Rap Sheets on Top Software Vendors
A new online resource aims to make it easier to gauge the relative security risk of using different types of popular software, such as Web browsers and media players.
Tag Archives: firefox
What You Should Know About History Sniffing
Researchers have discovered that dozens of Web sites are using simple Javascript tricks to snoop into visitors’ Web browsing history. While these tricks are nothing new, they are in the news again, so it’s a good time to remind readers about ways to combat this sneaky behavior.
Why Counting Flaws is Flawed
Once or twice each year, some security company trots out a “study” that counts the number of vulnerabilities that were found and fixed in widely used software products over a given period and then pronounces the most profligate offenders in a Top 10 that is supposed to tell us something useful about the relative security of these programs. And nearly without fail, the security press parrots this information as if it were newsworthy.
Nobel Peace Prize Site Serves Firefox 0day
The Web site for the Nobel Peace Prize has been serving up malicious software that takes advantage of a newly-discovered security hole in Mozilla Firefox, computer security experts warned today. Oslo-based Norman ASA warned that visitors who browsed the Nobel… Read More »
Adobe, Apple Issue Security Updates
Adobe and Apple have released security updates or alerts in the past 24 hours. Adobe has pushed out a critical patch that fixes at least 20 vulnerabilities in its Shockwave Player, while Apple issued updates to correct 13 flaws in Mac OS X systems.
Security Updates for Firefox, Opera Browsers
Mozilla has shipped a new version of Firefox that corrects a number of vulnerabilities in the browser. Separately, a new version of Opera is available that fixes at least five security flaws in the software. Firefox version 3.6.4 addresses seven… Read More »
Mozilla Plugin Check Now Does Windows (Sort of)
Mozilla’s Plugin Check Web site, which inspects Firefox browsers for outdated and insecure plugins, now checks other browsers — including Apple’s Safari, Google’s Chrome, Opera, and (to a far lesser extent) even Internet Explorer.
Revisiting the Eleonore Exploit Kit
Not long after I launched this blog, I wrote about the damage wrought by the Eleonore Exploit Kit, an increasingly prevalent commercial hacking tool that makes it easy for criminals to booby-trap Web sites with malicious software. That post generated tremendous public interest because it offered a peek at the statistics page that normally only the criminals operating these kits get to see.
I’m revisiting this topic again because I managed to have a look at another live Eleonore exploit pack panel, and the data seems to reinforce a previous hunch: Today’s attackers care less about the browser you use and more about whether your third-party browser add-ons and plugins are up-to-date.
Rogue Antivirus Gangs Seize on McAfee Snafu
Purveyors of rogue anti-virus, a.k.a. “scareware,” often seize upon hot trending topics in their daily efforts to beef up the search engine rankings of their booby-trapped landing pages. So it’s perhaps no surprise that these scammers are capitalizing on search terms surrounding McAfee, which just yesterday shipped a faulty anti-virus update that caused serious problems for a large number of customers.
Mozilla Disables Insecure Java Plugin in Firefox
Mozilla is disabling the Java Development Toolkit plugin for Firefox users, in a bid to block attacks against a newly-discovered Java security hole that attackers have been exploiting of late to install malicious code.
