Just gotta love the Mozilla developers! Within A DAY Firefox has been updated to repair a nasty JavaScript security hole being exploited out In-The-Wild. So go grab the thing and update NOW:
Firefox v3.6.12 (English, US)
Thank you Mozilla!
--
Showing posts with label Firefox. Show all posts
Showing posts with label Firefox. Show all posts
Wednesday, 27 October 2010
Firefox v3.6.12 Released <- Important security patch
--
Just gotta love the Mozilla developers! Within A DAY Firefox has been updated to repair a nasty JavaScript security hole being exploited out In-The-Wild. So go grab the thing and update NOW:
Firefox v3.6.12 (English, US)
Thank you Mozilla!
--
Just gotta love the Mozilla developers! Within A DAY Firefox has been updated to repair a nasty JavaScript security hole being exploited out In-The-Wild. So go grab the thing and update NOW:
Firefox v3.6.12 (English, US)
Thank you Mozilla!
--
Firefox v3.5 & v3.6 Zero-Day Exploit: JavaScript Hell
--
An active zero-day exploit of Firefox versions 3.5 and 3.6 been found In-The-Wild. (The current version of Firefox is v3.6.11). Specifically, the Nobel Peace Prize website injects malware into victim computers via a newly discovered Firefox security hole. So far, the malware being injected is the Windows-only Trojan horse Belmoo-A. However, the injected malware could just as easily be any of the current Mac OS X Trojans.
Note of course that Trojan horses are inert until a 'LUSER' runs and installs them, providing it with their computer's Administrator password.
Firefox are aware of the situation and are working on a patch. In the meantime, they recommend the workaround of disabling JavaScript (aka ECMAScript), or installing and using the Firefox add-on NoScript. I use NoScript. I love it! I never leave my homepage without it.
As per usual, JavaScript is the bane of the Internet. However, Java isn't fairing too well either, much to everyone's dismay. I'll be writing about Java's security ills early next month.
--
An active zero-day exploit of Firefox versions 3.5 and 3.6 been found In-The-Wild. (The current version of Firefox is v3.6.11). Specifically, the Nobel Peace Prize website injects malware into victim computers via a newly discovered Firefox security hole. So far, the malware being injected is the Windows-only Trojan horse Belmoo-A. However, the injected malware could just as easily be any of the current Mac OS X Trojans.
Note of course that Trojan horses are inert until a 'LUSER' runs and installs them, providing it with their computer's Administrator password.
Firefox are aware of the situation and are working on a patch. In the meantime, they recommend the workaround of disabling JavaScript (aka ECMAScript), or installing and using the Firefox add-on NoScript. I use NoScript. I love it! I never leave my homepage without it.
As per usual, JavaScript is the bane of the Internet. However, Java isn't fairing too well either, much to everyone's dismay. I'll be writing about Java's security ills early next month.
--
Thursday, 15 July 2010
Firefox Add-On Security Alert! Mozilla Sniffer, CoolPreviews, Master Filer
--
Graham Cluley at Sophos.com has provided a great article at his blog about BAD Add-Ons for Firefox. The most recent is nasty spyware, another is infected with a spyware Trojan horse, and the last has a potentially dangerous security hole that could lead to PWNing your machine:
Mozilla pulls password-sniffing Firefox add-on
All of these Firefox Add-Ons have been blocked from distribution by Mozilla. But if you happen to have them laying around or have installed them: Kill them.
Mozilla Sniffer: It has been available since June 6, 2010. It spies on Internet passwords you enter in Firefox and sends them to nefarious fiends.
Master Filer: The infected version has been available since earlier in 2010. It is infected with the LdPinch Trojan horse, which also steals your Internet passwords and sends them to nefarious fiends.
CoolPreviews: Versions 1.0 through 3.0.1 have a demonstrated security vulnerability that could allow run malicious code on your computer. (Sounds like a typical buffer overflow problem). Proof-of-concept code has been created that demonstrates how to perform the hack. Therefore, it is critical to update to the latest version of CoolPreviews.
There have been other BAD Add-Ons as well, all of which Mozilla have blocked from distribution.
As a side note:
This same sort of problem has been plaguing the Android community whereby anyone can post anything as an application, including crapware and malware. As with Mozilla, Google have no formal system for approving or filtering bad software apart from reports from users. Therefore, it is likely that a number of people are going to be victims of BAD software before it is removed from distribution.
