Mozilla rolls out patches in FireFox 2.0.0.12
The released update patches several vulnerabilities including the one on the directory traversal. The total patches numbers to 10 including three critical vulnerabilities.
Firefox 2.0.0.12 patches critical flaws that could result in Web browsing history and forward navigation stealing; privilege escalation that could allow cross-site scripting exploits; and crashes with evidence of memory corruption.
“A few of these Firefox bugs are viewed as critical, namely due to privacy concerns. One in particular deals with Firefox’s convenient session restore feature and how that functionality can be used by an unauthorized user to access certain sensitive information,” said Mike Haro, a senior security analyst at Sophos.
Just encryption alone can’t prevent data loss
Encryption makes data unintelligible to the prying eye but that alone may not be sufficient to consider the data loss problem solved. A large problem relates to the security measures used to protect the keys used to encrypt data and they also deserve equal confidentiality.
Modern encryption can be regarded as unbreakable but if its use becomes common the attention of criminals will shift to the other weak links – people, and the keys used to encrypt and decrypt the data, said Richard Moulds, executive vice president of strategy at NCipher.
‘Most of the information that is lost today is not actually as a result of attacks at all, it’s as a result of information just simply being mislaid or lost. Clearly information needs to be encrypted as it goes over the internet because the internet’s a wild and scary place,’ he told a NetEvents forum in Barcelona.
Perhaps a combination of several factors including biometric techniques must be considered to bolster security considerations.
Bots are breaking CAPTCHA
In what could appear as a milestone for automated image recognition, Websense security firm reports that bots have been successful at cracking the CAPTCHA programs and create automated accounts. While it is still debatable as to whether the bot does the whole recognition part automatically or is the content being channeled for recognition elsewhere, the fact is the CAPTCHA’s are also not completely capable at blocking bots.
Bots sprawling across the web have majored into revenue earners as well. The strength of the Storm worm for instance has been approximated to millions of zombie PCs. The scale of (profitable) attacks they can launch is cause for much worry.
Live Mail, and rivals like Yahoo Mail, are favourite targets for spammers because the services are free, their domains cannot be blocked by blacklisting anti-spam tools and the millions of accounts they control make it easy for the spamming addresses to hide in the crowd, Hubbard said.
The bot’s success rate shows that CAPTCHA is in danger. Unfortunately, there’s no single technology waiting in the wings that could step in to replace it, especially in high-volume settings like Live Mail or Yahoo Mail.