Coincidence or just sheer luck, but I just happened to stumble upon this article announcing that Google has come up with a widget that serves advertisements, and quoting the source: “A variety of web technologies can be used to create the ad, including Flash and HTML to author it, and RSS, images, video, and audio [...]
Posts under ‘Finjan’
Hitting the nail on the head
When we here at the MCRC are publishing our quarterly trends reports (http://www.finjan.com/Content.aspx?id=827), we are always facing the possibility that what we have been working on and predicting that would become the next issue with web security, isn’t really going to happen. Fortunately, we keep getting great feedback from the community since we started the [...]
The perils of running a security blog
This is a bit off-the-beaten-path of this blog’s usual in-depth hardcore security posts. I was going through some of the support related emails that have some relevance to the areas I’m responsible for, and found a pretty interesting correspondence between an avid blog reader (for privacy I’m not going to mention his/her name), and one [...]
Vista Sidebar Vulnerability
Or how a contact may get too close for comfort… It’s finally here. August 14th, and we are finally in liberty to talk about the vulnerability in the Vista Sidebar Contacts Widget. As you may or may not know – when we presented “The Inherent Insecurity of Widgets and Gadgets” a few days ago at [...]
Post BlackHat, pre DefCon
So it’s been a really hectic couple of days here in Vegas. We are here (myself and 2 members of MCRC – Aviv & Amir), running between presentations, and handling booth/media traffic. The really interesting trend here is the amount of research that touched web security (in the sense that we at Finjan are focused [...]
Malicious space on MySpace
Last Wednesday (June 13th), SecureBrowsing has alerted us on a “cute” MySpace profile being used as a malicious code attack vector. This is not the first catch by SecureBrowsing, but to see one on MySpace this late into 2007 was a bit of a surprise. We have been talking about the risks of Web2.0 in [...]
Have something to hide? make a lot of noise about it!
There has been a lot of noise on the web over the past few days in regard to the MPack toolkit being used in the Italy region. Everyone has been talking about it vigorously: From the washington post, WebSense, TrendMicro, so eventually even Slashdot picked up on it. The interesting thing is, no one is [...]
Malicious code, exploit vectors or top-programmer job?
What would you say if you saw one of these code snippets in a website you browse to: dim tass Set tass = CreateObject(“CnsHelper.CH”) If IsObject(tass) then HasCns = true else HasCns = false end if or: function winIE5upPlyrDetect(){ var playerAxObj; var iectlAxObj; try{ iectlAxObj = new ActiveXObject(“Shell.Explorer”); } catch(e){ } try{ or: var fs [...]
Google’s “Ghost in a Browser”, WebSense, and more…
First things first – big Kudos to Google for their research paper. We at MCRC have found it to be very reassuring for us – now we know we are not the only nuts out there running around in the security arena and wondering how come nobody sees the imminent threats described in the paper. [...]
Tying it all up – explosive exploits…
The funniest thing happened yesterday – at a watercooler conversation our CTO informs us of a site that uses techniques from almost all of our trend reports (which means we are right as usual…). The interesting part was that it was one of those “iframe” sites that give you a small iframe html code to [...]