To be honest, this lack of formal software scrutiny system is what we are all used to in the general computer community. The best workarounds have been the use of websites like MacUpdate, VersionTracker, TuCows, MajorGeeks, etc., where either the site managers or other users have tried and rated the software.
For better or worse, Apple now use a formal scrutiny system at their App Store for the iPhone, iPod Touch and iPad. If you download a CrapApp onto your iOS device, you can point fingers at Apple for messing up. Microsoft have had a copycat scrutiny system for their Zune thing app store and plan the same thing for their Windows Phone 7ista OS thingies. Meanwhile, for all other devices, it is that mean old adage: Caveat emptor, IOW Downloader Beware.
--
Graham Cluley at Sophos.com has provided a great article at his blog about BAD Add-Ons for Firefox. The most recent is nasty spyware, another is infected with a spyware Trojan horse, and the last has a potentially dangerous security hole that could lead to PWNing your machine:
Mozilla pulls password-sniffing Firefox add-on
All of these Firefox Add-Ons have been blocked from distribution by Mozilla. But if you happen to have them laying around or have installed them: Kill them.
Mozilla Sniffer: It has been available since June 6, 2010. It spies on Internet passwords you enter in Firefox and sends them to nefarious fiends.
Master Filer: The infected version has been available since earlier in 2010. It is infected with the LdPinch Trojan horse, which also steals your Internet passwords and sends them to nefarious fiends.
CoolPreviews: Versions 1.0 through 3.0.1 have a demonstrated security vulnerability that could allow run malicious code on your computer. (Sounds like a typical buffer overflow problem). Proof-of-concept code has been created that demonstrates how to perform the hack. Therefore, it is critical to update to the latest version of CoolPreviews.
There have been other BAD Add-Ons as well, all of which Mozilla have blocked from distribution.
As a side note:
This same sort of problem has been plaguing the Android community whereby anyone can post anything as an application, including crapware and malware. As with Mozilla, Google have no formal system for approving or filtering bad software apart from reports from users. Therefore, it is likely that a number of people are going to be victims of BAD software before it is removed from distribution.
To be honest, this lack of formal software scrutiny system is what we are all used to in the general computer community. The best workarounds have been the use of websites like MacUpdate, VersionTracker, TuCows, MajorGeeks, etc., where either the site managers or other users have tried and rated the software.
For better or worse, Apple now use a formal scrutiny system at their App Store for the iPhone, iPod Touch and iPad. If you download a CrapApp onto your iOS device, you can point fingers at Apple for messing up. Microsoft have had a copycat scrutiny system for their Zune thing app store and plan the same thing for their Windows Phone 7ista OS thingies. Meanwhile, for all other devices, it is that mean old adage: Caveat emptor, IOW Downloader Beware.
--
Friday, 21 May 2010
Tracking Cookies:Google Offers Opt-Out
--
In keeping with the "bad news travels fast; good news is forgotten" theory, I dug up something quite good today that was only whispered in the tech news: Google lived up to their motto this past March and started offering opt-out options and tools for being free from being followed by their Tracking Cookies. Imagine that.
Not that I actually care, since I've been blocking Tracking Cookies on my web browsers for over a decade. And not that your average Internet surfer is going to notice. Google aren't exactly advertising their kind gesture.
If you've read my previous posts on Tracking Cookies you already know what to do: TURN OFF third party cookies in your web browser settings. On Mac, every browser worth using has this setting available in its Preferences under various descriptions. Here are some examples:
iCab Preferences:
In keeping with the "bad news travels fast; good news is forgotten" theory, I dug up something quite good today that was only whispered in the tech news: Google lived up to their motto this past March and started offering opt-out options and tools for being free from being followed by their Tracking Cookies. Imagine that.
Not that I actually care, since I've been blocking Tracking Cookies on my web browsers for over a decade. And not that your average Internet surfer is going to notice. Google aren't exactly advertising their kind gesture.
If you've read my previous posts on Tracking Cookies you already know what to do: TURN OFF third party cookies in your web browser settings. On Mac, every browser worth using has this setting available in its Preferences under various descriptions. Here are some examples:
Safari Preferences:
OmniWeb Preferences:
Camino Preferences:
FireFox Preferences:
iCab Preferences:
Opera Preferences:
. . .
For the sake of review,
What Are Tracking Cookies?
