http://www.metafilter.com/tags/flaw Posts tagged with 'flaw' at MetaFilter. Tue, 16 Dec 2008 02:33:52 -0800 Tue, 16 Dec 2008 02:33:52 -0800 en-us http://blogs.law.harvard.edu/tech/rss 60 http://www.metafilter.com/77470/ZeroDay BBC: Users of the world's <a href="http://news.bbc.co.uk/1/hi/technology/7784908.stm">most common web browser</a> (good old <a href="http://www.microsoft.com/windows/products/winfamily/ie/default.mspx">IE</a>!) have been advised to switch to a rival until <a href="http://www.vnunet.com/vnunet/news/2232403/ie-zero-day-emerges">a serious security flaw</a> has been fixed. <a href="http://www.microsoft.com/technet/security/advisory/961051.mspx">Microsoft Security Advisory 961051</a>. <a href="http://oss.itproportal.com/articles/2008/12/16/internet-explorer-7-records-huge-increase-hacking-attacks/">Microsoft Corp. has tipped off its users of a “huge increase” in hacking attacks</a> exploiting a critical unpatched vulnerability in some versions of its flagship web-browser Internet Explorer (IE), and notified that some of these attacks have originated from hacked porn websites. In addition to IE7, other versions like IE 5 and IE 6 have also been found to be vulnerable to the flaw, which on proper exploitation could enable a hacker to seize complete control over victim’s computer, the company added. The flaw essentially originates from the improper handlings of DHTML data bindings due to a memory corruption error. Though the hackers have been exploiting the vulnerability for more than a week, the company notified an upswing in attacks over the weekend. Researchers Tareq Saade and Ziv Mador in one of their postings on Malware Protection Center blog said, “Based on our stats, since the vulnerability has gone public, roughly 0.2 percent of users worldwide may have been exposed to websites containing exploits of this latest vulnerability”. The researchers purported that the hackers have now changed their methodology of attacks, as instead of using malicious websites for attacks, they are now using compromised legitimate websites to trick the users. Incidentally Trend Micro Inc has estimated that around 6,000 websites have been infected so far to exploit the vulnerability, with the count “quickly increasing in number”. tag:metafilter.com,2008:site.77470 Tue, 16 Dec 2008 02:33:52 -0800 chrome explorer firefox flaw IE internet internetexplorer microsoft mozilla opera safari sercurity shit chuckdarwin http://www.metafilter.com/73180/And%2DDJBs%2D500%2Dis%2Dsafe%2Dfor%2Danother%2Dday <a href='http://blogs.zdnet.com/security/?p=1460'>A major flaw in the DNS system</a> is promised to be revealed at the next <a href='http://www.blackhat.com/'>Black Hat conference</a>. Convinced it was too important to wait, security researcher <a href='http://video.google.com/videoplay?docid=3470502418262982787'>Dan Kaminsky</a> <small>(video, autoplays)</small> convinced <a href='http://www.microsoft.com/technet/security/Bulletin/MS08-037.mspx'>several</a> <a href='http://www.cisco.com/warp/public/707/cisco-sa-20080708-dns.shtml'>software</a> <a href='http://sunsolve.sun.com/search/document.do?assetkey=1-26-239392-1'>vendors</a> to issue emergency patches today, before publicizing details of the attack. <a href='http://blogs.zdnet.com/security/?p=1466'>It can't be that serious though, can it</a>? <a href='http://www.matasano.com/log/1093/patch-your-non-djbdns-server-now-dan-was-right-i-was-wrong/'>Oh yes it can</a>. tag:metafilter.com,2008:site.73180 Wed, 09 Jul 2008 18:57:48 -0800 attack dankaminsky dns exploit flaw hack vulnerability Skorgu http://www.metafilter.com/58022/Wikipedia%2Dimpartiality <a href="http://www.cnn.com/2007/TECH/internet/01/24/microsoft.wikipedia.ap/index.html">Microsoft has been caught paying for Wikipedia edits.</a> But wasn't this inevitable? Now that Wikipedia has become the <em>de facto</em> online reference, wasn't it inevitable that it would attract governments, corporates and other groups to create their own version of events. Is this an inherent and fatal flaw in open source knowledge? tag:metafilter.com,2007:site.58022 Wed, 24 Jan 2007 12:42:30 -0800 flaw ibm impartial microsoft wikipedia bobbyelliott