Feedly app left attack window open for malicious JavaScript hackers according to one security researcher. Security consultant and blogger Jeremy S [revealed](http://breaktoprotect.blogspot.in/2014/04/feedly-android-application-zero-day.html) that the Feedly Android app, or at least the version prior to the update on March 17th 2014, had been subject to a zero-day JavaScript code injection vulnerability. Jeremy reported the discovery to the Feedly developers who patched the vulnerability within 24 hours, ethical disclosure working at its best if you ask me. The Singapore based researcher explained that the code injection was possible from an RSS feed into the app itself as the Feedly app didn't sanitize …

Member Avatar
+0 forum 0

Dana Tamir, Enterprise Security Director for [Trusteer](http://www.trusteer.com/) has recently uncovered a variation of the TorRAT banking data malware which has been actively configured to target Twitter users. The attack works by "injecting Javascript code into the victim’s Twitter account page" Tamir says, adding that the malware "collects the user’s authentication token, which enables it to make authorized calls to Twitter's APIs, and then posts new, malicious tweets on behalf of the victim". These tweets are used, of course, to spread the malware within the social networking circle by leveraging the trust that is implicit in such networks. Twitter users, generally …

Member Avatar
Member Avatar
+2 forum 2

A minor update to the 1.6 version of jQuery was just released today. After a big outcry of version 1.6's changes to the way properties work, the jQuery team quickly released version 1.6.1 to make the new techniques more compatible with the older functionality, hopefully preventing sites from breaking. The release also fixed some bugs, as did version 1.6.2. And now 1.6.3 also fixes several bugs, along with one change that some people will find disappointing: They dropped support for the requestAnimationFrame API. When 1.6 came out, support for requestAnimationFrame was added to allow for smoother animation. However, requestAnimationFrame itself …

Member Avatar
Member Avatar
+0 forum 2

Most of the reports out yesterday about the release of [URL=http://www.microsoft.com/ie8]Internet Explorer 8[/URL]Beta 2 focused on its so-calledInPrivate Browsing, which leaves no trace of the Web sites you visit and protects anonymity. And while that's certainly useful, developers are likely to be more interested in its improvements in DOM and HTML 4.01 cross-browser inconsistencies, new Ajax features and news that IE8 passes the [URL=http://acid2.acidtests.org/]Acid2 test[/URL] for accurate browser rendering. Microsoft on Wednesday made available for [URL=http://www.microsoft.com/windows/internet-explorer/beta/]download the latest IE 8 beta[/URL], which it says includes fixes to "the get/set/remove Attribute,default attributes, Attribute object and the <Q> tag." The company also …

Member Avatar
Member Avatar
+0 forum 2

I read a [URL="http://www.infoworld.com/d/open-source/open-source-innovation-the-cutting-edge-582"]story[/URL] this morning over at [URL="http://www.infoworld.com"]Infoworld.com[/URL] that shocked me a bit. Neil McAllister discusses how proprietary software companies, like [URL="http://www.microsoft.com"]Microsoft[/URL], criticize open source projects by saying that, "They don't innovate, they copy." Is that really the consensus for an entire software realm that brought us the [URL="http://www.w3.org"]world wide web[/URL], TCP/IP, [URL="http://www.sendmail.org"]sendmail[/URL], DNS, DHCP, [URL="http://www.perl.org"]Perl[/URL], [URL="http://www.php.net"]PHP[/URL], [URL="http://www.apache.org"]Apache[/URL], HTML and basically everything else that we use on the Internet today? Is that really the stance they want to take? Neil also gives us seven major open source projects that are not knockoffs of Microsoft's knockoffs. But, instead of focusing …

Member Avatar
Member Avatar
+1 forum 7

The MIX10 Microsoft Developer Conference is always good for a laugh or two, but just who was rolling on the floor after the IE9 preview code was revealed? Certainly Microsoft is deadly serious about Internet Explorer: The Next Generation. So serious that it has apparently created a new development team dedicated to the project which promises to be less a case of feature creep and more a matter of proving that it is truly committed to the whole IE browser brand in the face of stiff, and innovative, competition from both Mozilla and perhaps especially Google in the form of …

Member Avatar
+0 forum 0

What if you had access to the millions of tweets that flow to and from Twitter users every day? Perhaps you'd build something like [url=http://www.daniweb.com/news/story240308.html]PostRank[/url], which amasses them along with other data from social media sites to trackcyber-reaction to posted articles. Or maybe you would filter them by demographic and figure out a way to sell targeted banner ads. The sky's the limit, so you might want to start noodling. According to Twitter platform director Ryan Sarver, speaking this week at the [url=http://www.leweb.net/]Le Web[/url] conference in Paris, access to its data stream is about to get easier. On Wednesday, Sarver …

Member Avatar
Member Avatar
+0 forum 1

With all the libraries available that have emerged, Java and Ajax applications practically build themselves these days. This week Java tool maker Instantiations added support for Ext GWT to [url=http://www.instantiations.com/gwtdesigner/]GWT Designer 7.2[/url], the latest version of its Eclipse-based drag-and-drop GUI-building environment that can be had for as little as $5 a month. Also known as GXT, [url=http://www.extjs.com/products/gxt/]Ext GWT[/url] builds on the [url=http://code.google.com/webtoolkit/]Google Web Toolkit[/url], adding a slew of customizable UI widgets and CSS-based themes, plus full documentation and backward compatibility. It's made by Ext LLC. And if you're currently building Web apps and you haven't hard of them, a look …

Member Avatar
+1 forum 0

The bad guys of the IT business are always looking for the most effective ways to infect the innocent Internet user, and increasingly that means turning to commonly used web browser plug-ins such as Flash or PDF readers. A couple of years ago we were [URL="http://www.daniweb.com/blogs/entry1537.html"]reporting critical vulnerabilities[/URL] for all Adobe Flash platforms, and towards the end of last year there were [URL="http://www.itwire.com/content/view/21493/53/"]reports[/URL] of a critical vulnerability in Adobe Reader. Cue Jaws soundtrack: just when you thought it was safe to go back in the Adobe PDF water. According to an [URL="http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html"]official Adobe security warning[/URL] "All currently supported shipping versions …

Member Avatar
Member Avatar
+1 forum 1

In another interesting development showing that open source truly has a place in corporate computing, Microsoft announced on Sunday that it will be adding the JQuery JavaScript library to ASP.NET. The move came after many ASP.NET developers requested similar features to those that JQuery provides. According to Scott Guthrie of Microsoft, the JQuery library will ship with Visual Studio, and a download will be available in the coming weeks to add the library to the latest version of Visual Studio and Visual Web Developer Express (with service pack 1 installed). Microsoft will add intellisense support for the library, but will …

Member Avatar
Member Avatar
+0 forum 1

I am not an easily shockable person. Anyone who knows me, anyone who has seen me, will understand this. Indeed, other than the usual trio of sexual or racial abuse and mindless violence it takes a lot to drop my jaw in shame and despair while browsing the web. However, a bunch of numbnut griefers managed to achieve just that over the weekend when they used a combination of JavaScript coding and flashing animations with the intent to trigger fits amongst the users of an [URL="http://www.epilepsyfoundation.org/efforums/forum/index.cfm"]epilepsy support website[/URL]. [URL="http://www.theinquirer.net/gb/inquirer/news/2008/03/31/epilepsy"]According to reports[/URL] one user suffered her worst epileptic attack in 12 …

Member Avatar
Member Avatar
+0 forum 5

The End.