xml flaw

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

Microsoft to patch zero-day XML flaw

Microsoft to patch zero-day XML flawMicrosoft to patch zero-day XML flawJust like clockwork and right on time, the Microsoft way. Say good bye vulnerabilities and flaws, the Microsoft sheriff is in town to clean up.Microsoft to patch....And just think ladies & gentlemen, the City of Vista is just around...

Tags: SECURITY, Patches, Nothing, Microsoft Corp., flaw, XML flaw, zero-day XML flaw, vulnerability, Microsoft Windows, XML, MSFT

Discussion threads 2006-11-09

Additional Resources

News to know: Culture of cheap; Microsoft, Nokia; eBay; Apple

Here are today’s notable headlines. You can get News To Know via email alert and RSS daily. For continuous updates see BNET’s around-the-Web tech coverage. Andrew Nusca: Culture of cheap: How discount computers cost the consumer Jason Perlow: Der Frankenputer: A Last Hurrah at...

Tags: Dell Computer Corp., Nokia Corp., Apple Inc., Microsoft Corp., eBay Inc., Cloud Computing, Phishing, Virtualization, Sales Strategy, Apple Mac OS X, Microsoft Word, Smart Phones, Security, Spam And Phishing, Hardware, Sales, Operating Systems, Software, Apple Mac OS, Microsoft Office, Office Suites, Consumer Electronics, Personal Technology, Larry Dignan

Blog posts 2009-08-13

D-Link router's CAPTCHA flawed, WPA passphrase retrieved

It took only a week for the researchers at SourceSec to find a flaw in the CAPTCHA implementation of D-Link's recently introduced CAPTCHA in its routers, originally aimed to prevent DNS changing malware from automatically achieving its objective. According to SourceSec, the flawed...

Tags: WPA, D-Link Systems, CAPTCHA, Passphrase, Router, Malware, Routers & Switches, Spyware, Adware & Malware, Cyberthreats, Network Technology, Networking, Security, Dancho Danchev

Blog posts 2009-05-19

Attackers pounce on Microsoft PowerPoint zero-day

Attackers pounce on Microsoft PowerPoint zero-dayVulnerability patch cycle unacceptableMS would be better spending the $600M advertising (See Mary's blog) waste of money on strengthening the threat response team as several months for an already exploited hole is insane and does not do their reputation any favours.Eg: For Excel 2000...

Tags: SECURITY, Microsoft Corp., Microsoft Office, MOICE, Microsoft PowerPoint, user right

Discussion threads 2009-04-03

Exploit code sends Mozilla scrambling to fix Firefox

[ UPDATE:  Mozilla has shipped a patch for this vulnerability ] Mozilla's security response team is scrambling to ready a patch for what appears to be a serious security flaw affecting its flagship Firefox browser. The vulnerability, released alongside proof-of-concept...

Tags: Mozilla Firefox, Vulnerability, Exploit Code, Mozilla Corp., Patch, Web Browsers, Security, Internet, Ryan Naraine

Blog posts 2009-03-26

Legal concerns stop researchers from disrupting the Storm Worm botnet

What if security researchers were able to disrupt the leftovers of the Storm Worm botnet thanks to a flaw in its communication model allowing them to redirect infected hosts and eventually disinfect them, but fearing legal action have their hands tied? At the 25th Chaos Communication Congress,...

Tags: Node, Malware, Worm, Stormfucker, Waledac, Cyberthreats, Spyware, Adware & Malware, Viruses And Worms, Security, Dancho Danchev

Blog posts 2009-01-16

Hackers exploiting (unpatched) IE 7 flaw to launch drive-by attacks

Malicious hackers are exploiting a zero-day flaw in Microsoft's Internet Explorer browser to launch a new wave of drive-by downloads, according to a warning from security researchers. The Web attacks, first reported by Bob McMillan, takes aim at users running IE 7 on Windows XP SP2 and...

Tags: Flaw, Microsoft Internet Explorer 7, Microsoft Internet Explorer, Microsoft Corp., Hacker, Attack, Web Browsers, Security, Internet, Ryan Naraine

Blog posts 2008-12-09

MS Patch Tuesday: Critical Windows, Office flaws fixed

Microsoft's scheduled batch of patches for November crossed the wires today with fixes for at least four documented vulnerabilities affecting millions of Windows and Office users. As previously reported, the company released two security bulletins -- one rated critical, one rated important -- with fixes for flaws...

Tags: Web, Attacker, Microsoft Office, Flaw, Vulnerability, Microsoft Windows, Microsoft Corp., Security, Ryan Naraine

Blog posts 2008-11-11

On GIFARs

Ever since Rob McMillan of IDG published a story giving a preview of our coming Black Hat talk, specifically a preview of the portion of our talk related to GIFARs, media coverage of the research has swirled a bit out of control and there's been some misconceptions.  My co-presenter John...

Tags: Black Hat, Vector, Applet, Image, Attack, Heasman, Nathan McFeters

Blog posts 2008-08-02

Black Hat Sneak Preview

Rob McMillan from IDG interviewed John Heasman and I today about the presentation we will be delivering with Rob Carter at Black Hat Vegas next week. The article has a good teaser about one of the more interesting of the many attacks we will cover, namely what we've coined...

