Mozilla bug spreading
Mozilla has escalated the threat ranking for the vulnerability reported last week in the traversal of the directory structure for add-ons. The bug would allow for stealing of session information.
The bug affects more than 600 of the add-ons for the Firefox browser and remedies against the bug are to use the NoScript extension to prevent running of any exploit or using extensions that are packaged in .jar files.
A fix for the bug was set to be released on Feb 5th.
IM based attacks up 78% YoY
Instant messenger based attacks have seen a phenomenal rise this past year. The attack methodology has also seen several new-comers – multi-staged and multi-vector attacks that use e-mail in conjunction with IMs. They are also targeting P2P networks on a large scale.
An excerpt from the article on TechWorld:
IM attacks are a relatively recent phenomenon, but have grown drastically in number in recent months. In July Akonix said the number of threats over the past 12 months was up 78 percent on the previous year.
New IM worms identified in January include MSNChristmas, MSNVB, Perin and Raiodin, Akonix said.
Keeping online messengers fully updated and keeping a keen eye on the messages and the links received could go a long way in preventing infection from such attacks.
Man in the middle attacks possible on Gmail and other Google hosted services
Rob Graham, a security researcher brought to light a vulnerability in the SSL implementation on Google hosted services that could allow a hacker to make the services not encrypt the session ids that are used to authenticate users online. The implementation allows for man in the middle attacks.
The attack is a threat at WiFi hot spots or when connecting over other unsecured access points.