This site uses cookies to improve your experience. By viewing our content, you are accepting the use of cookies. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country we will assume you are from the United States. View our privacy policy and terms of use.

March, 2011

article thumbnail

Dangerous file write bug in Foxit PDF Reader

Scary Beasts Security

MARCH 5, 2011

This is fixed in the recently released Foxit PDF Reader v4.3.1.0218. That release is marked as an important security update , although this file bug is not mentioned. Recently, I've been playing around with the various JavaScript APIs available in various different PDF readers. In case you wanted to do the same, I made some little tools, including a simple one to execute PDF-based JS via an URL: [link] The serious bug I found in Foxit PDF Reader permits arbitrary files to be written with arbitra

50
50
article thumbnail

Five surprising captcha schemes

Elie

MARCH 8, 2011

Since I started doing research on CAPTCHA security two years ago, I have relentlessly collected samples of all the different schemes I have encountered. In this blog post, I want to share with you five of the most crazy, funny, and interesting schemes I collected.

48
48
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Trending Sources

article thumbnail

Multi-browser heap address leak in XSLT

Scary Beasts Security

MARCH 9, 2011

It's not often that I find a bug that affects multiple different codebases in the same way, but here is an interesting info-leak bug that is currently unpatched in Firefox, Internet Explorer and Safari. I'm releasing it now for a few reasons: The bug was already publicly noted here. This bug cannot damage anyone in and of itself; it's a low severity info-leak that does not corrupt anything.

Internet 50
Internet Internet 50
article thumbnail

Busy Chrome day.

Scary Beasts Security

MARCH 8, 2011

I did a bunch of fairly interesting things with my corporate hat on today (not to be confused with any of my personal research ;-) Firstly, Chrome 10 went out with a record $16k+ series of rewards. It's continually humbling to see such a wide range of researchers and a wide range of bug categories! [link] Also, there are some nice new security pieces in Chrome 10.

50
50
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 

Stay Connected

Join 29,000+ Insiders by signing up for our newsletter

About
About
Editions
Editions
Topics
Powered by Aggregage | Terms and Conditions | Your California Rights and Privacy Policy
© Aggregage 2024