aviv raff

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

Coming in July: Month of Twitter Bugs

A well-known security researcher plans to use the month of July to expose serious vulnerabilities in the Twitter ecosystem. The Month of Twitter Bugs, a project which launches on July 1, is the handiwork of Aviv Raff left, a researcher known for his work on Web-based security...

Tags: Vulnerability, Twitter, Aviv Raff, Web 2.0, Security, Internet, Ryan Naraine

Blog posts 2009-06-15

CSRF vulnerability allows Twitter 'follow' abuse

Last week, TechCrunch's Jason Kincaid wrote about an obvious Twitter vulnerability that allowed a user called "johng77536" to game the popular micro-blogging service to add thousands of followers subscribers in a short period of time. The "johng77536" account has since been disabled but a security researcher tracking...

Tags: Vulnerability, Twitter, Aviv Raff, Security, Ryan Naraine

Blog posts 2008-07-31

iPhone vulnerable to phishing, spamming flaws

Security researcher Aviv Raff left has discovered a pair of basic design flaws that could turn your iPhone into easy bait for malicious phishing and spamming attacks. According to an advisory from Raff, the iPhone's Mail and Safari applications are susceptible to a URL Spoofing vulnerability which...

Tags: Apple iPhone, Apple Safari, Vulnerability, Spamming, Flaw, Aviv Raff, Phishing, Spam, Security, Spam And Phishing, Ryan Naraine

Blog posts 2008-07-23

Aviv Raff drops an 0-day for IE 7.0 and 8.0b on XP

Aviv Raff drops an 0-day for IE 7.0 and 8.0b on XPVista is NOT affected because UAC and IE7's protected modeVista is NOT affected because there're UAC and IE7's protected mode.Yet another reason to use Vista!Actually...Aviv Raff states on his blog that it is affected for Information disclosure, but that's...

Tags: Microsoft Windows Vista (Longhorn), Aviv Raff, Microsoft Internet Explorer 7, Microsoft Windows Vista, Microsoft Windows XP, Microsoft Internet Explorer

Discussion threads 2008-05-15

Aviv Raff drops an 0-day for IE 7.0 and 8.0b on XP

I've been busy all day and just haven't been able to get to it until now, but Aviv Raff is a seriously bad man.  I follow his blog religiously as he always has some cool stuff going on and a lot of it tends to be thought provoking for other...

Tags: HTML, Microsoft Windows XP, Microsoft Internet Explorer 7, Blog, Microsoft Internet Explorer, Aviv Raff, Blogging, Web Browsers, Internet, Nathan McFeters

Blog posts 2008-05-14

Skype: Video chat feature meets code execution vulnerability

Updated below: Aviv Raff, a security researcher, has found a flaw in Skype that could allow an attacker to control your PC. On his blog, Raff explains the following: Skype uses Internet Explorer web control within the application to render internal and external HTML pages. Examples...

Tags: Vulnerability, Skype Technologies S.A., Video, Flaw, Aviv Raff, Corporate Communications, Security, Marketing, Larry Dignan

Blog posts 2008-01-18

Despite AOL's claim, AIM worm hole still wide open

There's a nasty worm hole in America Online's standalone AIM instant messaging software that won't be patched until the middle of October. AOL claims that the vulnerability, which allows a remote attacker to launch executable code without any user action, has been patched in the latest beta...

Tags: AOL Instant Messenger, America Online Inc., IM, Vulnerability, Microsoft Internet Explorer, Aviv Raff, Instant Messaging, Web Browsers, Security, Internet, Online Communications, Ryan Naraine

Blog posts 2007-09-27

Unpatched QuickTime-to-Firefox flaw dings IE too

Security researcher Aviv Raff has found a way to use the one-year-old and still unpatched QuickTime vulnerability to automate XAS cross application scripting attacks against users of Microsoft's Internet Explorer. To demonstrate the attack scenario, Raff embedded a rigged QuickTime file on Google's BlogSpot to force a...

Tags: Apple QuickTime, Microsoft Internet Explorer, Attack, Ryan Naraine

Blog posts 2007-09-14

Storm Worm botnet could be world's most powerful supercomputer

Nearly nine months after it was first discovered, the Storm Worm Trojan continues to surge, building what experts believe could be the world's most powerful supercomputer. The Trojan, which uses a myriad of social engineering lures to trick Windows users into downloading malware, has successfully...

Tags: Operation, Supercomputer, Malware, Worm, Ryan Naraine

Blog posts 2007-09-06

Additional Resources

StrongWebmail CEO's mail account hacked via XSS

A Webmail service that touts itself as hack-proof and offered $10,000 to anyone who could break into the CEO's e-mail has lost the challenge. A trio of hackers successfully compromised the e-mail using persistent cross-site scripting XSS vulnerability and are now claiming the bounty. ...