Wikipedia.org has a very good description of them HERE.
My rendition:
Fried SPAM with cute little colored sprinkles on top. Or if you prefer sushi, how about:
Marketing people, ideally, like to help people find what they need and want. (These days we know that is generally NOT the case, thank you MBA degree mills. But I cover that subject over at my zunipus blog). The modern ideal in marketing is to follow you every minute of the day and offer you sales opportunities everywhere you go that are tailored just for you.
There are some marketing people who would be most pleased to implant a chip under your skin that triggers off automatic ads with potential sales opportunities around every corner. Some people believe this will trigger the end of the world. What a revelation. Darn, you got chip ID #666? That's not good.
Since it is illegal to 'chip' anyone in our current age, the next best thing is to 'chip' your web browser. This allows marketing people to follow you around on the Internet and trigger off automatic ads with every click.
The 'chip' in your browser is called a 'cookie', formerly 'magic cookie'. Thank Lou Montulli of Netscape for the concept and name. Cookies are actually very benign in concept. They allow the sharing of basic information between you and specific websites. For example, they are able to hold your ID and password at the Apple Store. They can also feed back to each specific website where you visited within that website. Amazon make very good use of cookies, suggesting books, music, electronics, etc., that fit within your demonstrated interests while navigating their site. It can help you find things you never knew existed.
Where cookies become evil is when they are shared among many sites. These are Tracking Cookies. Google is the King of Tracking Cookies. What you end up with is a syndicate of websites, all associated with one marketing hub, such as Google, who all share their cookie data with one another via ubiquitous Tracking Cookies. This means that your Google web searches end up with Targetted Ads aimed particularly at you.
Suppose you went to Amazon.com and went shopping for sex toys. Thanks to Google's Tracking Cookies, now the entire syndicate of Google associated web shops knows. So now you get ads for vibrators on your Google search pages. You go to SuperDuperWhatever.com for the very first time and up pop ads for warming gels, various stimulation pills, elongated probing instruments, on and on.
If this all sounds entirely offensive and invasive of your privacy, you're not alone. I personally don't give a rat's about marketing data collection, no matter what 'opportunities' they may offer. When I want something I go out and research it, all on my own, and typically end up buying the best product at the cheapest price entirely due to my efforts. No ads required. To me, advertising is a distraction at best. Therefore, my web browsers are maxed out with ad blocking plugins and settings. Even in situations where anti-ad measures fail, my brain is so used to marketing 'opportunities' on both the real and virtual landscapes that I quite literally don't see them. They don't exist in my mind's eye. There are 'subliminal' marketing theories of course, but every one of them fails from my POV.
Example:
My parents freak out whenever I visit them because I never bother to mute the TV ads. Why do I do that? I literally don't notice them! I don't care what they say. If I pay attention at all it is typically to mock them, they are usually so ridiculous and predictable. The only exceptions are abusive ads. I pick up on them rather quickly and take note of what they're selling in order that I never buy it. I also enjoy collecting examples of abusive ads. I often post perpetrators of what I call 'AD BLASTING' and 'AD SLAMMING' over at my zunipus blog. For some reason, my personality is particularly offended by any form of human abuse. Maybe it's because I'm human. With the plethora of psychopaths in world politics, religion and biznizz these days you have to wonder how many humans are left on Earth. But I rant.
We humans always discover and create new ways to thwart other people's bad choices. Blocking Tracking Cookies is simple because just about every web browser provides a method. Set it once and forget it. Happiness shall be yours young apprentice.
Well, there is one drawback: Advertising isn't going away.
You'll still be hit with it everywhere you go IRL or WWW. But instead of the ads targeting specificially you, they'll simply be generic. Darn! You'll just have to settle for having your privacy.
--
What Are Tracking Cookies?
Wikipedia.org has a very good description of them HERE.
My rendition:
Fried SPAM with cute little colored sprinkles on top. Or if you prefer sushi, how about:
Marketing people, ideally, like to help people find what they need and want. (These days we know that is generally NOT the case, thank you MBA degree mills. But I cover that subject over at my zunipus blog). The modern ideal in marketing is to follow you every minute of the day and offer you sales opportunities everywhere you go that are tailored just for you.
There are some marketing people who would be most pleased to implant a chip under your skin that triggers off automatic ads with potential sales opportunities around every corner. Some people believe this will trigger the end of the world. What a revelation. Darn, you got chip ID #666? That's not good.
