[vulnerability] Forum Topics

Hello everyone! So I am using a mac, and while I am not using any applications that require a webcam (like skype or video chat clients), I see a red dot on my webcam. Does this mean my webcam is on and spying on me? If so, what should I …

*Story happens in imaginary universe, but I'm using current time "relativation".* vmWare Player type of application (but for free). I consider adding it to Open Source because everybody is saying how great it is and how fast bugs can be fixed. There's couple stories to be told: **Side of Manager** …

According to a [SecureList posting](https://securelist.com/blog/69462/darwin-nuke/) dated April 10th, researchers Anton Ivanov, Andrey Khudyakov, Maxim Zhuravlev and Andrey Rubin discovered a vulnerability in the Darwin kernel back in December 2014. Why is this of interest? Well, the Darwin kernel is an open source part of both the Apple operating systems. The …

It's that time of year again, and the latest [Secunia Vulnerability Review](http://secunia.com/vr2015/) has been published. This analysed anonymous data gathered from scans right across 2014 of millions of computers which have Secunia Personal Software Inspector (PSI) installed and revealed some interesting statistics. On average, the computers used by the people …

The recently revised Facebook community standards page states that the social network is on a mission "to give people the power to share and make the world more open" however it appears that it may have been giving the wrong people the power to share stuff you thought was private. …

Spring has been getting rather unseasonably hot for Apache users as far as security flaws go. First there was news of how the FREAK (Factoring Attack on RSA-EXPORT Keys) vulnerability could impact Apache. For more on FREAK see this [excellent analysis](http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html) by Matthew Green, a cryptographer and research professor at …

Chinese computer manufacturer [Lenovo has admitted](http://support.lenovo.com/us/en/product_security/superfish) that it installed an adware component called Superfish on 16 million PCs shipped between September 2014 and February 2015 in order to "help customers potentially discover interesting products while shopping" according to an official statement made by the company. Although there is some argument …

A 22 year old vulnerability, yes you read that right, has been discovered which some security experts suggest could be bigger than Heartbleed. The bug, reported as '[CVE-2014-6271:remote code execution through bash](http://seclists.org/oss-sec/2014/q3/649)' relates to how environment variables are processed: with trailing code in function definitions being executed independently of the …

So it seems that an Internet Explorer zero day vulnerability allowed the back door to be opened that resulted in the [URL="http://www.daniweb.com/news/story252590.html"]hack attack on Google[/URL] and many others that has received such publicity this week. According to [URL="http://siblog.mcafee.com/cto/operation-%E2%80%9Caurora%E2%80%9D-hit-google-others/"]McAfee[/URL] it has identified an Internet Explorer vulnerability as being one of the …

A Drupal security advisory, [SA-CORE-2014-005](https://www.drupal.org/SA-CORE-2014-005), rather embarrassingly states that: > Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. …

Hardly a week goes by without yet another press release hitting the desk of your technology journalist, or research flag being raised amongst the IT Security profession, that claims Android is insecure. What Android actually is, just like Windows on the desktop in fact, is a big and attractive target; …

FireEye security researchers are warning that they have [detected a new zero-day vulnerability](http://blog.fireeye.com/research/2013/02/yaj0-yet-another-java-zero-day-2.html) that is being used successfully in the wild against browser clients with both Java 6u41 and Java 7u15 installed. Given that the Java 7 update was only released a couple of weeks ago, this is yet more …

Reports are coming in thick and fast about 'state-sponsored' zero-day exploits hitting business websites in the UK. The latest, disclosed yesterday by [SophosLabs](http://nakedsecurity.sophos.com/2012/06/20/aeronautical-state-sponsored-exploit/), involves an as yet unnamed European aeronautical parts supplier and follows on from another the day before involving a European medical company site. In both cases the …

Hi, a question about stand-alone Java applications that do not have a background DB. In our Uni class we were asked to build a very small application using JOptionPane methods such as "showInputDialog". The application asks for users name and birthdate and at the end displays a summary of these …

guys i just read a vulnerability in the calculator of windows. vulnerability is like this: *) open calculator *) type 4 and then take its square *) then minus two from the result shocked.... answer should be 0 but it shows a different answer.. please help me on this.

