Pwn2Own: Internet Explorer 8, 7 vs. Firefox 3 vs. Chrome 4 vs. Safari 4
February 18, 2010 by Vygantas Lipskas · 20 Comments
In the upcoming Pwn2Own contest, hackers will be trying to “pwn” Microsoft Internet Explorer, Mozilla Firefox, Google Chrome and Apple Safari web browsers. Competition will be active for three days, with a total cash prize pool of $40 000, where each target is worth $10 000.
Contestants will be trying to exploit:
Day 1
Microsoft Internet Explorer 8 on Windows 7 Read more
Pwning Opera Unite with Inferno’s Eleven
October 29, 2009 by Vygantas Lipskas · 8 Comments
Guys from SecureThoughts.com decided to do a research on Opera Unite security and share some insights.
1. Enumerating Service Owner Usernames
Use: site:operaunite.com search query in search engine to build a list.
2. Enumerating Computer names for a particular Service Owner
“If you visit the service homepage with any non-existent computer name, then Opera Unite happily discloses all computer names used by that person.” Read more
Security: Internet Explorer is King of the Hill, According to NSS Labs
August 14, 2009 by Vygantas Lipskas · 7 Comments
Back in March, NSS Labs has revealed shocking statistics which suggested that Internet Explorer 8 had best effectiveness results against malware.
As of today, Neowin reports that NSS Labs has yet again tested all web browsers to find out which one has best built-in protection against phishing.
Tested web browsers:
Safari 4
Chrome 2
Internet Explorer 8
Firefox 3
Opera 10 Beta Read more
Mozilla to Patch Critical Firefox 3.5 Vulnerability
July 15, 2009 by Vygantas Lipskas · 1 Comment
Soon enough we will see Firefox 3.5.1 release as Mozilla is working hard to fix the critical security flaw.
Meanwhile, you may temporary mitigate it by disabling JIT in the JavaScript engine, to do so:
Type about:config in the location bar
Search for javascript.options.jit.content, double click it to set it to false.
Mac OS X 10.5.7 Update
May 13, 2009 by Vygantas Lipskas · Leave a Comment
The latest Mac OS X 10.5.7 update resolves few security issues for both, Safari 4 and 3.2.3 web browsers.
To get more details, please visit the following:
About the Safari 4 Public Beta Security Update
About the security content of Safari 3.2.3
Firefox – Browser with the Most Disclosed Vulnerabilities
April 15, 2009 by Vygantas Lipskas · 14 Comments
From .PDF (download)
“This year, Secunia published advisories for the four most widely used web browsers: Internet Explorer (IE), Safari, Opera, and Mozilla Firefox. 31 vulnerabilities were reported for Internet Explorer (IE 5.x, 6.x, and 7), including those publicly disclosed prior to vendor patch as well as those included in Microsoft Security Bulletins. Read more
eBay Scammers Work Unpatched Vulns in Firefox, IE
March 10, 2009 by Vygantas Lipskas · Leave a Comment
From TheRegister:
“eBay scammers have been exploiting unpatched vulnerabilities in the Firefox and Internet Explorer browsers to deliver counterfeit pages that try to dupe people surfing the online auction house to bid on fraudulent listings.”
Continue reading at The Register
New Apple Safari Vulnerability Discovered
January 13, 2009 by Vygantas Lipskas · 3 Comments
Guy Brian has discovered a new Safari vulnerability which affects Mac OS X 10.5 (Leopard) users who haven’t changed default feed reader preferences.
This vulnerability allows phishing sites to silently read all the user data from hard drive without him knowing that.
There is however a workaround for Safari users on Windows OS. Read more
Web Browsers Security Handbook
January 3, 2009 by Vygantas Lipskas · 2 Comments
Now here is something quite informative. Browser Security Handbook published by Google.
As Google explains, the document is meant to provide web application developers, browser engineers, and information security researchers with a one-stop reference to key security properties of contemporary web browsers.
The following browsers are included: Read more
Trojan for Firefox
December 5, 2008 by Vygantas Lipskas · 2 Comments
BitDefender has identified this new bit of holiday cheer as Trojan.PWS.ChromeInject.A.”
The trojan installs itself into Firefox’s add-on directory, registers itself as Greasemonkey, and begins searching your hard drive for passwords, login details, your World of WarCraft account information, and your library card number.
Once installed, the trojan is capable of identifying over 100 web sites. When an infected user visits a site the trojan recognizes, the parasite comes to life and records the login/password details being transmitted. Presumably it then goes back to sleep, quietly keeping an eye on further system activity.
For more details, check original post by ArsTechnica.




