Ryan Naraine

Web tools vendor Adobe Systems has acknowledged that code generated by its Macromedia Dreamweaver suite could allow SQL injection attacks. According to an advisory from Adobe, the flaw was confirmed on Dreamweaver version 8.0.2 and earlier. It affects the ColdFusion, PHP mySQL, ASP, ASP.NET and JSP server models. “If the database server is configured to […]

A third-party audit of the new phishing filter built into the Internet Explorer 7 browser and the MSN Toolbar has given the technology a thumbs up on the sensitive issue of user privacy. Jefferson Wells International, an IT auditing group, has validated Microsofts assurances that the phishing filter does not transmit any personally identifiable information […]

ContextPlus, an adware company implicated in a large number of stealth rootkit infections, has stopped distributing its software, citing concerns over the practices of some distribution partners. In a brief note posted on its home page, ContextPlus said it is “no longer able to ensure the highest standards of quality and customer care” and will […]

Just call it Oracles May critical patch update. Three weeks after the database server vendor announced the release of its April 2006 CPU, customers are still waiting for the several important fixes. The update, which addresses 36 different product flaws, is still undergoing quality assurance testing and is not yet available for download. On April […]

Microsoft plans to release three security bulletins on Tuesday, May 9, to cover several code execution flaws in Windows and the enterprise-facing Microsoft Exchange messaging and collaboration product. The patches will carry a “critical” rating and will require a restart after installation, Microsoft said in its advance notification. Microsoft typically applies a “critical” rating to […]

A new version of the upstart Firefox Web browser has been released to patch a “critical” flaw that could lead to the execution of malicious code. According to Mozilla, Firefox 1.5.0.3 fixes a publicly reported denial-of-service bug that can theoretically lead to a more serious security issue. Mozilla described the flaw as crashes that were […]

Anti-spyware activist Ben Edelman has filed a class-action lawsuit against Yahoo, accusing the online media giant of partnering with spyware purveyors to perpetrate syndication fraud against advertisers. The bombshell suit, filed in the U.S. District Court in New Jersey, also alleges that Yahoo used its Overture pay-per-click advertising network to make money from the practice […]

An open-source security audit program funded by the U.S. Department of Homeland Security has flagged a critical vulnerability in the X Window System which is used in Unix and Linux systems. Coverity, the San Franciso-based company managing the project under a $1.25 million grant, described the flaw as the “biggest security vulnerability” found in the […]

The list of serious unpatched vulnerabilities in Microsofts Internet Explorer browser keeps getting longer and longer. Less than a week after researcher Michal Zalewski went public with a new zero-day vulnerability that could be used in code execution attacks, the software maker has acknowledged yet another flaw affecting fully patched Windows systems. The new IE […]

American Express card holders: Beware that pop-up log-in screen, even on the companys secure Web site. The credit card and travel services company has issued a warning about what it calls a false “security measures” pop-up screen that appears when users log in to its secure site. In an alert posted online, the New York-based […]