Facebook Developer Verification Won't Stop Rogue Apps

Looking to clamp down on the escalation of malicious apps on its popular social network, Facebook will now require that every developer to verify their Facebook account by providing a mobile phone number or adding a credit card to their account. While this is clearly a step in the right direction...

iPhone Sandbox Model Not Enough

The iPhone sandbox has always been held up as a major roadblock to thwart hackers from doing damage on the device. But, as European researchers Vincenzo Iozzo and Ralf Philipp Weinmann proved, a hacker can hijack a lot of sensitive data without ever leaving the iPhone sandbox. In this case, they...

iPhone Hacked at Pwn2Own; SMS Database Stolen

VANCOUVER, BC — A pair of European researchers used the spotlight of the CanSecWest Pwn2Own hacking contest here to break into a fully patched iPhone and hijack the entire SMS database, including text messages that had already been deleted. Using an exploit against a previously unknown...

RHEL 4 / 5 : java-1.5.0-sun (RHSA-2007:0963)

Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having important security impact by the Red Hat Security Response Team. The Java Runtime Environment JRE contains the...

ATEN IP KVM Switches multiple cryptographic vulnerabilities

Same SSL certificate is used for all devices, static symmetric key is used for code signing, mouse events are not encrypted, predictable session key is used...

Charney plugs Microsoft end-to-end trust at RSA Conference

Scott Charney used his keynote speech at the RSA Conference on Tuesday to talk up a variety of hardware and software-based technologies meant to infuse the Internet with more trust. Charney, the head of Microsoft’s Trustworthy Computing team, talked about the need for greater adoption of TPMs, co...

Microsoft Windows SMBv2 Code Signing Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability because it fails to properly validate digital signatures. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of logged-in users. This facilitates the remote...

CVE-2007-1220

The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code...

CVE-2007-1220

The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code...

CVE-2007-1220

The CVE-2007-1220 entry describes a vulnerability in the Hypervisor of the Microsoft Xbox 360 kernel (versions 4532 and 4548) where the syscall dispatcher parameters are not properly verified. This allows attackers with physical access to bypass code-signing requirements and execute arbitrary cod...

CVE-2007-1220

The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code...

Verisign transmits sensitive customer information in plain text when applying for a "Code Signing Digital ID"

Overview Verisign offers a service entitled "Code Signing Digital ID for Microsoft Authenticode." Information that is submitted to this site is not transmitted via an SSL secured session, instead it is transmitted in the plain-text. Description Verisign offers a service entitled "Code Signing...

Security Bulletin MS01-017

---------------------------------------------------------------------- Title: Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard Date: 22 March 2001 Software: All Microsoft customers should read the bulletin. Impact: Attacker could digitally sign code using the name "Microsoft...