twitter facebook rss

Next week’s Java security update may be incompatible with XP

Posted by Kevin on July 3, 2014

The next Java update is due to be released next week. There is growing concern that it will be incompatible with XP. Danish security firm Heimdal commented today, Users will be able to upgrade, but after the upgrade the applet won’t be able to load on Microsoft’s ageing Windows XP platform. So far installation has […]

XSS full disclosure lives on

Posted by Kevin on June 29, 2014

When John Cartwright closed the Full Disclosure mailing list earlier this year, it was quickly re-established by Fyodor. Full disclosure lives on. But the mailing list was not the only full disclosure outlet to end — XSSed ground to a halt at around the same time. Now that too has been resurrected in the form […]

A new exploit for TimThumb – widely used in WordPress

Posted by Kevin on June 26, 2014

Last week there was a serious flaw found in the code behind TimThumb, an image re-sizing library commonly used in premium themes. Because the code is commonly embedded in themes it’s not easy to discretely update like it would be if the code were a plugin, and even when a theme is updated people are […]

Out of band ’emergency’ patch issued by Microsoft

Posted by Kevin on June 19, 2014

Microsoft issued a patch this Tuesday. This is not Patch Tuesday week — so by definition, this was an emergency patch. But if you read the advisory, it doesn’t sound that urgent. The vulnerability could lead to a denial of service attack. In the collective consciousness, DoS is considered an inconvenience (of varying severity) rather […]

JavaScript: New Privacy/Security Threat

Posted by Alexander Hanff on June 13, 2014

  Recently, a developer I know reasonably well contacted me to show me a new JavaScript library he had written which exposes information on all network adapters and connections on a PC. This code was able to detect -all- network adapters along with the IP addresses assigned to them including virtual adapters. This means that […]