Posted by
Nexus – 23/03/2010
[via bit-tech.net]
The Mozilla Foundation has confirmed the existence of a critical zero-day vulnerability in its popular Firefox web-browser – but says a fix won’t arrive before the end of the month.
Posting on its official security blog, the Foundation confirmed a vulnerability which it has “determined to be critical and [which] could result in remote code execution by an attacker.”
The good news? The Foundation has already developed a fix, which is currently undergoing quality assurance testing prior to a general roll-out. The bad news? That roll-out isn’t due for at least a week, potentially leaving Firefox users vulnerable to attack.
Posted by
Nexus – 09/03/2010
[via theregister.co.uk]
Computer scientists say they’ve discovered a “severe vulnerability” in the world’s most widely used software encryption package that allows them to retrieve a machine’s secret cryptographic key.
The bug in the OpenSSL cryptographic library is significant because the open-source package is used to protect sensitive data in countless applications and operating systems throughout the world. Although the attack technique is difficult to carry out, it could eventually be applied to a wide variety of devices, particularly media players and smartphones with anti-copying mechanisms.
Posted by
Nexus – 01/02/2010
[via bit-tech.net]
Google is to pay up to $1,337 for each confirmed vulnerability in Chrome or Chromium - although it's first come, first served.
Google has begun paying for software vulnerabilities in its Chromium project – the open-source version of its Chrome browser – in an attempt to interest security researchers.
According to a post on the official Chromium blog – via PC World – the advertising giant is looking to pay $500 (£313) per confirmed vulnerability found in the Chromium codebase, as used in the Chrome browser for Windows, Mac, and Linux and also in the still-early Linux-based Chrome OS.
