model breaks. Heise Security demonstrates the possible password theft in a demo."

Submission + - FBI used CIPAV for secret online search (heise-security.co.uk)

Submitted by

juct

on Thursday July 19, 2007 @09:47AM

juct writes: "The FBI has used PC spyware for the first time to reveal the identity of an offender who sent bomb threats to a high school in Washington state. According to heise Security a declaration from the FBI official who applied for the search warrant describes the mode of operation of the spyware which the FBI is using under the abbreviation CIPAV (Computer and Internet Protocol Address Verifier)."

Slashdot Top Deals