Author: iamit
-
Vista Sidebar Vulnerability
Or how a contact may get too close for comfort… It’s finally here. August 14th, and we are finally in liberty to talk about the vulnerability in the Vista Sidebar Contacts Widget. As you may or may not know – when we presented “The Inherent Insecurity of Widgets and Gadgets” a few days ago at…
-
Post BlackHat, pre DefCon
So it’s been a really hectic couple of days here in Vegas. We are here (myself and 2 members of MCRC – Aviv & Amir), running between presentations, and handling booth/media traffic. The really interesting trend here is the amount of research that touched web security (in the sense that we at Finjan are focused…
-
Malicious space on MySpace
Last Wednesday (June 13th), SecureBrowsing has alerted us on a “cute†MySpace profile being used as a malicious code attack vector. This is not the first catch by SecureBrowsing, but to see one on MySpace this late into 2007 was a bit of a surprise. We have been talking about the risks of Web2.0 in…
-
Have something to hide? make a lot of noise about it!
There has been a lot of noise on the web over the past few days in regard to the MPack toolkit being used in the Italy region. Everyone has been talking about it vigorously: From the washington post, WebSense, TrendMicro, so eventually even Slashdot picked up on it. The interesting thing is, no one is…
-
Malicious code, exploit vectors or top-programmer job?
What would you say if you saw one of these code snippets in a website you browse to: dim tass Set tass = CreateObject(“CnsHelper.CH”) If IsObject(tass) then HasCns = true else HasCns = false end if or: function winIE5upPlyrDetect(){ var playerAxObj; var iectlAxObj; try{ iectlAxObj = new ActiveXObject(“Shell.Explorer”); } catch(e){ } try{ or: var fs…