Since it is illegal to 'chip' anyone in our current age, the next best thing is to 'chip' your web browser. This allows marketing people to follow you around on the Internet and trigger off automatic ads with every click.
The 'chip' in your browser is called a 'cookie', formerly 'magic cookie'. Thank Lou Montulli of Netscape for the concept and name. Cookies are actually very benign in concept. They allow the sharing of basic information between you and specific websites. For example, they are able to hold your ID and password at the Apple Store. They can also feed back to each specific website where you visited within that website. Amazon make very good use of cookies, suggesting books, music, electronics, etc., that fit within your demonstrated interests while navigating their site. It can help you find things you never knew existed.
Where cookies become evil is when they are shared among many sites. These are Tracking Cookies. Google is the King of Tracking Cookies. What you end up with is a syndicate of websites, all associated with one marketing hub, such as Google, who all share their cookie data with one another via ubiquitous Tracking Cookies. This means that your Google web searches end up with Targetted Ads aimed particularly at you.
Suppose you went to Amazon.com and went shopping for sex toys. Thanks to Google's Tracking Cookies, now the entire syndicate of Google associated web shops knows. So now you get ads for vibrators on your Google search pages. You go to SuperDuperWhatever.com for the very first time and up pop ads for warming gels, various stimulation pills, elongated probing instruments, on and on.
If this all sounds entirely offensive and invasive of your privacy, you're not alone. I personally don't give a rat's about marketing data collection, no matter what 'opportunities' they may offer. When I want something I go out and research it, all on my own, and typically end up buying the best product at the cheapest price entirely due to my efforts. No ads required. To me, advertising is a distraction at best. Therefore, my web browsers are maxed out with ad blocking plugins and settings. Even in situations where anti-ad measures fail, my brain is so used to marketing 'opportunities' on both the real and virtual landscapes that I quite literally don't see them. They don't exist in my mind's eye. There are 'subliminal' marketing theories of course, but every one of them fails from my POV.
Example:
My parents freak out whenever I visit them because I never bother to mute the TV ads. Why do I do that? I literally don't notice them! I don't care what they say. If I pay attention at all it is typically to mock them, they are usually so ridiculous and predictable. The only exceptions are abusive ads. I pick up on them rather quickly and take note of what they're selling in order that I never buy it. I also enjoy collecting examples of abusive ads. I often post perpetrators of what I call 'AD BLASTING' and 'AD SLAMMING' over at my zunipus blog. For some reason, my personality is particularly offended by any form of human abuse. Maybe it's because I'm human. With the plethora of psychopaths in world politics, religion and biznizz these days you have to wonder how many humans are left on Earth. But I rant.
We humans always discover and create new ways to thwart other people's bad choices. Blocking Tracking Cookies is simple because just about every web browser provides a method. Set it once and forget it. Happiness shall be yours young apprentice.
Well, there is one drawback: Advertising isn't going away.
You'll still be hit with it everywhere you go IRL or WWW. But instead of the ads targeting specificially you, they'll simply be generic. Darn! You'll just have to settle for having your privacy.
--Thursday, 25 March 2010
64-bit 7ista Twice Hacked via both IE 8 and Firefox 3!The End Is Nigh!
I should also mention that both Mac OS X 10.6 Snow Leopard and the iPhone got hacked via Safari. Just doing a little back-at-you priority swapping. These days it is a BIG DEAL when Mac OS X gets hacked because of its reputation as the safest GUI OS on the planet. Hacking Windows is ho hum because it happens every day.
Here are some links to somewhat detailed articles about the Day 1 results from the Pwn2Own contest at CanSecWest 2010 in Vancouver, Canada:
TippingPoint blog.
CNet.
MacWorld.
The contest still has two more days of hacking to go. But here is the current list of winners from Day 1:
PWNED! Vincenzo Iozzo and Ralf Philipp Weinmann - iPhoneCongratulations to all the hackers and thank you for making it clear that Internet surfing can be dangerous no matter the operating system or web browser. Details of each zero day hack are not published until they have been addressed by the companies or groups in charge of affected programs and operating systems. When the Mac OS X hacks have been published, I'll report them and provide links here.
