- +
After attacks, Apple fixes QuickTime bug 14 December, 2007 12:19:30
Apple has patched a critical security flaw in QuickTime that was being exploited by attackers.Apple has released a new security patch for QuickTime, its eighth update this year for the media player software.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Newsletter Subscription
One week after hiding Internet Explorer attack code on his Web site, security researcher Aviv Raff has posted details on how to launch the attack.
The bug lies in the "Print Table of Links" feature, which lets IE users print out a Web page along with a list of all the links on the page tacked onto the end. Raff discovered that if an attacker added special scripting code to a Web page, he could then run unauthorized software on the PCs of IE users who printed using this feature.
The flaw affects IE 7 and IE 8, Raff said. Security vendor Secunia said that the bug also affects IE 6.
Because the hack requires that the user be tricked into following so many steps -- not only visiting a Web page, but then printing a page with this feature selected -- Secunia has rated it as a "less critical."
Raff said that the flaw could be a more serious issue if hackers were to add the code to Web pages that were frequently printed out, such as those on Wikipedia.
The bug has not been patched by Microsoft, which was notified of the issue just last week.
Raff disclosed the flaw in an unusual way, embedding it in his own Web site and then inviting other hackers to come and find it. He called this a "treasure hunt."
The Israeli hacker said that the treasure hunt idea came from a local custom of playing such games during Israel's Independence Day. The contest was won Tuesday by someone calling himself "George the Greek."
Microsoft didn't get much time to fix the vulnerability, but Raff said he didn't feel that Microsoft would address the issue quickly unless he went public with the vulnerability.
When he has followed Microsoft's responsible disclosure guidelines in the past, the company has been too slow to fix bugs, he said.
Microsoft is thinking about putting a fix for the problem in an upcoming security update, the company said in a statement. It too downplayed the risk. "Our investigation has shown an attack would require significant user interaction," the company said. " An attacker would need to convince a user to select a non-default printing option and print a malicious web page in order for an attack to be successful."
Though Raff's attack code has been posted to the Millworm Web site, Microsoft says it's not heard of any attacks that exploit this vulnerability.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
CIO Live Podcast #79: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires Part II 05 October, 2007 06:00:00
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #78: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires 28 September, 2007 17:34:25
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #77: Panasonic Speeds Up Trans-Pacific File Transfers, Part III 21 September, 2007 07:00:00
Part three in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #76: Panasonic Speeds Up Trans-Pacific File Transfers, Part II 14 September, 2007 07:00:00
Part two in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #75: Panasonic Speeds Up Trans-Pacific File Transfers, Part I 07 September, 2007 07:00:05
Part one in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance.
- +
Google blacklists ATUG Web site 07 October, 2008 12:46:00
ATUG unaware of breach, Google unwilling to discuss detailsHackers may have hit the Australian Telecommunications User Group (ATUG) Web site, according to Google which has placed security threat warnings across all pages displayed in searches. - +
10 steps to loading dock security 07 October, 2008 11:30:00
Companies in all industries struggle to secure the loading dock, that sensitive spot where goods come in and go out. Follow these best practices and sleep better tonight.It's the stuff of CSO nightmares. Early on the morning of September 2, while most folks were home sleeping off the hot dogs, thieves used bolt cutters to break into an Alltel Communications warehouse and four of its loading docks in Fort Smith, Ark. Sources say they escaped with an estimated US$10 million worth of cell phones, not a bad haul for their Labor Day efforts. - +
Can security's human side stop data breaches? 07 October, 2008 14:29:00
As human error increasingly becomes the top reason for security breaches, behavior-based strategies are making their way into the workplace to supplement technologyShira Rubinoff was a practicing psychologist in 2004. When it came to technology, her experience was simply as a tech user, certainly not a tech guru. Then one day she was phished. - +
Corporate security and the climate crisis 03 October, 2008 11:21:00
How to adapt security and risk management policies - including IT security - to deal with climate change.US military strategists, CIA analysts, international agency officials and Nobel Prize winning economists concur with the consensus of the world's scientific community: the Climate Crisis is a planetary security issue, as well as a national security issue for each of the one hundred ninety two countries that belong to the United Nations. But the Climate Crisis is also, by extension, a corporate security issue, as well as, yes, a cyber security issue. - +
Companies own up to virtual security blind spot 02 October, 2008 11:05:00
VMWorld attendees reveal vast majority of companies have little or no security in place for their virtual systems.The vast majority of companies have little or no security in place for their virtual systems. That is a scary statistic revealed in a survey of attendees at the recent VMWorld 2008 conference in Las Vegas.
VeCommerce Launches Top Ten List of Personal Security Breaches In Lead Up to National ID Fraud Awareness Week 07 October, 2008 15:10:00
Multimedia Technology signs exclusive National distribution agreement with Freecom 07 October, 2008 14:30:00
Open Text: Upheaval in the Financial Markets Sharpens the Focus on Information Governance and Enterprise 07 October, 2008 13:19:00
Symantec State of Spam Report - October 2008 07 October, 2008 11:58:00
AIIA to Reward Sustainability and Green IT Champions at the 2009 iAwards 07 October, 2008 11:56:00
|
||
|
||
|
|
||
|
Web Security SaaS: The Next Generation of Web Security
Discover the latest web security SaaS solutions. Learn how to increase overall security effectiveness and reduce the burden on your IT department. Uncover the security challenges facing SMB environments today and identify the critical elements that can provide you with lower-cost and easier-to-manage web security solutions.
Subscribe to CIO
