aviv raff Resources

Sponsored White Papers, Webcasts, and Downloads

The Vertical Professional Services Market Rates Importance of IP Telephony Features, Management and Applications
Live Webcast: Using High Availability, Replication and Virtualization for Business Continuity
Live Webcast: Now is the Time for HD Video Communications - The Smart Business Tool

ZDNet Resources

iPhone vulnerable to phishing, spamming flaws: Security researcher Aviv Raff left has discovered a pair of basic design flaws that could turn your iPhone into easy bait for malicious phishing and spamming attacks. According to an advisory from Raff, the iPhone's Mail and Safari applications are susceptible to a URL Spoofing vulnerability which...; Tags: Apple iPhone, Apple Safari, Vulnerability, Spamming, Flaw, Aviv Raff, Phishing, Spam, Security, Spam And Phishing, Ryan Naraine; Blog posts 2008-07-23
Aviv Raff drops an 0-day for IE 7.0 and 8.0b on XP: Aviv Raff drops an 0-day for IE 7.0 and 8.0b on XPVista is NOT affected because UAC and IE7's protected modeVista is NOT affected because there're UAC and IE7's protected mode.Yet another reason to use Vista!Actually...Aviv Raff states on his blog that it is affected for Information disclosure, but that's...; Tags: Microsoft Windows Vista (Longhorn), Aviv Raff, Microsoft Internet Explorer 7, Microsoft Windows Vista, Microsoft Windows XP, Microsoft Internet Explorer; Discussion threads 2008-05-15
Aviv Raff drops an 0-day for IE 7.0 and 8.0b on XP: I've been busy all day and just haven't been able to get to it until now, but Aviv Raff is a seriously bad man. I follow his blog religiously as he always has some cool stuff going on and a lot of it tends to be thought provoking for other...; Tags: HTML, Microsoft Windows XP, Microsoft Internet Explorer 7, Blog, Microsoft Internet Explorer, Aviv Raff, Blogging, Web Browsers, Internet, Nathan McFeters; Blog posts 2008-05-14
Skype: Video chat feature meets code execution vulnerability: Updated below: Aviv Raff, a security researcher, has found a flaw in Skype that could allow an attacker to control your PC. On his blog, Raff explains the following: Skype uses Internet Explorer web control within the application to render internal and external HTML pages. Examples...; Tags: Vulnerability, Skype Technologies S.A., Video, Flaw, Aviv Raff, Corporate Communications, Security, Marketing, Larry Dignan; Blog posts 2008-01-18
Despite AOL's claim, AIM worm hole still wide open: There's a nasty worm hole in America Online's standalone AIM instant messaging software that won't be patched until the middle of October. AOL claims that the vulnerability, which allows a remote attacker to launch executable code without any user action, has been patched in the latest beta...; Tags: AOL Instant Messenger, America Online Inc., IM, Vulnerability, Microsoft Internet Explorer, Aviv Raff, Instant Messaging, Web Browsers, Security, Internet, Online Communications, Ryan Naraine; Blog posts 2007-09-27

Unpatched QuickTime-to-Firefox flaw dings IE too: Security researcher Aviv Raff has found a way to use the one-year-old and still unpatched QuickTime vulnerability to automate XAS cross application scripting attacks against users of Microsoft's Internet Explorer. To demonstrate the attack scenario, Raff embedded a rigged QuickTime file on Google's BlogSpot to force a...; Tags: Apple QuickTime, Microsoft Internet Explorer, Attack, Ryan Naraine; Blog posts 2007-09-14
Storm Worm botnet could be world's most powerful supercomputer: Nearly nine months after it was first discovered, the Storm Worm Trojan continues to surge, building what experts believe could be the world's most powerful supercomputer. The Trojan, which uses a myriad of social engineering lures to trick Windows users into downloading malware, has successfully...; Tags: Operation, Supercomputer, Malware, Worm, Ryan Naraine; Blog posts 2007-09-06

