Vulnerability intelligence vendor Secunia warns that a highly critical remotely exploitable vulnerability has been identified in the recently released Opera 10.52. The browser developer has patched the potential arbitrary code execution flaw in Opera 10.53.
The issue was identified by a programmer named Mathias Karlsson, who was investigating a stack exhaustion bug in WebKit, the popular rendering engine used by Safari, Chrome and other browsers. "The script simply fills the DOM document with tags and within seconds, causes both Safari and Opera to crash. […] Opera does not run WebKit but it turned out that the exploit made it crash for other reasons," the researcher writes on his blog, where an exploit is also available.
"The vulnerability is caused due to an error when e.g. continuously writing content to a page using document.write() and results in a function call using uninitialised memory when a user visits a specially crafted web page," explains Secunia. The company attributed a severity level of "highly critical" to the vulnerability, because successful exploitation may allow for arbitrary code to be executed on the system.
Opera acknowledged the existence of an issue in the release notes accompanying Opera 10.53 RC1, which became available to users yesterday. However, the browser developer does not confirm the critical impact of the bug and only refer to it as a "possible" vulnerability. "A crash was reported as a security issue yesterday, and we are still investigating the issue. However, we do have a fix ready for testing already," the company said.
Even though at the time of writing this article, there was no official announcement yet, the final builds of Opera 10.53 for Windows and Mac have appeared on the official FTP servers. In addition, Karlsson advises Safari users to stop using the browser until the problem is thoroughly investigated and points out that this WebKit bug cannot be exploited in Chrome, due to its sandboxing model.
Taken from : http://news.softpedia.com/news/Highly-Critical-Vulnerability-Discovered-in-Opera-140962.shtml
Friday, April 30, 2010
Sunday, April 18, 2010
Facebook not a SECURED site!?
Social sites are becoming one of the best ways to become popular these days.We try to keep in touch with our friends through these social networking sites these.They might be our friends with whom we have contact everyday or they might be the oldies.So we try to live a virtual life in this virtually large space so that we can be happy with our friends (virtually).
What we actually do in these sites? We add more and more friends, expose our identity (like sharing our e-mail ids,photos, and all other personals) and keep in touch with our friends.Since it is a social site anyone can view anyone's details unless they have given the right protection options.Many of us still don't know how to be secure on the net.So usually many of the security options were implemented by the sites themselves.The main target of the hackers will be the passwords and similar details. The password is the main component which is used to control many features in our profile.Understanding the importance of passwords, a protocol is developed. It is SSL.The techincal details of SSL can be found in this link:
SSL
Among the social networking sites are the most famous Google,Hi5,Facebook and all others.And in the recent days Facebook is gaining a great popularity.But people always didn't check for there security and get drowned in the available facilites.One of the main features needed for the Social networking sites, the SSL, is not present in Facebook.
*If you try to connect through https:// , the following page will be displayed in the web browsers
This means that the chances to break one's password gets increased.
Many of us would have uploaded our personal details like photos in our profile. If one's password is vulnerable for attack so is their profile.Also there has been a buzz that Facebook retains the photos even after one deletes his account.This is another serious issue which leads to our photos being present on the web without our knowledge.
It is high-time that we understand life on the net is becoming more vulnerable these days and learn more about security in the web.
What we actually do in these sites? We add more and more friends, expose our identity (like sharing our e-mail ids,photos, and all other personals) and keep in touch with our friends.Since it is a social site anyone can view anyone's details unless they have given the right protection options.Many of us still don't know how to be secure on the net.So usually many of the security options were implemented by the sites themselves.The main target of the hackers will be the passwords and similar details. The password is the main component which is used to control many features in our profile.Understanding the importance of passwords, a protocol is developed. It is SSL.The techincal details of SSL can be found in this link:
SSL
Among the social networking sites are the most famous Google,Hi5,Facebook and all others.And in the recent days Facebook is gaining a great popularity.But people always didn't check for there security and get drowned in the available facilites.One of the main features needed for the Social networking sites, the SSL, is not present in Facebook.
*If you try to connect through https:// , the following page will be displayed in the web browsers
This means that the chances to break one's password gets increased.
Many of us would have uploaded our personal details like photos in our profile. If one's password is vulnerable for attack so is their profile.Also there has been a buzz that Facebook retains the photos even after one deletes his account.This is another serious issue which leads to our photos being present on the web without our knowledge.
It is high-time that we understand life on the net is becoming more vulnerable these days and learn more about security in the web.
Subscribe to:
Posts (Atom)