Just because security holes and vulnerabilities get reported to software vendors doesn't mean they are actually patched. A new report from IBM's X-Force security team found that of all the software holes reported in the first half of this year, more than half are still unpatched. IBM's X-Force report is …

Most people seem to think that Microsoft is the most insecure vendor while Apple reigns supreme at the top of the good security league. However, a new security report would appear to turn that assumption on its head, claiming that when it comes to the vendor with the most vulnerabilities …

With the annual Pwn2Own hacking event due to kick off tomorrow, Mozilla has confirmed that Firefox 3.6 has an unpatched critical vulnerability. The fact that Pwn2Own competitors will not be able to exploit this vulnerability to claim the Firefox hacking prize will be of no interest to the millions of …

According to figures revealed with the publication of the [URL="http://www.ibm.com/security/xforce"]IBM X-Force 2009 Trend and Risk Report[/URL], not only do web application vulnerabilities remain the largest category of security disclosure for the last year but, worryingly when you consider that the number of such vulnerabilities found by organisations has not decreased …

Last month, a [URL="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555"]vulnerability in SSL and TLS[/URL] was announced. Almost immediately thereafter, it was [URL="http://www.securityfocus.com/news/11564"]successfully exploited to obtain Twitter account passwords[/URL]. The vulnerability affects most existing implementations of SSL 3.x and TLS 1.x in existing https web servers and browsers, but also in other servers that use SSL, such …

Still using Adobe Acrobat or Adobe Reader? Maybe it is time to switch to something that's not glowing red on the bad guy radar, or which is more securely coded depending upon how you look at these things. Yes, Adobe has admitted that there is yet another possible zero-day vulnerability …

Microsoft on Tuesday is set to release six security updates, three of which it has deemed critical and apply only to versions of Windows other than Windows 7. Microsoft released advance notice of its [url=http://www.microsoft.com/technet/security/Bulletin/MS09-nov.mspx]Security Bulletin for November[/url], on Nov. 5. The bulletin itself will be released on Tuesday along …

The bad guys of the IT business are always looking for the most effective ways to infect the innocent Internet user, and increasingly that means turning to commonly used web browser plug-ins such as Flash or PDF readers. A couple of years ago we were [URL="http://www.daniweb.com/blogs/entry1537.html"]reporting critical vulnerabilities[/URL] for all …

A group of over 30 organizations including the Department of Homeland Security, Microsoft, and Symantec collaborated recently on a security project designed to identify the [URL="http://www.sans.org/top25errors//?cat=top25"]top 25 coding errors[/URL] programmers make when building Web sites. Since many of the mistakes can leave sites vulnerable to to cyber crime, it's a …

Isn't anything safe from hackers? Now they've apparently found a way to hack into systems through a media stream, threatening users with denial of service attacks that can bring down servers and desktops alike. The vulnerability was reported yesterday by VoIPshield Laboratories, a security tools maker in Canada. The flaws …

Microsoft yesterday released a [url=http://support.microsoft.com/kb/954593]security update[/url] intended to fix eight critical vulnerabilities in as many as 42 Windows apps and components, including IE6, Media Player, Office, SQL Server and Visual Studio. The patch was made available before they could be discovered and exploited by malicious hackers, or at least before …

The Advanced Research Team of security tools vendor Ounce Labs has identified two vulnerabilities in the Spring framework for Java. The vulnerabilities have the potential, the team says, to allow an attacker to “subvert the expected application logic and behavior,” and gain control of an application and access any personal …

Heads up users of Yahoo Mail. A cross-site scripting vulnerability has been discovered that could allow hackers to steal a user’s session IDs and ultimately private information, according to [URL=http://blog.cenzic.com/public/item/207752]a report[/URL] yesterday from security risk assessment firm Cenzic. In an excerpt from the Cenzic blog post, the company reports: “If …

[URL="http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/"]Multiple arbitrary code execution vulnerabilities in Ruby[/URL] have been revealed by the [URL="http://www.apple.com/support/security/"]Apple Product Security[/URL] team which could lead to Denial of Service attacks. A total of five vulnerabilities have been reported, with versions impacted being: [INDENT]1.8.4 and all prior versions 1.8.5-p230 and all prior versions 1.8.6-p229 and all prior …