Category: Security

Mozilla confirms 0-day Firefox flaw

Posted by Nexus – 23/03/2010

The Mozilla Foundation has confirmed the existence of a critical zero-day vulnerability in its popular Firefox web-browser – but says a fix won’t arrive before the end of the month.

Posting on its official security blog, the Foundation confirmed a vulnerability which it has “determined to be critical and [which] could result in remote code execution by an attacker.”

The good news? The Foundation has already developed a fix, which is currently undergoing quality assurance testing prior to a general roll-out. The bad news? That roll-out isn’t due for at least a week, potentially leaving Firefox users vulnerable to attack.

Read the full post

Category: Internet, Security, Software
Tags: 0 day, bug, code, Computers, Evgeny Legerov, firefox, flaw, free software, internet explorer, microsoft, mozilla, mozilla foundation, open-source, Security, security researcher, thunderbird, vulnerability, web browser
Leave a reply

iPhone raises Privacy concerns: it records screenshots every time you hit the home button

Posted by Nexus – 10/03/2010

[via networkworld.com]

iPhone hacker, author, and data forensics expert Jonathan Zdziarski, aka. “NerveGas”, revealed a major privacy issue with the iPhone on a webcast yesterday. He disclosed that every time a user pushes the Home button on the iPhone it takes a screenshot of whatever you are doing at that moment. This is done so that Apple can create that cool, page disappearing animation they have. The problem is that these screenshots are saved and can be recovered using basic iPhone forensic techniques like the ones that Zdziarski writes about in his new book.

Read the full post

Category: Mobile devices, Security, Software
Tags: apple, concerns, crack, custom, firmware, iphone, Jonathan Zdziarski, passcode cracker, privacy, screenshot
Leave a reply

‘Severe’ OpenSSL vulnerability busts public key crypto

Posted by Nexus – 09/03/2010

[via theregister.co.uk]

Computer scientists say they’ve discovered a “severe vulnerability” in the world’s most widely used software encryption package that allows them to retrieve a machine’s secret cryptographic key.

The bug in the OpenSSL cryptographic library is significant because the open-source package is used to protect sensitive data in countless applications and operating systems throughout the world. Although the attack technique is difficult to carry out, it could eventually be applied to a wide variety of devices, particularly media players and smartphones with anti-copying mechanisms.

Read the full post

Eternal Code

Horrendously left-wing news from across the Internets

Category: Security

Mozilla confirms 0-day Firefox flaw

iPhone raises Privacy concerns: it records screenshots every time you hit the home button

‘Severe’ OpenSSL vulnerability busts public key crypto

Links

Meta