Tags: XSS, CEO, E-mail, Online Communications, Ryan Naraine

Blog posts 2009-06-04

Twitter API ripe for abuse by web worms

A security researcher is warning that the Twitter API can be trivially abused by hackers to launch worm attacks. The red-hot social networking/microblogging service has been scrambling to plug cross-site scripting and other Web site vulnerabilities to thwart worm attacks but, as researcher Aviv Raff points out,...

Tags: Web, API, Worm, Twitter, Twitpic, Cyberthreats, Viruses And Worms, Security, Ryan Naraine

Blog posts 2009-05-26

Patch Tuesday heads-up: 8 bulletins, 5 critical

Microsoft plans to ship 8 security bulletins next Tuesday (April 14, 2009) to fix remote code execution and denial of service vulnerabilities affecting Windows, Office and Internet Explorer. According to the company's Patch Tuesday advance notice, five of the bulletins will be rated...

Tags: Denial Of Service, Flaw, Microsoft Internet Explorer, Microsoft Corp., Bulletin, Web Browsers, Security, Internet, Ryan Naraine

Blog posts 2009-04-09

Opera sings the security blues

Guest editorial by Aviv Raff If you ask any Opera fanboy, he will tell you that Opera is the most secured browser. Well frankly, it really is a good and secure browser, implementing many restrictions that other browsers simply ignore. For example, while...

Tags: Opera Software, Vulnerability, Resource, Web Browser, Web Browsers, Security, Internet, Ryan Naraine

Blog posts 2008-10-30

On Opera patch day, a new zero-day flaw

On the same day Opera shipped a browser update with patches for three separate security vulnerabilities, hackers are openly discussion a new zero-day flaw that exposes Windows users to remote code execution attacks. With Opera 9.61, the Norwegian browser maker corrects an issue where History Search could...

Tags: Opera Software, Web Browser, Zero-day Bug, Execution Attack, Web Browsers, Internet, Ryan Naraine

Blog posts 2008-10-22

Google readying fix for Chrome file download flaw

Just hours after the release of the Google Chrome browser last month, researcher Aviv Raff discovered that he could combine two vulnerabilities -- a flaw in Apple Safari WebKit and a Java bug -- to trick users into launching executables direct from the new browser. (Here's a demo showing how...

Tags: Google Inc., Flaw, Google Chrome, Security, Ryan Naraine

Blog posts 2008-10-20

Google ignores some reported security problems?

Aviv Raff posted a public disclosure of a minor security risk that could be a major problem if used in conjunction with another type of problem. It's true that his discovery isn't really one that by itself should keep you up at night, but it's one that I'm surprised...

Tags: Google Inc., Security, Garett Rogers

Blog posts 2008-10-11

Webcam hijack demo highlights clickjacking threat

[ UPDATE: The details are out. Lots of unresolved clickjacking issues] A security researcher in Israel has released a demo of a "clickjacking" attack, using an JavaScript game to turn every browser into a surveillance zombie. The release of the demo follows last month's...

Tags: Webcam, Click, Web Browser, Twitter, Raff, Games, Web Browsers, Security, Personal Technology, Internet, Ryan Naraine

Blog posts 2008-10-07

iPhone hits another security speedbump

Apple's ongoing struggles with poor security-related design choices have extended to the iPhone.  According to security researcher Aviv Raff, everyone's favorite mobile device is vulnerable to two separate security weaknesses that expose millions of users to phishing and spamming attacks. [...

Tags: Apple iPhone, Apple Inc., Image, Spamming, Spam, Security, Spam And Phishing, Ryan Naraine

Blog posts 2008-10-06

Adobe moves to nuke 'clipboard hijack' attacks

Adobe has announced plans to modify the next version of its Flash Player to use an "allow/deny" system to mitigate clipboard hijack attacks. The change will be fitted into the final version of Flash Player 10 to demand user interaction when a Shockwave (.swf) file attempts to...

Tags: User Interaction, Adobe Systems Inc., Macromedia Flash Player, Attack, Keyboards, Security, Hardware, Peripherals, Ryan Naraine

Blog posts 2008-09-19

Google patches 'critical' Chrome code execution flaws

The first security patch for Google's new Chrome browser is out, fixing at least two "critical" vulnerabilities that put Windows users at risk of code execution attacks. [ SEE: Google Chrome vulnerable to carpet-bombing flaw ] The patch, which is rolled out automatically via...

Tags: Google Inc., Risk, Vulnerability, Patch Management, Web Browser, Flaw, Security, Strategy, Management, Ryan Naraine

Blog posts 2008-09-08