web security

Resolves a vulnerability in Windows Media Player that could allow remote code execution if Windows Media Player opened specially crafted media content hosted on a malicious Web site. More...

:(

It took Redmond 1 day to kill a threat that allowed users with a Firefox add-on (Tamper Data) to remotely reset the password of a Hotmail account and allowing them to access the outgoing HTTP request, then modify the data. Microsoft was notified April 20, 2012, applied the fix April 21...

The upcoming new OS will offer users the ability to store and retrieve their Web site and application passwords through Internet Explorer 10. Link Removed

Severity Rating: Important Revision Note: V1.0 (October 11, 2011): Bulletin published. Summary: This security update resolves five privately reported vulnerabilities in Forefront Unified Access Gateway (UAG). The most severe of these vulnerabilities could allow remote code...

Severity Rating: Important Revision Note: V1.0 (June 14, 2011): Bulletin published. Summary: This security update resolves a publicly disclosed vulnerability in the MHTML protocol handler in Microsoft Windows. The vulnerability could allow information disclosure if a user...

Severity Rating: Critical Revision Note: V1.1 (July 12, 2011): Announced a change to detection logic and corrected bulletin replacement information for some affected configurations. There were no changes to the security update files. See the Update FAQ for details. Summary...

This morning all my browsers have crashed, IE 9, FF and Chrome on my desktop. When it happened to IE, I thought it was a bug of some kind then checked w/FF and Chrome and they all went done. After restarting each browser they all work fine. I'm in the process of cleaning my system as we speak...

Mozilla Releases BrowserID Web Authentication System | threatpost

Severity Rating: Critical - Revision Note: V1.0 (June 14, 2011): Bulletin published.Summary: This security update resolves a privately reported vulnerability in Microsoft Windows Object Linking and Embedding (OLE) Automation. The vulnerability could allow remote code execution if a user visits a...

Severity Rating: Important - Revision Note: V1.0 (June 14, 2011): Bulletin published.Summary: This security update resolves a publicly disclosed vulnerability in the MHTML protocol handler in Microsoft Windows. The vulnerability could allow information disclosure if a user opens a specially...

Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft Windows Object Linking and Embedding (OLE) Automation. The vulnerability could allow remote code execution if a user visits a Web site containing a specially crafted Windows Metafile...

While Sony may have gotten its Playstation Network back online this week, other divisions of the Japanese business are still feeling hack attacks. The web site Naked Security reports that a hacker found his way into a data base at Sony Europe and took out "120 usernames, passwords (plain text)...

In computer science, session hijacking is the exploitation of a valid computer session (commonly known as a "session key") used to gain unauthorized access to information or services in a computer system. For example, when a user logs in to a web site, the user's PC is tagged with a session...

BOSTON (Reuters) – A computer security researcher has found a flaw in Microsoft Corp's widely used Internet Explorer browser that he said could let hackers steal credentials to access FaceBook, Twitter and other websites. He calls the technique "cookiejacking." "Any website. Any cookie...

Web applications increasingly integrate third-party services. The integration introduces new security challenges due to the complexity for an application to coordinate its internal states with those of the component services and the web client across the Internet. In this paper, we study the...

Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in the JScript and VBScript scripting engines. The vulnerability could allow remote code execution if a user visited a specially crafted Web site. An attacker would have no way to force users to...

Thousands of Web Sites Hit With New Twist on Old SQL Injection Hack Thousands of Web Sites Hit With New Twist on Old SQL Injection Hack | Arik Hesseldahl | NewEnterprise | AllThingsD A relatively simple hack has been used to compromise at least 500,000 Web sites, and perhaps as many as 1.5...

Microsoft has announced that Internet Explorer 9 (IE9) supports two separate technologies for restricting access to information related to a user's online activity. One of the privacy features was recently prompted by the Federal Trade Commission (FTC). Both technologies involve the way...

littlekorea writes "Microsoft's much-maligned Vista operating system has been named in the top three of 26 tools tested by the European Commission to filter out web content deemed inappropriate for children. The EC tests found that none of the 26 products enjoyed a 100 percent success rate...