SecuraNET Resource Centre

SecuraNET Products : Technology Updates

• 16 May 2008 -'Treasure hunt' ends after hacker releases IE attack code
  
  One week after hiding Internet Explorer attack code, security researcher Aviv Raff has posted details on how to launch the attack.
  
  

  The bug lies in the "Print Table of Links" feature, which lets IE users print out a web page along with a list of all the links on the page tacked onto the end. Raff discovered that if an attacker added special scripting code to a web page, he could then run unauthorised software on the PCs of IE users who printed using this feature.

  The flaw affects IE 7 and IE 8, Raff said. Security vendor Secunia said that the bug also affects IE 6.

  Because the hack requires that the user be tricked into following so many steps - not only visiting a web page, but then printing a page with this feature selected - Secunia has rated it as a "less critical."

  Raff said that the flaw could be a more serious issue if hackers were to add the code to web pages that were frequently printed out, such as those on Wikipedia.

  The bug has not been patched by Microsoft, which was notified of the issue just last week.

  Raff disclosed the flaw in an unusual way, embedding it in his own website and then inviting other hackers to come and find it. He called this a "treasure hunt."

  The Israeli hacker said that the treasure hunt idea came from a local custom of playing such games during Israel's Independence Day. The contest was won Tuesday by someone calling himself "George the Greek."

  Microsoft didn't get much time to fix the vulnerability, but Raff said he didn't feel that Microsoft would address the issue quickly unless he went public with the vulnerability.

  (Source: Tech World)
• 15 April 2008 -An ongoing effort with the National Center for Missing & Exploited Children (NCMEC) by Google produced video tools for use in finding exploitative images and videos.
  
  Google research scientist Shumeet Baluja described the search giant's work on the company blog in developing these tools. Through 2007, Baluja and co-workers crafted tools to help NCMEC find child predators.
  
  "The tools we provided will aid in organizing and indexing NCMEC's information so that analysts can both deal with new images and videos more efficiently and also reference historical material more effectively," said Baluja.
  
  NCMEC said in a statement the group and law enforcement agent partners have reviewed over 13 million images and videos to help rescue victims and identify criminals.
  
  "Criminals are using cutting edge technology to commit their crimes of child sexual exploitation, and in fighting to solve those crimes and keep children safe, we must do the same," said Ernie Allen, president and CEO of NCMEC.
  
  The tools come from Google's ongoing work in video and image search. This research-stage technology helped NCMEC handle the multitude of such content arriving at their CyberTipline and from police agencies.
  
  "We hope the tools we've built for NCMEC will help its analysts make the important and often time-sensitive work of investigating child predators faster and more efficient," Baluja said.
  
  (Source: Security Pro News)
  
  
  
  
  
• >> August 2007 Updates >>
• >> July 2007 Updates >>
• >> June 2007 Updates >>
• >> May  2007 Updates >>