Joomla security Flaw discovered
The Joomla team has announced a security vulnerability in the core.
It concerne all version including 1.5.21 !
A 0-day flaw works on IE6, IE7 and IE8
Microsoft has just issued a bulletin: a 0-day vulnerability is currently being worked on versions 6, 7 and 8 of its popular browser, Internet Explorer.
The beta version of IE9 should't be targeted.
Microsoft is monitoring the situation closely. An emergency patch will be proposed, if the fault is most likely clogged with the next Tuesday patch (November 9).
Google enhances the security of Android 2.2
Google has recently made safety updates on Android 2.2 (Froyo) for system administrators of the professional environments.
Control of mobile devices running the Google OS from Google Apps has been optimized in order to promote productivity and safety.
Mozilla fixed in 48 hours the exploit in Firefox 3.5 and 3.6
It only took 48 hours for the Mozilla Foundation released a security patch following the discovery of a flaw in its browser, which allowed a takeover of the attacked machine.
The flaw was exploited from the site of the Nobel Peace Price site, which itself had been mysteriously hacked.
Firefox was the only browser that is visibly affected by this attack (see above).
Today, the Foundation has released two patches, one for each version of Firefox (3.5 and 3.6) affected by the exploit.
Everything is back to normal.
Hats off to a reaction rate too fast?
A flaw allows the takeover of computers browsing with Firefox
According to a Norwegian firm security, hackers exploited a flaw in the Firefox browser to take control of computers that visit the official website of the Nobel Peace Prize.
The Mozilla Foundation has confirmed this vulnerability was rated critical. It affects versions 3.5 and 3.6 of its browser.
According to the company Norman ASA, the site of the famous Prize nobelpeaceprize.org "was first suffered an attack that has to inject an iframe pointing to a malicious server.
This server then issues a variety of exploits targeting (and first) only the Firefox browser. One of the achievements is taking control away from Firefox 3.6.11.
To force the installation of malware, attackers exploited a flaw-type "competitive situation" (in English "race condition"). Attack complex that plays on the execution order of instructions, an order which provides different results.
The malicious Windows executable that is installed and then tries to query multiple internet addresses.
If one of them meets the malware launches Shell and open the socket, and gives the attacker access to the victim's computer with the same rights as the logged user.
Mozilla provides a patch is being prepared to plug this loophole.
Meanwhile, installing NoScript extension is recommended to restrict the execution of JavaScript to trusted sites.
Many analysts see clearly the hand of Beijing in this case.
The attack came just three weeks after the Chinese dissident Liu Xiaobo (described as "criminal" by Beijing), has been crowned winner of the Nobel Peace 2010.
Sources :
Certificates
Categories
- Ansermot.ch (13)
- Community (99)
- Development (258)
- Misc (24)
- Projects (23)
- Bullet Proof Lib (4)
- FireStats Charts (12)
- WordPress Blog Farmer (4)
- WP Page Qr (3)
- Social (27)
- System (114)