Tag: vulnerability

News

Twitpic fixes vulnerability after Britney Spears dies on Twitter!

Post author By Swati
Post date June 30, 2009

This has been a week of tragic celebrity deaths (Michael Jackson, Billy Mays, Farrah Fawcett and Ed McMahon). And a couple of days back, it was the pop princess Britney Spears! Well, rather a Tweet (with a Twitpic) on her official Twitter page that read the following:

“Britney has passed today. It is a sad day for everyone. More news to come.”

Well… well… Pranksters get weird kicks hacking accounts and posting wicked stuff.

The Tweet was deleted in no time, but the message did make it to Britney’s account. A message was also sent out her fans through Twitter itself setting clarifying that the news wasn’t true.

“Britney’s Twitter was just hacked. The last message is obviously not true. She is fine and dandy spending a quiet day at home relaxing.”

Apparently, it was reported that several Twitter accounts of celebrities including Ellen DeGeneres and Diddy were hacked that day, which displayed fake death announcements.

Apart form the Twitter account of Britney Spears, others hacked were the accounts of George Clooney, Miley Cyrus, Ellen DeGeneres, Harrison Ford, Natalie Portman, Diddy, and Jeff Goldblum, etc. spreading their fake death reports.

Twitpic had discovered a vulnerability in their mobile posting system where someone can brute force someone’s twitpic email address (i.e. guess their PIN number by trying every combination). Twitpic seems to have patched the vulnerability now that saw Britney Spears’ Twitter account report her death.

This is the second time Britney Spears has fallen prey to the Internet hackers on Twitter. Last time it was in January when hackers posted a series of “adult-only” messages on her page.

Wonder what Britney has to say about this… Hit me baby one more time?

Tags Hacking, Internet, Twitter, vulnerability

News

More security issues with Google Chrome

Post author By Swati
Post date May 7, 2009
7 Comments on More security issues with Google Chrome

Very recently, I had written about Security Problems with Google Chrome and how a FIX had been released to resolve the issue. But it appears that within a span of two weeks, Google Chrome has been updated with two more security patches, to fix a pair of vulnerabilities, one being critical and the other high risk.

Vulnerabilities

Critical: An attacker might be able to run code with the privileges of the logged on user.
High: An attacker might be able to run arbitrary code within the Google Chrome sandbox.

Silent Updates

Google Chrome is released as a silent update, meaning that the browser patches itself without the user’s knowledge.

Google Chrome Security Fixes

CVE-2009-1441: Input validation error in the browser process

A failure to properly validate input from a renderer (tab) process could allow an attacker to crash the browser and possibly run arbitrary code with the privileges of the logged on user. To exploit this vulnerability, an attacker would need to be able to run arbitrary code inside the renderer process.

ADVERTISEMENT

Mitigation: An attacker would need to be able to run arbitrary code in the renderer process.

CVE-2009-1442: Integer overflow in Skia 2D graphics

A failure to check the result of integer multiplication when computing image sizes could allow a specially-crafted image or canvas to cause a tab to crash and it might be possible for an attacker to execute arbitrary code inside the (sandboxed) renderer process.

Mitigation:

A victim would need to visit a page under an attacker’s control.

Any code that an attacker might be able to run inside the renderer process would be inside the sandbox

(Source: GoogleChromeReleases)

Tags Chrome, Google, Internet, Internet Explorer, Security, Tips & Hacks, vulnerability

News

Adobe Security Updates on May 12

Post author By Swati
Post date May 7, 2009

Last month, Adobe’s Product Security Incident Response Team (PSIRT) announced potential vulnerability in Adobe Reader 9.1 and 8.1.4 and had urged users on all platforms to disable JavaScript.

Since then, many have been eagerly awaiting Adobe security patches so that the issue can be fixed. Adobe has set a May 12 date for the delivery of patches to fix the vulnerability in its Adobe Reader and Acrobat software products.

PSIRT says:

“We are in the process of fixing the issue, and expect to make available product updates for the relevant supported Adobe Reader and Acrobat versions and platforms by May 12th, 2009.

ADVERTISEMENT

Additionally, we have confirmed the second vulnerability (CVE-2009-1493) for Adobe Reader for Unix. This issue will be resolved in the upcoming Adobe Reader for Unix updates. Currently, we have not been able to reproduce an exploitable scenario for Windows and Macintosh, but we will continue to investigate.”

Adobe Upcoming Updates:

Window updates for Adobe Reader versions 9.X, 8.X, and 7.X
Window updates for Acrobat versions 9.X, 8.X, and 7.X
Macintosh updates for Adobe Reader versions 9.X and 8.X
Macintosh updates for Acrobat versions 9.X and 8.X
Adobe Reader for Unix versions 9.X and 8.X.

In the meantime, continue to keep your JavaScript in Adobe PDF Reader disabled. To know how you could do that, read my earlier post: Disable JavaScript in Adobe PDF Reader!

If you still think Adobe Reader could be a “risk” to your machine, then do consider using an alternate program.

(Source: Adobe Blog)

Tags Adobe, Internet, Javascript, Security, Tips & Hacks, vulnerability