Google Chrome and Safari support HTML5 Application Cache.
But unlike Firefox and Opera they do not ask for user permission before
allowing a site to create an Application Cache.
On unsecured networks, attackers could stealthily
create malicious Application Caches in the browser of victims for
Nuance Communications, Inc. offer on their german web page
http://www.nuance.de/kostenlose-ocr-software-test/download.asp
a trial version of OmniPage 16 Professional for download.
The installer OPPro16_TD.exe (a self-extracting RAR archive) was
published Tue, 30 Jun 2009 14:38:28 GMT (according
Hello Lava,
It's an interesting twist but it does not seem to offer network
attackers any additional advantage beyond what they can already
achieve.
For example, a similar attack works against the Firefox and Opera
browsers I have installed on my laptop:
echo -ne 'HTTP/1.1 200
Security Advisory
IS-2010-004 - D-Link DAP-1160 Unauthenticated Remote Configuration
Advisory Information
Published:
2010-06-28
Updated:
2010-06-28
Manufacturer: D-Link
Model: DAP-1160
Firmware version: 1.20b06
1.30b10
1.31b01
Vulnerability Details
Is that UDP 2003 open on the WAN interface as well?
Gary Baribault
On 06/28/2010 09:50 AM, Cristofaro Mune wrote:
Security Advisory
IS-2010-004 - D-Link DAP-1160 Unauthenticated Remote Configuration
Advisory Information
Published:
2010-06-28
Updated:
2010-06-28
Being the D-Link DAP-1160 an Access Point and not a router it does not
have a specific WAN interface.
Nonetheless, the UDP 2003 port is open and reachable from all the
available interfaces on this device.
Best Regards,
Cristofaro Mune
Gary Baribault wrote:
Is that UDP 2003 open on the WAN
You asked for a summer - it's here.
It's that time of the month again, and we shall be gathering in the
usual haunt to hear:
'Having fun with Apple's IOKit'
by Ilja Van Sprundel, IOActive
Celebrating the demise, oh sorry, the epic fail of some football team thing
isn't on the agenda. :-)
***
Hello super hackers of Full-Disclosure!
Additional misinformation for those who read my email (and who still didn't
because for to my engrish said is blows, get over it) Crossdressers: the
phantom menace
In addition also to previous attacks before from open crossdressers this
year I added three
2010/6/28 MustLive mustl...@websecurity.com.ua:
Hello participants of Full-Disclosure!
For last two months I didn't post my articles to this list due to some not
serious moaning in April on some of my articles (you always can find my
articles at my site and in WASC Mailing List). But at the
In summary, any http hit on an insecure network is dangerous on all
browsers.
(FWIW, Chromium resolves this for me. When I type mailenter into the
omnibar, it auto-completes to https://mail.google.com/)
Actually, I see this as a legitimate gap. HTTP links don't cache-mix with
HTTPS links,
Hi Chris,
Excellent points. Please find my answers inline.
It's an interesting twist but it does not seem to offer network
attackers any additional advantage beyond what they can already
achieve.
The real advantage is in the lifetime of the cache.
If the root resource of www.andlabs.org is
On Mon, Jun 28, 2010 at 1:30 PM, Dan Kaminsky d...@doxpara.com wrote:
In summary, any http hit on an insecure network is dangerous on all
browsers.
(FWIW, Chromium resolves this for me. When I type mailenter into the
omnibar, it auto-completes to https://mail.google.com/)
Actually, I see
iDefense Security Advisory 06.21.10
http://labs.idefense.com/intelligence/vulnerabilities/
Jun 21, 2010
I. BACKGROUND
libTIFF is a free and popular image library that provides support for
displaying and manipulating Tag Image File Format (TIFF) image data.
This library is used by numerous
On Tue, Jun 29, 2010 at 12:41 AM, Chris Evans scarybea...@gmail.com wrote:
On Mon, Jun 28, 2010 at 1:30 PM, Dan Kaminsky d...@doxpara.com wrote:
In summary, any http hit on an insecure network is dangerous on all
browsers.
(FWIW, Chromium resolves this for me. When I type mailenter into
On unsecured networks, attackers could stealthily
create malicious Application Caches in the browser of victims for even HTTPS
sites. It has always been possible to poison the browser cache and
compromise the victim's account for HTTP based sites.
With HTML5 Application Cache, it is possible
15 matches
Mail list logo