Sunday, August 20, 2006

Yahoo fixes Web mail bug

Yahoo fixes Web mail bug
August 17, 2006 2:47 PM PDT
Web giant Yahoo has fixed a security flaw in its Yahoo Mail service that exposed user accounts to cyberattacks.

The flaw involves how Yahoo Mail handles attachments and was discovered in early August by Israeli security company Avnet, according to various online news reports. An attacker could hijack a user's account after a malicious attachment was opened, these reports said.

"Online security issues are taken very seriously at Yahoo. We developed a fix for this bug and deployed it last week," a Yahoo representative said Thursday.

Because Yahoo Mail is a hosted service, users don't have to take any action to be protected against potential attacks that exploit the flaw, the representative said. "There were no documented cases of this vulnerability being exploited prior to our fix being released," the representative said.

The flaw could let an attacker craft an HTML attachment to an e-mail and bypass Yahoo Mail's security filter to execute malicious JavaScript code, according to an IDG News Service report Thursday.


Posted by Joris Evers
Read More

Saturday, August 12, 2006

Hackers Expose 'Critical' Wi-Fi Driver Flaw

Black Hat Briefings: A pair of hackers show off a new technique for breaking into computers via flaws in wireless drivers shipped on Windows and Mac systems.

LAS VEGAS—Wi-Fi-enabled computers are sitting ducks for code execution attacks because of gaping flaws in wireless drivers shipped on both Mac and Windows systems, security researchers warned at the Black Hat Briefings security conference here.

A pair of hackers—David Maynor and Jon Ellch—demonstrated such a break-in on an Apple MacBook laptop fitted with a wireless card that was broadcasting its presence to another computer set up as an access point.


Read More

Monday, August 07, 2006

Unpatched flaw revealed in Cisco firewall

Vulnerability in PIX firewall appliances could allow outside attackers to gain access to corporate networks

By Robert McMillan, IDG News Service
August 04, 2006
Cisco Systems just can't seem to make it through the Black Hat USA conference unscathed. On Wednesday a security researcher showed how an unpatched vulnerability in the company's PIX firewall appliances that could allow outside attackers to gain access to corporate networks
Read More

Saturday, August 05, 2006

Microsoft Challenges Hackers To Crack Vista

LAS VEGAS - After suffering embarrassing security exploits over the past several years, Microsoft Corp. is trying a new tactic: inviting some of the world's best-known computer experts to try to poke holes in Vista, the next generation of its Windows operating system.

Microsoft made a test version of Vista available to about 3,000 security professionals Thursday as it detailed the steps it has taken to fortify the product against attacks that can compromise bank account numbers and other sensitive information.

"You need to touch it, feel it," Andrew Cushman, Microsoft's director of security outreach, said during a talk at the Black Hat computer-security conference. "We're here to show our work."

Microsoft has faced blistering criticism for security holes that have led to network outages and business disruptions for its customers. After being accused for not putting enough resources into shoring up its products, the software maker is trying to convince outsiders that it has changed.

Read More

Even offline computers can be hacked, researchers say

LAS VEGAS — Some computers with wireless Internet capabilities are vulnerable to malicious software that would let hackers take over the machines even if their owners aren't actually online, researchers announced here Wednesday.
The researchers planned to detail the vulnerability in a demonstration at a computer-security conference, showing how to take complete control of a MacBook from Apple. But researchers David Maynor and Johnny Ellch said the technique will work on an array of machines, including those that run Microsoft's Windows and the free Linux operating system.

Read More