Cookie Data in IE Can Be Exposed or Altered Through Script Injection

Security 10918 Published by Philipp Esselbach 0

Web sites use cookies as a way to store information on a user's local system. Most often, this information is used for customizing and retaining a site's setting for a user across multiple sessions. By design each site should maintain its own cookies on a user's machine and be able to access only those cookies.

A vulnerability exists because it is possible to craft a URL that can allow sites to gain unauthorized access to user's cookies and potentially modify the values contained in them. Because some web sites store sensitive information in a user's cookies, it is also possible that personal information could be exposed.

Read more

MS IIS stays on top

Security 10918 Published by Philipp Esselbach 0

The prestigious SANS Institute in Bethesda, Maryland, working with the FBI, has developed a top 20 list of common vulnerabilities that leave Internet sites open to attacks. The list includes descriptions of the vulnerabilities, the recommended means to fix them, and descriptions of any products that managers can use to help plug the holes or check to confirm that things are fixed.

Read more

Personal Firewalls Spring Security Leaks

Security 10918 Published by Philipp Esselbach 0

Thanks CestLaVie for this one:

Software firewalls deployed by millions of PC users offer only illusory protection against Trojan horses and other malicious programs, security experts warned today.

Techniques for defeating the outbound data filters in popular personal firewalls such as Zone Alarm and Norton Personal Firewall have been independently posted on the Web by several researchers. Using the methods described, a rogue program could upload private user data without being detected by the firewall, the experts claim.

Read more

Basic Security Checklist for Home and Office Users

Security 10918 Published by Philipp Esselbach 0

Thanks CestLaVie for this one:

As the complexity of information systems increases, security decreases. For example, Microsoft Word macro viruses and e-mail script viruses play upon the ease of use features embedded within Microsoft products. Such software is very complex, prone to containing multiple bugs and security vulnerabilities. Unfortunately, current trends indicate that software will become increasingly complex and less secure (even though measures are being taken to make them more secure). As the number of users on home and business networks naturally increases, the importance of user education rises accordingly. Security checklists offer a framework of secure behavior that can and should be implemented by all users, regardless of their level of expertise, the sophistication of application being used of the context in which it is being used.

Read more

Microsoft: No relief from security attacks

Security 10918 Published by Philipp Esselbach 0

Microsoft's security response center must be feeling a little punch-drunk these days.

After the one-two combination of the Code Red and Nimda worms that targeted the company's server and PC software this past summer, the titan announced an initiative in early October to promote security-savvy administration among its partners.

Read more

Invalid Universal Plug and Play Request can Disrupt System Operation

Security 10918 Published by Philipp Esselbach 0

The Universal Plug and Play (UPnP) service allows computers to discover and use network-based devices. Windows ME and XP include native UPnP services; Windows 98 and 98SE do not include a native UPnP service, but one can be installed via the Internet Connection Sharing client that ships with Windows XP.

A vulnerability results because the UPnP service does not correctly handle certain types of invalid UPnP requests. On Windows 98, 98SE, and ME systems, receiving such a request could cause a variety of effects ranging from slow performance to system failure. On Windows XP, the effect is less serious as the flaw consists of a memory leak. Each time a Windows XP system received such a request, a small amount of system memory would become unavailable;
if repeated many times, it could deplete system resources to the point where performance slowed or stopped altogether.

Read more

New Nimda worm offshoot spreading

Security 10918 Published by Philipp Esselbach 0

A new variant of the Nimda worm has started spreading slowly throughout the Asia-Pacific region, antivirus experts said Tuesday.

The variant, called Nimda.E, spreads using the same methods as the original worm, but its files have been renamed to mimic existing Windows files.

Read more

Redesi Worm

Security 10918 Published by Philipp Esselbach 0

Thanks CestLaVie for this one:
Kaspersky Labs, an international data-security software developer, reports the detection of a dangerous new Internet-worm Redesiā€ that spreads via e-mail and disguises its malicious intentions as a security patch for Microsoft products.

Read more

Invalid RDP Data can Cause Terminal Service Failure

Security 10918 Published by Philipp Esselbach 0

The implementation of the Remote Data Protocol (RDP) in the terminal service in Windows NT 4.0 and Windows 2000 does not correctly handle a particular series of data packets. If such a series of packets were received by an affected server, it would cause the server to fail. The server could be put back into normal service by rebooting it, but any work in progress at the time of the attack would be lost.

It would not be necessary for an attacker to be able to start a session with an affected server in order to exploit this vulnerability - the only prerequisite would be the need to be able to send the correct series of packets to the RDP port on the server.

Read more

Previous Page

Next Page

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...