My Writings. My Thoughts.
Mozilla fixes a big security hole in its flagship web browser.
// March 23rd, 2010 // No Comments » // Uncategorized
Monday Mozilla released an update to its Firefox Internet browser addressing a critical bug that could allow a hacker to remotely execute arbitrary code on a user’s system. The company said in this blog post that the v3.6.2 patch was released ahead of schedule–this may be due to an upcoming hacking contest that targets browser vulnerabilities.
According to the company in this security advisory, researcher Evgeny Legerov of Intevydis reported that the WOFF decoder contains an integer overflow in a font decompression routine. The flaw could result in too small a memory buffer being allocated to store downloadable font. A hacker could use this new-found vulnerability to crash the browser and allow remote code execution.
In addition to the critical update, the patch also addresses several other security and stability issues. “We strongly recommend that all Firefox users upgrade to this latest release,” Mozilla said. “If you already have Firefox 3.6 you will receive an automated update notification within 24 to 48 hours. This update can also be applied manually by selecting “Check for Updates…” from the Help menu. ”
It was also suggested that Firefox 3.0 and 3.5 users upgrade to the latest version.
Source: www.tomshardware.com
Hack Expert Says Windows 7 is Hard to Hack
// March 3rd, 2010 // No Comments » // Uncategorized
One of the world’s top hackers Charlie Miller has said that Windows 7 is a harder nut to crack than OS-X.
Despite all the advertising from Jobs’ Mob which says otherwise, Miller told One IT Security that Windows 7 is slightly more difficult because it has full address space layout randomization. It also has a smaller attack surface with no Java or Flash installed by default.
Even before Windows 7, Microsoft’s stuff was harder to crack than OS-X because it had a data execution prevention. Recently however it is easy to get around these protections in a browser in Windows.
Linux is just as easy to hack because the vulnerabilities are in the browsers.
Generally most of the problems for both Windows and OS-X are based around Adobe Flash. He agrees with Steve Jobs that you have to be barking to run Flash on any operating system.
Miller has made his name hacking OS-X and the iPhone. He said most of his hacks can be found in fairly common Mac hacking books.
Source: techeye.net
