vulnerability

BlackBerry says TIFF vulnerability exposes enterprise servers to malware

Source: http://www.engadget.com/2013/02/18/blackberry-tiff-vulnerability/

BlackBerry says TIFF vulnerability exposes enterprise servers to malware

BlackBerry has always prided itself on its top-notch security features, so it’s a little worrying to see the company release a “high severity” advisory today warning of a potential exploit. According to the Waterloo-based operation:

Vulnerabilities exist in how the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent process TIFF images for rendering on the BlackBerry smartphone.

Essentially, hackers could rig a TIFF file with malware and then trick a BlackBerry user into loading it via webpage, email or an embedded message, thus allowing the bad guys into their company’s Enterprise Server. BlackBerry hasn’t received any reports of attacks just yet, but urges IT administrators to update their BES software all the same. The update is available at the source, as are several temporary workarounds for those that can’t update their installations just yet.

Filed under: , ,

Comments

Via: Naked Security

Source: BlackBerry Knowledge Base

Tags: , , , , , , , , , , , , , , , , ,

Monday, February 18th, 2013 news No Comments

Microsoft confirms Flash vulnerability fix for Internet Explorer 10 coming soon

Source: http://www.engadget.com/2012/09/11/micrsoft-confirms-flash-vulnerability-fix-for-internet-explorer/

Microsoft confirms Flash vulnerability fix for Internet Explorer 10 coming soon

Microsoft has just announced that it will be providing security patches for the Windows 8 IE10-specific version of Flash, despite the software giant initially suggesting it wouldn’t. The patch will be available “shortly,” and hints at a return to the update cycles of old. More significantly, as ZDNet points out, unless Microsoft coordinates these releases with Adobe, there could be a constant cycle of IE10 being vulnerable in the future. On a positive note, the fix should be released before Windows 8 goes prime time, but for those who jumped on board early, you might want to keep one eye locked on the update page, and get it when it lands.

Filed under:

Microsoft confirms Flash vulnerability fix for Internet Explorer 10 coming soon originally appeared on Engadget on Tue, 11 Sep 2012 11:27:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceZDNet  | Email this | Comments

Tags: , , , , , , , ,

Tuesday, September 11th, 2012 news No Comments

Google responds)

Source: http://www.engadget.com/2012/02/20/microsoft-finds-google-bypassed-internet-explorers-privacy-sett/

There was quite a stir sparked last week when it was revealed that Google was exploiting a loophole in a Apple’s Safari browser to track users through web ads, and that has now prompted a response from Microsoft’s Internet Explorer team, who unsurprisingly turned their attention to their own browser. In an official blog post today, they revealed that Google is indeed bypassing privacy settings in IE as well, although that’s only part of the story (more on that later). As Microsoft explains at some length, Google took advantage of what it describes as a “nuance” in the P3P specification, which effectively allowed it to bypass a user’s privacy settings and track them using cookies — a different method than that used in the case of Safari, but one that ultimately has the same goal. Microsoft says it’s contacted Google about the matter, but it’s offering a solution of its own in the meantime. It’ll require you to first upgrade to Internet Explorer 9 if you haven’t already, then install a Tracking Protection List that will completely block any such attempts by Google — details on it can be found at the source link below.

As ZDNet’s Mary Jo Foley notes, however, Google isn’t the only company that was discovered to be taking advantage of the P3P loophole. Researchers from Carnegie Mellon University’s CyLab say they alerted Microsoft to the vulnerability in 2010, and just two days ago the director of the lab, Lorrie Faith Cranor, wrote about about the issue again on the TAP blog (sponsored by Microsoft, incidentally), detailing how Facebook and others also sk! irt IE’s ability to block cookies. Indeed, Facebook readily admits on its site that it does not have a P3P policy, explaining that the standard is “out of date and does not reflect technologies that are currently in use on the web,” and that “most websites” also don’t currently have P3P policies. On that matter, Microsoft said in a statement to Foley that the “IE team is looking into the reports about Facebook,” but that it has “no additional information to share at this time.”

Update: Google’s Senior Vice President of Communications and Policy, Rachel Whetstone has now issued a statement in response to Microsoft’s blog post. It can be found in full after the break.

Continue reading Microsoft finds Google bypassed Internet Explorer’s privacy settings too, but it’s not alone (update: Google responds)

Microsoft finds Google bypassed Internet Explorer’s privacy settings too, but it’s not alone (update: Google responds) originally appeared on Engadget on Mon, 20 Feb 2012 16:59:00 EDT. Please see our terms for use of feeds.

Permalink ZDNet  |  sourceIE Blog  | Email this | Comments

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Tuesday, February 21st, 2012 news No Comments

Dr. Augustine Fou is Digital Consigliere to marketing executives, advising them on digital strategy and Unified Marketing(tm). Dr Fou has over 17 years of in-the-trenches, hands-on experience, which enables him to provide objective, in-depth assessments of their current marketing programs and recommendations for improving business impact and ROI using digital insights.

Augustine Fou portrait
http://twitter.com/acfou
Send Tips: tips@go-digital.net
Digital Strategy Consulting
Dr. Augustine Fou LinkedIn Bio
Digital Marketing Slideshares
The Grand Unified Theory of Marketing