PWNED! Charlie Miller - Safari [on Mac OS X 10.6]
Nils - Safari (Prize Claimed) [on Mac OS X 10.6]
PWNED! Peter Vreugdenhil - Internet Explorer 8 [on 7ista]
MemACCT - Internet Explorer 8 (Prize Claimed) [on 7ista]
Anonymous - Nokia
Anonymous - iPhone (Prize already won)
PWNED! Nils - Firefox [on 7ista]
I'll also post more from CanSecWest as it progresses. Dr. Charlie Miller will be presenting his 20 Mac OS X 10.6 Snow Leopard hacks.
The successful hacking of Windows 7ista is of particular interest because it involved bypassing the much lauded ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention) built into 7ista. So much for those security technologies!
In each hack the victim computers were directed to websites containing exploit code. I'm going to hazard a wild guess that the sites used code written at least in part in the catastrophic mess known as ECMAScript, aka JavaScript/JScript. Readers of this blog will already know my low opinion of this scripting language and my desire that it be banished from the Internet forever. Listeners to the SecurityNow Podcast know that Steve Gibson of Gibson Research Corporation (GRC) called out ECMAScript as dangerous years ago. He recommends surfing the net with scripting turned OFF in all web browsers by default, only turning it on at trusted websites.
Java exploits are also well known at this time, indicating the need to also turn off Java while surfing the net, except again at trusted websites. What a shame.(Note that JavaScript and Java have nothing whatsoever to do with each other apart from a similar name caused by a marketing moron deal between Netscape and Sun Microsystems, both companies now defunct).
Saturday, 25 July 2009
July's Round of Critical Adobe Vulnerabilities: New, Fresh, Dangerous
--
For those of you who took earlier advice from Intego or myself and killed off ADOBE READER, good work, because Adobe have released yet-another CRITICAL SECURITY ADVISORY! But this time it also includes FLASH as well as Acrobat. You knew it had to happen. Tsk tsk Adobe.
Here is where you can read all about it. I'm not going to quote the advisory. Just know that it was written by someone who is Windows-centric and it provides NO HELP for Mac users. Brilliant! Typical! ... As they say in Britain.
So I came up with my own stopgap probably sort of solution if you insist upon keeping Adobe Reader, Acrobat and the Flash Plug-in on your system. I originally posted this over at MacDailyNews.com. Please note that the preference setting names in Acrobat can be slightly different from the names I provide here for Adobe Reader. Otherwise, the setting changes are identical:
(If you really need to view web page embedded Flash files, try using FireFox running with the latest version of the DownloadHelper extension and download them onto your computer. I love it. Extra crunchy. Also be sure to use the NoScript extension for added safety from bad JavaScript. And be super duper safe by adding on the McAfee SiteAdvisor extension. And to have almost god-like security be sure to add in ...).
--
For those of you who took earlier advice from Intego or myself and killed off ADOBE READER, good work, because Adobe have released yet-another CRITICAL SECURITY ADVISORY! But this time it also includes FLASH as well as Acrobat. You knew it had to happen. Tsk tsk Adobe.
Here is where you can read all about it. I'm not going to quote the advisory. Just know that it was written by someone who is Windows-centric and it provides NO HELP for Mac users. Brilliant! Typical! ... As they say in Britain.
So I came up with my own stopgap probably sort of solution if you insist upon keeping Adobe Reader, Acrobat and the Flash Plug-in on your system. I originally posted this over at MacDailyNews.com. Please note that the preference setting names in Acrobat can be slightly different from the names I provide here for Adobe Reader. Otherwise, the setting changes are identical:
WHAT TO DO, my best guesstimation:Alternatives: Use Apple's Preview to open, view and create PDF files. To play Flash files that are not stuck in web pages, I use MPEG Streamclip. For web page embedded Flash files, you're hosed. Sorry. Write hate mail to Adobe.
Since the information Adobe provided is Windows-centric and a total FAIL for Mac users, seeing as Mac OS X has no-such-thing as .dll files, here is what I guesstimate is what's required to stop this vulnerability:
1) In Adobe Reader Preferences, go to "Multimedia Trust (Legacy)" and UNCHECK "Allow Multimedia Operations". That should kill running any Flash crap in PDF files.
2) In the Preferences, go to "Trust Manager" and UNCHECK "Allow opening of non-PDF file attachments with external applications". That should prevent any embedded Flash crap from running anywhere else on your computer as well.