Tags: Black Hat, Java Applet, Web Application, Web Browser, Applet, Attack, GIFAR, Java, Programming Languages, Security, Software Development, Software/Web Development, Nathan McFeters

Blog posts 2008-08-01

Apple hasn't learned from past security mistakes

* Ryan Naraine is on vacation. Guest editorial by Aviv Raff Apple's Safari for Windows is a nice browser. It really is. It has slick user interface, some pretty cool features, and benchmarks show that it is really fast. But, saying that...

Tags: Security, Apple Safari, Apple Inc., Web Browser, Web Browsers, Microsoft Windows, Internet, Operating Systems, Software, Ryan Naraine

Blog posts 2008-07-08

Gaping holes in Trillian IM client

Trillian users beware:  There are multiple serious security holes in the popular cross-platform IM application. According to alerts issued by TippingPoint's Zero Day Initiative ZDI, the vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of Trillian Pro. Trillian users are strongly...

Tags: User Interaction, Vulnerability, Trillian, IM Client, Trillian User, Security, Ryan Naraine

Blog posts 2008-05-22

Adobe patches 7 issues, including Pwn2Own contest flaw and DNS rebinding issues

Adobe published an advisory covering issues, including a fix for the Pwn2Own flaw that we previously discussed here.  Adobe's details are published here.  One of the issues that was patched was discovered by myself and fellow researcher (and co-worker at Ernst & Young's Advanced Security Center) Rob Carter, see the picture to the...

Tags: Adobe Systems Inc., DNS, Domain, Lookup, Microsoft Internet Explorer, Web Browser, Domain Name, Flaw, Rob, Flash, XmlHttp Request, Kicker, Domain Names, Web Browsers, Networking, Internet, Nathan McFeters

Blog posts 2008-04-09

War of words over alleged Firefox vulnerability

War of words over alleged Firefox vulnerabilityInteresting...I don't know, but I suspect...I suspect the Mozilla guy is right this time. Since the just-fixed vulnerability dealt with exactly this issue, I find it hard to believe that the team did not test this very thing. I am betting that...

Tags: Web browsers, SECURITY, Ryan, vulnerability, Mozilla Firefox, Firefox vulnerability

Discussion threads 2008-02-11

News to know: Microsoft's new language; Yahoo saga; Apple; Vulnerability counts

Notable headlines: Mary Jo Foley: Microsoft declares its modeling love with a new language, ‘D’ Larry Dignan: Yahoo's conundrum: White knights are hard to find Dan Farber: Mitch Kapor: Microsoft+Yahoo, major integration challenge David Morgenstern: Will Microsoft support Windows on Macs?...

Tags: Larry Dignan, Mobile, Yahoo! Inc., Dana Blankenhorn, Apple Inc., Microsoft Corp., Data Centers, Advertising & Promotion, Storage, Hardware, Data Management, Marketing

Blog posts 2008-02-06

Microsoft confirms Excel flaw; outlines defense

Microsoft confirms Excel flaw; outlines defenseMister Dignan , who cares ? Certainly not I .I steer clear from every product that company makes .You forgot an importantand largely overlooked work-around: Use Open Office to view and save the Excel file. OO 2.3 can open and save Excel files from Excel...

Tags: MICROSOFT JUST, Office 2003 SP3, Microsoft Corp., Microsoft Office, OpenOffice, Microsoft confirms Excel flaw, Microsoft Excel, Microsoft confirms Excel, Microsoft Confirms, Microsoft Office 2007

Discussion threads 2008-01-16

US-CERT warns of Microsoft Access Database attacks

US-CERT warns of Microsoft Access Database attacksOh Nelly ,,,This is a no show . According to the Microsoft Zealots/Shills and what have you nots , that if this hasn't exploited their machine then it is non-existant .Just in, Hackers use code to Hack computers...Umm, can you say DUH?Affects ONLY one...

Tags: Microsoft Office, Databases, database, Acces, Microsoft Access, attack, Microsoft Corp.

Discussion threads 2007-12-12

Microsoft to 'killbit' MSXML4

Less than six months after the discovery of zero-day attacks against Microsoft XML Core Services 4.0, Microsoft plans to "killbit" MSXML4 and completely remove the XML parser from its download center.The killbit, also known as a registry key update, applies to Internet Explorer only and is expected to happen in...

Tags: XML, SECURITY, MSXML4, Microsoft Corp.

Blog posts 2007-03-26

Flaw found in Office 2007

Flaw found in Office 2007Flaw found in Office 2007What it comes down to is that there is almost no threat at all. A security research company found the flaw, told Microsoft and bypassed releasing the details to the public. Hackers don't know how to exploit it. Most...

Tags: SECURITY, OpenOffice, OOo, Microsoft Corp., Microsoft Office, flaw, Microsoft Office 2007

Discussion threads 2007-02-23

News to know: Meet Google Office; iPhone settlement; Vista-IE security

Notable headlines: Apple, Cisco settle iPhone trademark lawsuit. Techmeme discussion.Donna Bogatin: Google undercuts Microsoft Office. Subscription-based Google Apps for businesses ready. Garett Rogers: Google Spreadsheets to get charts as early as tomorrow? Techmeme discussion.David Berlind: Will Vista, IE security make the Web harder to use? Gallery left.Russell Shaw: BlackBerry...

Tags: General

Blog posts 2007-02-22