A new attack, dubbed Gifar by their creators named after the two file types that they mixed to create the attack (Gif and Jar), was mentioned in a Black Hat Sneak Preview article over at ZDnet. While not everything was revealed in that preview article it mentioned that the developers were able to combine two [...]

>>Permalink

In a recently released research paper Stefan Frei, Thomas Dübendorfer, Gunter Ollmann and Martin May analyzed Google Search Engine logs between January 2007 and June 2008 to understand the web browser threat. The research paper brought up some interesting figures including worldwide browser usage, number of users with the latest version of the browser and [...]

>>Permalink

A security vulnerability came to light recently that affects Internet Explorer 6, Internet Explorer 7 and even Internet Explorer 8 that can be used to record keystrokes of a user even if he is switching domains. That means that a specifically prepared website can launch some Javascript that records everything the user does afterwards including [...]

>>Permalink

Torrentfreak are reporting that two vulnerabilities have been discovered in VLC Player which allow execution of arbitrary code. The second vulnerability has already been fixed in the newest version of VLC which is available for download on the developers homepage. The first vulnerability however can be exploited to cause stack-based buffer overflows when loading subtitles [...]

>>Permalink

Internet Explorer with an installed version of Real Player beware. A vulnerability has been discovered recently which could allow remote code execution. According to Zdnet users should either switch browsers for the time until an patch is released or disabling killbits for two Active X classes. They forgot to mention the third option which would [...]

>>Permalink