Tag: warning

Vista SP1 and XP SP3 Vulnerability Hit by Malware

November 06, 2008 by Jason

Microsoft issued a warning related to the detection of new examples of malicious code in attacks attempting to exploit a vulnerability affecting various Windows client and server releases. In October, the Redmond giant put out an out-of-band security patch designed to plug a vulnerability residing in the Server Service on Windows systems. According to the company, a successful exploit of the security flaw would lead to remote code execution. The patch was released on October 23, 2008, and will render attacks useless.

“We have seen some new pieces of malware attempting to exploit this vulnerability this week. And while so far, none of these attacks are the broad, fast-moving, self-replicating attacks people usually think of when they hear the word ‘worm,’ they do underscore the importance of deploying this update if you haven’t already,†revealed Security Response Communications Lead, Christopher Budd.

Budd indicated that Microsoft was seeing consistent deployments of the MS08-067 patch, and urged customers that had failed to update so far to do so as soon as possible. At the same time, Microsoft provided a list of malware built to exploit the Server Service vulnerability, including: Read More»

Posted in Windows Vista, Windows XP | 1 Comment »

Firefox Extension Boosts Browser Security

August 27, 2008 by Jason

The Carnegie-Mellon University (CMU) made available a Firefox extension developed at their School of Computer Science and College of Engineering that improves security in Firefox by protecting against man-in-the-middle attacks. The extension, named Perspectives, is available only for Firefox 3 and works on Windows, Linux (32-bit) and OS X (Intel), with support for Linux (64-bit) and Open Solaris being in the experimental stage of development.

A man-in-the-middle attack is performed by intercepting the traffic between a user and a resource that he is trying to access. This can be achieved by exploiting several vulnerabilities, like the latest DNS cache poisoning or GMail accounts hacking incidents show.

When accessing a server resource using secure protocols like SSL or SSH, a correct identification of the server is required. This is achieved through digitally signed certificates. Due to the fact that certificates issued by trusted authorities like VeriSign are expensive, it became common practice for small businesses and websites to use self-signed certificates. Read More»

Posted in Firefox | No Comments »