Category: Security

IE Mobile: Microsoft Fails To Fix A 6 Month Old Vulnerability

By | July 25, 2015 | 0 Comments

IE Mobile: Microsoft Fails To Fix A 6 Month Old VulnerabilityDetails are now published online.

Now here is something that does not exactly help the “buggy and old” IE public perception. Back in November and earlier this year in January, Microsoft was notified about the 4 security vulnerabilities that affect both Internet Explorer for desktop as well as smartphones and never bothered to fix them.

In fact, the software giant has now stated that they failed to do so because “there were no attacks reported”, hence they did not bother to do so, not to mention that Internet Explorer will also be replaced with Microsoft Edge later this year.
Continue Reading

Mozilla Kills Adobe Flash On Firefox, Disables It By Default

By | July 14, 2015 | 0 Comments

Mozilla Kills Adobe Flash On Firefox, Disables It By DefaultNow here is an interesting piece of news for all the tech (aka Flash hating) enthusiasts out there.

Unless you have been disconnected from the Internet for the last week or so, then the Hacking Team / Adobe Flash exploit leaks should be pretty known to you. Now, according to various reports, people are starting to see Flash disabled by default with the following pop-up displayed at the top of the page:

Firefox has prevent the unsafe plugin “Adobe Flash” from running on www.domain.com.
Continue Reading

Recent Leak Reveals New Adobe Flash Exploit

By | July 9, 2015 | 0 Comments

Recent Leak Reveals New Adobe Flash ExploitAnd everyone was vulnerable.

It seems like Flash has more security holes than the Swiss cheese and thanks to a recent leak, every single one of computers running it were vulnerable to a new attack.

The news come after the breach of the “Hacking Team”, an Italian spyware manufacturer, which have had clients (mostly governments) from all over the world. As it turns out, in more than 400 gigabytes of published data, there was a yet unknown Flash vulnerability, which too got revealed and allowed anyone (with some tech knowledge) to exploit computers running Adobe Flash 18.0.0.194 or earlier.
Continue Reading

Emergency Flash Update Is Rolling Out Now

By | June 26, 2015 | 0 Comments

Emergency Flash Update Is Rolling Out NowAdobe Flash Player 18.0.0.194.

Ah, Adobe Flash, the plugin that every single one of us loves to death, thanks to a never ending streak of security vulnerabilities and all kinds of issues. One might wonder, how many more are there left.

However, while most are routinely fixed and rolled out in batches, earlier this week Adobe was forced to release a critical update to machines running Windows, Mac and Linux as the latest vulnerability is extremely serious and has been already exploited by various hackers worldwide.
Continue Reading

Google Silently Downloaded Audio Listeners To User’s Computers

By | June 22, 2015 | 0 Comments

Google Silently Downloaded Audio Listeners To User’s ComputersWithout any consent.

If there is one thing that Google does not need is more negative press related to its user’s privacy invasion. However, this is exactly what they just got, thanks to a recently discovered “bug”.

According to a new report, after upgrading to Chromium 43, some users have noticed that it has silently started downloading the extension called “Chrome Hotword Shared Module”, which has a binary but no source code. While it is unknown what exactly does the black box do, the investigation has revealed that it grants itself permission to activate the microphone and start audio capture.
Continue Reading

Get Rich Quick: Mozilla Joins Google And Microsoft

By | June 10, 2015 | 0 Comments

Get Rich Quick: Mozilla Joins Google And MicrosoftWill pay you $10,000+ for mind boggling exploits.

If you want to get rich quick and have some deep understanding on how web browsers work and more importantly, how to exploit them, then good news as Mozilla has just announced that they too will be paying money for discovering various security vulnerabilities.

As a result, updated Client Bug Bounty Program will reward anyone if they create or report a:
Continue Reading

Alibaba’s UC Browser Could Be Leaking Million Of Users Data

By | May 28, 2015 | 1 Comment

Alibaba's UC Browser Could Be Leaking Million Of Users DataPlain text is not a way to go.

Just over a year ago, Alibaba has acquired UCWeb, a company behind UC Browser, which has a mind boggling user base of 500 million and more than 100 million active daily users.

However, as it turns out, there is a pretty serious “flaw” (or lazy design), which would allow anyone to identify your phone number, search queries, location and the device itself. What do we mean by saying lazy design? Well, it’s not exactly a security vulnerability as the only issue with UC Browser is that it does not encrypt traffic, which could allow your network operator or in-path actor on the network to access your data.
Continue Reading

Microsoft Aims To Get Rid Of The Misleading Ads

By | May 5, 2015 | 0 Comments

Microsoft Aims To Get Rid Of The Misleading AdsFinally!

You know how you visit a web page only to see 4 different “download” links and being confused on which one is real? Well… Good news for pretty much every single person out there. Starting from June 1st, Microsoft’s SmartScreen Filter (for Internet Explorer and Edge) will become much smarter and better at protecting the users.

According to the software giant, Microsoft will start reporting these ads as unsafe when users goes ahead and clicks on any of those. Thanks to the updated guidelines, here is what ads should not do in order to be marked as safe by the SmartScreen Filter:
Continue Reading

Microsoft Adopts Google’s Bounty Strategy

By | April 22, 2015 | 0 Comments

Microsoft Adopts Google’s Bounty StrategyGet your debuggers going.

It looks like Microsoft has finally decided to borrow one of the Google’s ideas: rewards for finding serious web browser bugs.

While the rewards program is not exactly new in the software giant campus, those who wanted to do some serious debugging for the Project Spartan will finally be rewarded the right way: up to $15,000 for a security vulnerability.

The bad news? The clock is ticking and this is not exactly a campaign for a lifetime. Instead, the Project Spartan Bug Bounty will end on June 22, 2015.
Continue Reading

Firefox 37 Will Encrypt Non HTTPS Traffic

By | April 7, 2015 | 0 Comments

Firefox 37 Will Encrypt Non HTTPS TrafficGrab it now.

In an effort to protect its users privacy, the developers of Firefox web browser have made some serious changes that will allow to encrypt non https (http://) traffic.

How is that even possible? You can thank opportunistic encryption, a technique, which encrypts the communication when connecting to another system. As a result, Firefox will route HTTP (port 80) requests that are usually sent in the cleartext to a port of server administrator’s choice. In addition to that, users won’t experience any delays as connections will be fully established before they are even used.
Continue Reading