3) In the Preferences, go to "JavaScript" and UNCHECK "Enable Acrobat JavaScript". That will disable a PDF from even being able to call the Flash plug-in for embedded Flash crap. (Considering the sewer of malware code that JavaScript has become, thank you Microsoft, I'd leave JavaScript off FOREVER if you want to seriously be safe).
*** Or to be extra special safe: Delete BOTH Adobe Reader AND their Flash plug-in from your computer. :-)
AND! Delete these folders, if you've got them:
/Applications/Utilties/Adobe Utilities/Adobe Updater5
and
/Applications/Utilties/Adobe Utilities/Adobe Updater6
AND AND! To be extra special safe, do a Get Info on the Adobe Utilities folder, noted above, and LOCK IT! This will prevent any installers from replacing the nasty Adobe Updater folders and the auto-installation garbage they contain, preventing Adobe from reinstalling Adobe Reader or Flash.
RIP Adobe insecure buggy crapware. :-P
NOTE: If you use other Adobe software, be sure to DIY check for updates on Adobe's website regularly. Adobe has some great software! But they also make some crap insecure software. Protect yourself. :-D
(If you really need to view web page embedded Flash files, try using FireFox running with the latest version of the DownloadHelper extension and download them onto your computer. I love it. Extra crunchy. Also be sure to use the NoScript extension for added safety from bad JavaScript. And be super duper safe by adding on the McAfee SiteAdvisor extension. And to have almost god-like security be sure to add in ...).
--
Friday, 20 March 2009
Pwn2Own Browsers Hacked: IE 8, "Safari" and "Firefox"
--
This time of year is now one of traditional contention. It's time for Pwn2Own at CanSecWest. It is a fun contest held among security experts to crack the chosen subjects for each year. This year a selection of web browsers was used.
Of course after the contest there is lots of snickering and gossip. But for better or worse, what exactly happened at the contest is rarely revealed, meaning that the specific cracks used are not allowed to be published so they can be provided to the programmers of the cracked software for consideration and patching.
Questionable aspect of this year's contest: Windows 7ista was used in PC testing. It's in beta.
Losers so far this year:
1) "Safari" for Mac. I use quotes as I have not been able to find what version was used. Presumably it is the latest public release, and not the version 4 beta. It was cracked within 2 minutes. How cracked? Unstated. My speculation: That hell hole known as "JavaScript" which these days includes JScript, a holey mess perpetrated by Microsoft. Apple have consistently had JavaScript security problems, starting with QuickTime in 2006 over at MySpace.
2) "Firefox". Again I use quotes as I have not found the version number. Neither do I know which platform, which may well mean both Mac and PC. How cracked? Unstated.
3) Internet Explorer 8.0. This browser was JUST released. Oops. It should have stayed in beta. Again, specifics of the crack have not been made public.
For further details, keep an eye on the Security Watch blog at PC Magazine and the TippingPoint DVLabs blog. You can also follow TippingPoint's Twittering. The contest will conclude later today (Friday, 2009-03-20).
--
This time of year is now one of traditional contention. It's time for Pwn2Own at CanSecWest. It is a fun contest held among security experts to crack the chosen subjects for each year. This year a selection of web browsers was used.
Of course after the contest there is lots of snickering and gossip. But for better or worse, what exactly happened at the contest is rarely revealed, meaning that the specific cracks used are not allowed to be published so they can be provided to the programmers of the cracked software for consideration and patching.
Questionable aspect of this year's contest: Windows 7ista was used in PC testing. It's in beta.
Losers so far this year:
1) "Safari" for Mac. I use quotes as I have not been able to find what version was used. Presumably it is the latest public release, and not the version 4 beta. It was cracked within 2 minutes. How cracked? Unstated. My speculation: That hell hole known as "JavaScript" which these days includes JScript, a holey mess perpetrated by Microsoft. Apple have consistently had JavaScript security problems, starting with QuickTime in 2006 over at MySpace.
2) "Firefox". Again I use quotes as I have not found the version number. Neither do I know which platform, which may well mean both Mac and PC. How cracked? Unstated.
3) Internet Explorer 8.0. This browser was JUST released. Oops. It should have stayed in beta. Again, specifics of the crack have not been made public.
For further details, keep an eye on the Security Watch blog at PC Magazine and the TippingPoint DVLabs blog. You can also follow TippingPoint's Twittering. The contest will conclude later today (Friday, 2009-03-20).
--
Subscribe to:
Posts (Atom)