Additional Resources

2008 Pwnie Award nominees announced: Well, after getting 134 nominations, and spending countless hours pulling out nominees, the judges for the 2008 Pwnie Awards have announced the final nominees to be voted on. From the site: The final list of nominees for the nine Pwnie Award categories is ...; Tags: Nominee, Vulnerability, XSS, Attack, Flaw, Dan, XSS Flaw, Lifelock, Security, Nathan McFeters; Blog posts 2008-07-21
News to know: iPhone; DNS patch; Online privacy; VMware; Vista: Notable headlines: Tom Steinert-Threlkeld: A Modest Privacy Proposal Richard Koman: Congress looks at next-gen ad networks Techmeme: iPhone reviews Matthew Miller: MSM Apple iPhone reviews are up and may just have saved me some cash ...; Tags: Apple iPhone, DNS, Online Privacy, Microsoft Windows Vista, Apple Inc., VMware Inc., Microsoft Corp., HP iPAQ 910, 3G, Domain Names, Cellular Phones, Wireless, Networking, Consumer Electronics, Personal Technology, Internet, Larry Dignan; Blog posts 2008-07-09
Apple hasn't learned from past security mistakes: * Ryan Naraine is on vacation. Guest editorial by Aviv Raff Apple's Safari for Windows is a nice browser. It really is. It has slick user interface, some pretty cool features, and benchmarks show that it is really fast. But, saying that...; Tags: Security, Apple Safari, Apple Inc., Web Browser, Web Browsers, Microsoft Windows, Internet, Operating Systems, Software, Ryan Naraine; Blog posts 2008-07-08
Your computer as your singing coach: Israeli researchers have developed an electronic ear to coach vibrato technique. Until now, the quality of a vibrato -- the pulsating change of pitch in a singer's voice -- could only be judged by voice experts. Now, a Tel Aviv University research team 'has successfully managed to train a computer...; Tags: Researcher, Quality, Teacher, Computer, TAU, Productivity, Team Management, Management, Roland Piquepaille; Blog posts 2008-07-05
On deck from MS: Four 'important' patches but nothing for IE: On deck from MS: Four 'important' patches but nothing for IEAm I correct that uninstalling Safari mitigates the problem?I realize it isn't a fix but am I correct in believing that for the time being, removing Safari effectively closes off the only known attack vector that can utilize this vulnerability?...; Tags: Web browsers, SECURITY, patch management, flaw, Apple Safari, Apple Inc., Microsoft Corp., Microsoft Internet Explorer; Discussion threads 2008-07-03
On deck from MS: Four 'important' patches but nothing for IE: Next Tuesday, Microsoft plans to ship four security updates for multiple flaws affecting Windows, Microsoft SQL Server and Microsoft Exchange Server but the absence of fixes for publicly known Internet Explorer issues is causing raised eyebrows among security professionals. According to the company's advance notice for July's...; Tags: Patch Management, Microsoft Internet Explorer, Microsoft Corp., Flaw, Web Browsers, Microsoft Windows, Security, Internet, Operating Systems, Software, Ryan Naraine; Blog posts 2008-07-03
Multiple Facebook vulnerabilities reported on Full-Disclosure: Jouko Pynnonen posted a message to the Full-Disclosure mailing list today, citing multiple "script injection" vulnerabilities within Facebook. I'm not sure if this is a surprise to anybody out there, it's certainly not to me, as numerous web applications have major problems with Cross-site Scripting vulnerabilities, but I think this...; Tags: Facebook, Vulnerability, XSS, JavaScript, Microsoft Internet Explorer, Web Browser, Sandbox, JS, Canvas Page, Web Browsers, Internet, Nathan McFeters; Blog posts 2008-07-02
Exploit code released for unpatched IE 7 vulnerability: Another day, another gaping hole affecting fully patched versions of Microsoft's Internet Explorer browser. According to a warning from US-CERT, proof-of-concept exploit code has been published for a new zero-day bug that can be used for a variety of malicious attacks against Windows users running IE 6,...; Tags: Attacker, Vulnerability, Frame, Microsoft Internet Explorer 7, Domain, Exploit Code, Microsoft Internet Explorer, Web Page, Web Browsers, Internet, Ryan Naraine; Blog posts 2008-06-30
Zero-day flaw haunts Internet Explorer: Zero-day flaw haunts Internet ExplorerJelloWow, Ryan, that really tells me a lot. What does this vulnerability do? Change my hard drive into Jello?While the information is appreciatedit would have been nice if the headline had included that little number 6. It makes a huge difference.this flaw haunts only OLD Internet...; Tags: Web browsers, Manuel Caballero, Microsoft Internet Explorer, zero-day bug, Mozilla Firefox, vulnerability; Discussion threads 2008-06-26
Zero-day flaw haunts Internet Explorer: An unpatched cross-domain vulnerability in Microsoft's flagship Internet Explorer browser could expose Windows users to cookie hijacks and credentials theft attacks, according to a warning from security researchers. The zero-day flaw, which has been reported to Microsoft, is a variation of Eduardo Vela's IE Ghost Busters talk:...; Tags: Microsoft Internet Explorer, Zero-day Bug, Web Browsers, Internet, Ryan Naraine; Blog posts 2008-06-26
About-face: Apple patches Safari 'carpet bombing' bug: In what amounts to a major about-face, Apple has patched the Safari "carpet bombing" vulnerability that led to a Safari-to-Internet Explorer remote code execution combo threat. After insisting for weeks that the issue is more of an irritant than a security risk, Apple today released Safari v3.1.2...; Tags: Apple Safari, Apple Inc., Microsoft Windows, Web Browsers, Web Site Development, Operating Systems, Security, Software, Internet, Ryan Naraine; Blog posts 2008-06-19
Proof of Concept "carpet bombing" exploit released in the wild: In what appears to be an attempt to provoke Apple to reconsider its currently passive position on the severity of the dubbed as "carpet bomb" flaw, a working Proof of Concept exploit code has been released at Liu Die Yu's security blog : Nitesh Dhanjani discovered that Safari for...; Tags: Desktop, Apple Safari, Vulnerability, Microsoft Internet Explorer, Liu, Microsoft Windows, Web Browsers, Operating Systems, Security, Software, Internet, Dancho Danchev; Blog posts 2008-06-11
How an Apple store was transformed into a Best Buy in 10 minutes: How an Apple store was transformed into a Best Buy in 10 minutesThat is true[i]We pay a lot for our hardware / software so we have a right to be annoyed more than people buying $400 laptops, right?[/i]I agree. When you are not dealing with the higher volumes of people...; Tags: Apple Inc., Apple Store, Best Buy Co. Inc.; Discussion threads 2008-05-22