TechWeb | News | IE And Firefox Sport New Zero-day Flaw

Multiple security organizations warned Tuesday that Internet Explorer, Firefox, Mozilla, and SeaMonkey -- on Windows, Linux, and the Mac -- are vulnerable to a JavaScript bug that could allow a determined attacker to dupe users into giving up sensitive personal information such as credit card or bank account numbers and passwords.

According to Symantec, which issued an alert late afternoon Tuesday, all versions of the Microsoft and Mozilla browsers could be used to harvest data through a JavaScript key-filtering vulnerability.

'This issue is triggered by utilizing JavaScript 'OnKeyDown' events to capture and duplicate keystrokes from users,' went the Symantec warning.

The bug would let crafty criminals filter keystrokes entered into a form, say a credit card form to pay for online goods, to an invisible file upload dialog on the same Web page. Once the information's trapped in that hidden dialog -- the vulnerability discoverer used the analogy of the keystrokes 'bouncing' from the legit (or at least legitimate-looking form) to the cloaked one -- the data could be sent to the attacker."

Comments

Play against Xbox360 gamer on PC in Vista

Microsoft Corp. co-founder Bill Gates on Tuesday announced a cross-platform gaming service that integrates games played on cell phones, Xbox 360 consoles and the upcoming Windows Vista operating system. The "Live Anywhere" service will be available as part of Windows Vista, Microsoft's next-generation PC operating system. The consumer version is scheduled for release early next year. "It means that you have one online community," Gates said in a news conference. "This platform can really unleash developers to do amazing new things." The system would extend the company's existing Xbox Live service for the Xbox 360 console into millions of Internet-enabled PCs and cellular phones. No pricing information on the new service was announced. In recent months, Microsoft has been pushing a number of online services that it hopes will boost revenue as markets for its traditional software become increasingly saturated. The company expects to make money off s...

Welcome to Google Checkout, that will be $3.14

From ZDNet The first time I looked up the domain " GDrive.com " it appeared that someone other than Google had it registered. A trip down memory lane takes us to my very first article that describes how I determined GDrive.com is in fact owned by Google, despite what it looks like on the surface. Well, by the same logic I have found that a brand new set of domains appearing to be registered to someone else were actually registered by Google on May 25th. The domains googlecheckout.net / org / info (.com is owned by someone else at the moment) have all been registered to a company called DNStination, Inc. Don't be fooled, the registrar is MarkMonitor — a company that prides itself on the protection of your corporate identity. There is no way they would let just anybody register a domain with "Google" in it — especially since Google is one of their clients. Then who is this DNStination, Inc. then? Googling the address of this "company" tell...

Hackers biting Apple

Hackers are increasingly focusing on Apple's Mac OS X, and the number of newly discovered vulnerabilities has surged. Such a switch could mean big implications for Apple's user base, which has traditionally not had to concern itself too much over security. It's been an impressively quiet year so far on the PC virus and worm front, and hackers seem to be focusing their attention elsewhere. One such area is Apple's Mac OS X. Once mostly ignored by malware developers, there appears to be a growing interest in this "alternative" OS. Details Have you noticed the dearth of serious PC virus and worm threats out there lately? Well, it isn't a figment of your imagination -- according to vnunet.com, viruses are no longer the top security threat . While serious attacks are still likely to emerge, the bottom has apparently fallen out of the PC antivirus market -- just as Microsoft begins a big push into the security market. One cause of this drop-off is solidif...

exinfo88

Search This Blog