IT security, vunerabilities, bugs, fixes, flaws, RSA conference and Infosec.
A blog from

« November 2009 | Main | January 2010 »

Mozilla fixes critical Firefox flaws

Mozilla has updated its flagship Firefox web browser to patch three critical vulnerabilities.

Firefox 3.5.6 and 3.0.16 suffered from crashes due to memory corruption, according to the Mozilla security advisory.

"Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products," the advisory noted.

"Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code."

There are a total of 62 fixes for bugs in the new version of Firefox.

"We strongly recommend that all Firefox users upgrade to this latest release," noted a posting on the Mozilla Developer Center blog.

"If you already have Firefox 3.5 or Firefox 3, you will receive an automated update notification within 24 to 48 hours. This update can also be applied manually by selecting 'Check for Updates...' from the Help menu."

December 17, 2009 | | Comments (0)

Verizon Business launches data breach report

Global communications giant Verizon Business launched its supplemental Data Breach Investigations Report today, offering customers some useful case studies and other information which could help them avoid a data breach.

The report found that most (19 per cent) of breaches are caused by keyloggers and spyware, closely followed by backdoor/command and control and SQL injection attacks.

Abuse of systems access comes swiftly behind and unauthorised access via default credentials is in fifth place.

So having detailed what are the most common threats to guard against, Verizon helpfully then lists each in detail, including how to spot an attack, how to mitigate one, and a useful case study to provide more background info.

The information may seem like basic stuff to many CISOs, but is likely to go down well among those organisations at the smaller end of SME which are struggling to keep their heads above water with limited IT, and even more limited information security, resources at their disposal.

December 9, 2009 | | Comments (0)

Do firms delay upgrading because of security fears?

The furore surrounding Microsoft's Black Screen of Death may finally be dying down, but it has raised more serious concerns about the integrity of new operating systems and whether firms are deliberately delaying upgrades to avoid becoming a bigger target for hackers.

That is, at least, according to security giant Symantec, which has commissioned a new survey into the upgrade habits of enterprise customers, either with alarming speed or uncanny foresight.

The vendor interviewed nearly 1,500 IT managers in UK, France, Germany and Italy and found that just over a third had major concerns over hackers targeting newer desktop software to find vulnerabilities.

A quarter said they would hold off on upgrading for at least another 12 months, while two-thirds said negative press coverage played a role in influencing their decisions to upgrade.

Which is all very well, but are IT decision makers really that easily swayed by so-called 'negative press coverage'? The letters and comments we get here at V3 would seem to suggest not.

Surely the level-headed IT manager would be wise enough to realise that any new operating system or desktop software is likely to receive an unduly large amount of media scrutiny, including how safe or otherwise it is.

We all know that bigger security risks lie with systems remaining unpatched against known flaws, whether those systems are fresh from the factory or not.

December 2, 2009 | | Comments (1)

Site credentials: About | Privacy policy | Terms & conditions | Top of the page
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093