Scary Beasts Security

MARCH 5, 2011

This is fixed in the recently released Foxit PDF Reader v4.3.1.0218. That release is marked as an important security update , although this file bug is not mentioned. Recently, I've been playing around with the various JavaScript APIs available in various different PDF readers. In case you wanted to do the same, I made some little tools, including a simple one to execute PDF-based JS via an URL: [link] The serious bug I found in Foxit PDF Reader permits arbitrary files to be written with arbitra

50

50

Elie

MARCH 8, 2011

Since I started doing research on CAPTCHA security two years ago, I have relentlessly collected samples of all the different schemes I have encountered. In this blog post, I want to share with you five of the most crazy, funny, and interesting schemes I collected.

48

48

Scary Beasts Security

MARCH 9, 2011

It's not often that I find a bug that affects multiple different codebases in the same way, but here is an interesting info-leak bug that is currently unpatched in Firefox, Internet Explorer and Safari. I'm releasing it now for a few reasons: The bug was already publicly noted here. This bug cannot damage anyone in and of itself; it's a low severity info-leak that does not corrupt anything.

Internet 50

Internet Internet 50

Scary Beasts Security

MARCH 8, 2011

I did a bunch of fairly interesting things with my corporate hat on today (not to be confused with any of my personal research ;-) Firstly, Chrome 10 went out with a record $16k+ series of rewards. It's continually humbling to see such a wide range of researchers and a wide range of bug categories! [link] Also, there are some nice new security pieces in Chrome 10.

50

50

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk