Vulnerability

Avoiding Weak Passwords

by certifiedbug on December 6, 2013

in Microsoft

Microsoft Research
Avoiding Vulnerable Passwords—and Rules, Too
Telepathwords

Snippet:

The free online research tool, launched Dec. 5, is called Telepathwords. Users can visit the project website and test the strength of their passwords—current ones, past ones, or ones they’re considering using.

“The system doesn’t ask the user to learn anything up-front or follow any specific rules,” Schechter says. “Rather, as you type each key of your intended password, it displays the characters it thinks you’re most likely to type next. If it succeeds in predicting one or more characters of the rest of your password, the evidence that these characters are predictable will be right in front of your eyes.”

Read the complete article: http://research.microsoft.com/en-us/news/features/telepathwords-120513.aspx

{ 0 comments }

Firefox 14.0.1 released

by certifiedbug on July 17, 2012

in Browser

Release notes: http://www.mozilla.org/en-US/firefox/14.0.1/releasenotes/

If you do not receive an update notice when using the application, select “Check for Updates” from the Help menu.

Or download: https://www.mozilla.com/firefox/all.html

{ 0 comments }

Firefox 13.0.1 released

by certifiedbug on June 16, 2012

in Browser

Release notes: https://www.mozilla.org/en-US/firefox/13.0.1/releasenotes/

Flash 11.3 sometimes caused a crash on quit (747683*, fixed in 13.0.1

https://bugzilla.mozilla.org/show_bug.cgi?id=747683

Flash crashed after I updated Firefox to version 13.0.1.

http://www.zdnet.com/blog/btl/firefox-users-still-waiting-for-flash-crash-fix/80305

If you do not receive an update notice when using the application, select “Check for Updates” from the Help menu.

Or download: https://www.mozilla.com/firefox/all.html

{ 0 comments }

Microsoft Security Advisory (2719615)

by certifiedbug on June 15, 2012

in Microsoft

Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution

Published: Tuesday, June 12, 2012

Microsoft is aware of active attacks that leverage a vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker’s website. The vulnerability affects all supported releases of Microsoft Windows, and all supported editions of Microsoft Office 2003 and Microsoft Office 2007.

The vulnerability exists when MSXML attempts to access an object in memory that has not been initialized, which may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user.

We are actively working with partners in our Microsoft Active Protections Program(MAPP) to provide information that they can use to provide broader protections to customers. For information about protections released by MAPP partners, see MAPP Partners with Updated Protections.

Upon completion of our investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

Please see the complete article:
http://technet.microsoft.com/en-us/security/advisory/2719615

A Microsoft Fix it solution is available that blocks the attack vector for this vulnerability. Microsoft encourages customers running an affected configuration to apply the Fix it solution as soon as possible.

http://support.microsoft.com/kb/2719615

https://www.zdnet.com/blog/security/state-sponsored-attackers-using-ie-zero-day-to-hijack-gmail-accounts/12462

{ 0 comments }

Firefox 13.0 released

June 6, 2012

Fixed in Firefox 13 MFSA 2012-40 Buffer overflow and use-after-free issues found using Address Sanitizer MFSA 2012-39 NSS parsing errors with zero length items MFSA 2012-38 Use-after-free while replacing/inserting a node in a document MFSA 2012-37 Information disclosure though Windows file shares and shortcut files MFSA 2012-36 Content Security Policy inline-script bypass MFSA 2012-35 Privilege […]

Read the full article →

Microsoft Security Intelligence Report Volume 12 Released

April 25, 2012

Microsoft Security Blog Today we released the latest volume of the Microsoft Security Intelligence Report (SIR) containing a large body of new data and analysis on the threat landscape. This volume of the SIR includes:Latest industry vulnerability disclosure trends and analysis Latest industry vulnerability disclosure trends and analysis Latest data and analysis of global vulnerability […]

Read the full article →

Firefox 12.0 released

April 25, 2012

Fixed in Firefox version 12. MFSA 2012-33 Potential site identity spoofing when loading RSS and Atom feeds MFSA 2012-32 HTTP Redirections and remote content can be read by javascript errors MFSA 2012-31 Off-by-one error in OpenType Sanitizer MFSA 2012-30 Crash with WebGL content using textImage2D MFSA 2012-29 Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues MFSA 2012-28 […]

Read the full article →

Firefox and Thunderbird 11.0 released

March 16, 2012

http://www.mozilla.org/en-US/firefox/11.0/releasenotes/ https://www.mozilla.org/en-US/thunderbird/11.0/releasenotes/ Every six weeks, another Firefox train leaves the station. This week we will release another update, but not on Tuesday as we typically do. There are two reasons for this: This Tuesday is Microsoft’s scheduled monthly update to Windows, and those updates have interacted badly with our updates before. We don’t have reason […]

Read the full article →

Firefox and Thunderbird 10.0.2 released

February 17, 2012

Critical: MFSA 2012-11 libpng integer overflow http://www.mozilla.org/en-US/firefox/10.0.2/releasenotes/ https://www.mozilla.org/en-US/thunderbird/10.0.2/releasenotes/ If you do not receive an update notice when using the application, select “Check for Updates” from the Help menu. Download Firefox http://www.mozilla.org/en-US/firefox/all.html Download Thunderbird https://www.mozilla.org/en-US/thunderbird/all.html

Read the full article →

Firefox 9.0.1 released

December 30, 2011

The latest version of Firefox has the following changes: Added Type Inference, significantly improving JavaScript performance Improved theme integration for Mac OS X Lion Added two finger swipe navigation for Mac OS X Lion Added support for querying Do Not Track status via JavaScript Added support for font-stretch Improved support for text-overflow Improved standards support […]

Read the full article →