If previous cash rewards were not enough to encourage you to start sniffing the code, then we have some good news.
Good news for Firefox users, thanks to the never ending Java vulnerability spree, Mozilla has decided to protect its users and from now on will block Java plugins with a Version 6 Update 30 and below as well as Version 7 Update 2 and below.
According to the official blog post, the February update for the Java Development Kit fixes a critical vulnerability, which prevents hackers from running exploit on user computer.
However, for those who want even more security, here is a simple tip: uninstall Java.
Security flaws everywhere.
After Google Chrome has been hacked twice, Microsoft’s Internet Explorer 9 was the second browser to fail the security challenge.
By exploiting two unknown vulnerabilities, Vupen Security was able to remotely open a calculator running on a Windows 7 SP1 machine. While no additional details were revealed, both IE and Google Chrome exploits were a combination of at least a couple of previously unknown flaws.
Identified as a bug CVE-2011-3046, discovered vulnerability is described as “UXSS and bad history navigation”, with no additional details revealed.
Security contests prove to be useful.
Just as some might have thought that Google’s Chrome sandboxing feature is bullet proof, Sergey Glazunov, a security researcher who have found quite a few vulnerabilities in the fast, has enriched his life with a $60k reward, received for a “Full Chrome” exploit, which bypassed the sandbox feature. Although Google Chrome was previously known to withstand various attacks in Pwn2Own and similar contests, this time it was the first to fail.
Justin Schuh, Chrome’s security team member said, “It was an impressive exploit. It required a deep understanding of how Chrome works. This is not a trivial thing to do. It’s a very difficult and that’s why we’re paying $60,000.”
The keyword here is “up to”.
Called Pwnium, contest attendees will be asked to exploit the Google Chrome web browser and in return, will be rewarded as follows:
Introduced years ago, Do Not Track allows users to opt out of tracking by advertising, social and other web sites that enjoy such data.
However, it’s not coming anytime soon, according to the report, Google Chrome is likely to introduce Do Not Track feature by the end of this year, which is 8-10 months away.
WebKit, a rendering engine used by a variety of mobile web browsers, including Google Chrome and Safari, appears to have a very serious flaw, which allows attackers to take a complete control over your smartphone.
According to George Kurtz, the former CTO of McAffee, who have co-founded a new security startup CrowdStrike and discovered the vulnerability, this means that pretty much every smartphone and tablet has this flaw. He has also confirmed that Windows Phone users were not affected.
No further details were revealed.
People freak out.
Just a few days ago, everyone was a huge fan of the HTML5. Now, it looks like at least a small amount of fans are freaking out over the industry’s DRM like protection proposal.
However, what they fail to realize is the fact that this is a necessary step, which would somewhat protect content providers, who actually spend money to produce such thing.
Just few days ago, Google has been accused of using a loophole in Apple’s Safari web browser, which allowed the search giant to track users by storing unwanted cookies.
Well, today Microsoft has published a report, stating that Google bypassed Internet Explorer’s privacy settings as well.