Patching for Web 2.0 Vulnerabilities
You may have woken up this morning to find your PC automatically rebooted after a Microsoft critical update. This time around, Microsoft provided critical patches for MS Project, Graphics Device Interface (GDI), VBScript and JScript, and a vulnerability in ActiveX Kill Bits.
With more trusted (but compromised) Web sites pushing malware than sites specifically set up to distribute malware, we need and are getting more help from the browser. CNET noted:
One of the security bulletins is a cumulative patch for IE, and the other is designed to resolve vulnerabilities in ActiveX Kill Bits. Both flaws affect users who visit malicious Web sites with IE, which, in turn, allows malicious attackers to execute remote code from their systems."We live in a Web 2.0 world," Marcus [security research and communications manager at McAfee Avert Labs] said. "It's getting more and more popular to send people e-mails with link spam...It's becoming an effective way to compromise people's machines."
For more on how to reduce the chance of successful attacks from compromised sites, check out this podcast. For more on Ajax vulnerabilities and what developers can do to avoid them, see the most recent article in Messaging and Web Security Essential Series, vol 3, Ajax Security Overview: Problems and Solutions.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
