Skip to Content

Free TUAW iPhone app -- try it now!
AOL Tech

vulnerabilities posts

Filed under: Security, Adobe, Mozilla, Browsers

Firefox catches 50% with insecure Flash, only 30% click through to update


Two weeks ago Mozilla prepared a new landing page for Firefox updaters to check for outdated versions of the Adobe Flash Player plugin. When the page went live last week for some six million Firefox 3.5.3 and 3.0.14 users, Mozilla compiled some interesting -- and disconcerting -- statistics.

Just over 50% of users shown the page were found to be running an insecure Flash Player version. That's an alarming number, especially considering the number of times Flash vulnerabilities have been exploited in the past two years alone.

The bad news doesn't stop there. As it turns out, the warning only convinced about 30% of viewers to click through and immediately update the plugin.

When you consider the amount of time most people spend browsing and massive number of threats lurking on the Internet maintaining a secure, updated browser is imperative. That, of course, means keeping plugins like Flash and Java up to date and there's no time like the present to do it.

Hopefully Mozilla's next push will meet with more success.

Filed under: Internet, Security, Adobe, Browsers

Protect yourself from Flash Player's clickjacking vulnerability

Flash settings

Adobe has announced that there is a known clickjacking vulnerability in the current Flash player. If you're looking to protect yourself, there are two possible remedies.

Adobe has a workaround posted on their web site. Visit the Flash player settings panel and click always deny on the global privacy settings.

Firefox users would do well to install the NoScript addon, which has updated clickjacking defenses. "ClearClick" protection was added in version 1.8.2, but is now enabled by default. It's designed to prevent user with UI elements that are not visible. In layman's terms, it should keep you from clicking on a button that you didn't know was there.

[via Hackademix]

Filed under: Internet, Social Software

Coming soon: month full o' MySpace bugs

Ever want to see MySpace crash and burn? Or, are you at least a little tired of the horrific design/coding/everything nightmare that is MySpace? A couple of hackers plan to introduce security vulnerabilities in MySpace next month, revealing one a day as part of the "Month of Bugs" tradition. However, Mondo Armando and Müstaschio, in a kind of satirical, cynical, and humorous fashion, will attempt to subvert both the popular social networking website and the "Month of Bugs" trend simultaneously. From their website, their reasons for this endeavor are as follows:
  • Myspace is important, in that there are a bazillion users and a kajillion dollars involved.
  • "Months of Bugs" are whiny, attention-seeking ploys for acceptance. Myspace's design use is to enable whiny, attention-seeking ploys for acceptance.
  • "Months of Bugs" are annoying, so rather than suffering through another, we figured it'd be better to just create our own where we could at least direct the content a little.
MySpace haters, hackers, coders, and everyone else in-between should look forward to this experiment. What will be the result of spreading word of the Emperor's many vulnerabilities? Only time will tell. Godspeed.

Filed under: Internet, Security, Windows, Macintosh, Linux

Firefox 1.5.0.5 security update, 8 'critical' vulnerabilities patched

Firefox 1.5.0.5 security update releasedMozilla has released a security update to Firefox, version 1.5.0.5. TechWeb is reporting that this update fixes 13 vulnerabilities, including 8 that have been deemed critical by Mozilla. For those keeping score: all 8 of these critical bugs are errors or vulnerabilities that have been found in JavaScript.

Firefox 1.5.x should automatically download this update, but users can still manually obtain a copy from Mozilla's site.

Featured Time Waster

Graveyard Shift - zombie-busting Time Waster

With Halloween fast approaching, it's a great time to get in some practice defending your territory against zombies. In Graveyard Shift, you take aim at zombies and other creepy-crawlies, blasting them into splatters of cartoony green guts. It's a casual first-person shooter, and it's very easy to get the hang of - use the mouse to aim, click to fire. Graveyard Shift has at least 15 levels, and it might even have some secret stages I haven't unlocked yet. They key to getting good at Graveyard Shift is learning to use ...

View more Time Wasters

Featured Galleries

Defective by Design, London: Protest Pictures
Microsoft Security Essentials
Chromium Pre-Alpha on CrunchBang Linux
Safari 4 Beta
10 Firefox themes that don't suck
IE8 RC1
Download Squad at the Crunchies After-Party
Download Squad at the Crunchies
WordPress 2.7
Cooking Mama: Mama Kills Animals
Windows 7 Hands On
Comodo Internet Security
Android First-look: Amazon.com MP3 Store
Android First-look: Twitroid
Google Reader Android
Android Hands-On
Twine 1.0
Photoshop Express Beta
Mozilla Birthday Cake
Palm stuff
Adobe Lightroom 1.1

 


Follow us on Twitter!

Flickr Pool

www.flickr.com

More Tech Coverage

AOL Radio