Google Launches Free Hosting Service

Google has launched a beta version of a free hosting service, Google Page Creator. The service, which is currently limited to existing users of Google’s Gmail, allows users to build a web page using a web-based interface. Each site has its own subdomain, with a web address using the structure of http://gmailname.googlepages.com, and users can choose among up to 40 page designs. The introduction of Google Page Creator follows the recent launch of free hosting products by Microsoft and Go Daddy. Netcraft

Summary of Security Items from Feb. 16 – 22, 2006

The US-CERT Cyber Security Bulletin provides a summary of new and updated vulnerabilities, exploits, trends, and malicious code that have recently been openly reported. Information in the Cyber Security Bulletin is a compilation of open source and US-CERT vulnerability information. Current # of vulnerabilities affecting:Windows Operating Systems – 10Unix/ Linux Operating Systems  – 40Multiple Operating Systems – 57 Details at http://www.us-cert.gov/cas/bulletins/SB06-054.html

Microsoft readies Windows Live parental controls

Microsoft is inviting testers to try an early version of new parental control software for Windows XP called Windows Live Family Safety Settings. The parental controls software lets people filter online content, Microsoft said in an e-mail invitation to testers sent Wednesday. It is designed to help keep Web content that parents deem inappropriate from reaching their children–such as items on alcohol, pornography, gambling and tobacco, the company said. Windows Live Family Safety Settings lets customers create individual accounts for children and see activity reports on the Web sites they visited. The service can be disabled when the parents themselves … Continue reading Microsoft readies Windows Live parental controls

Gartner cautious on promise of better security

Windows Vista will bring an incremental rather than revolutionary improvement in corporate network security, said analyst firm Gartner. “It is hard to generate too much excitement about Vista,” said Jay Heiser, security analyst. “It would be pleasing if all the stuff works as has been promised. We are not expecting an exponential level of improvement or a paradigm shift.” ComputerWeekly

Microsoft Slams Security Firm’s Bounty For Windows Flaws

Microsoft Corp. on Tuesday criticized a security company’s recent offer of $10,000 to someone who discovers a Windows flaw that leads to a critical fix, saying the program is not the best way to protect customers. IDefense started offering the bounty last week as an addition to its controversial Vulnerability Contributor Program, launched in 2005. “Microsoft works closely with many security research and security software companies and does not believe that offering compensation for vulnerability information is the best way they can help protect their customers,” the company said in an email. “Microsoft believes that responsible disclosure, which involves making … Continue reading Microsoft Slams Security Firm’s Bounty For Windows Flaws

HTTP Response Smuggling

Amit Klein shows that HTTP Response Splitting is still possible. Details Recently, several anti- HTTP Response Splitting strategies has been suggested and/or put to use by various individuals and vendors. Apparently, those individuals and vendors did not subscribe to the somewhat strict approach recommended in [1], which is, to simply disallow CR and LF in data embedded in HTTP response headers. Rather, the recent anti-HTTP Response Splitting suggestions attempt to take a more granular approach. However, it seems that unfortunately, this approach is basically flawed, because it does not take into account variations and tolerance in the parsing of HTTP responses … Continue reading HTTP Response Smuggling

Macromedia Shockwave Player ActiveX Control Buffer Overflow Vulnerability

From BugTrag (SecurityFocus):http://www.securityfocus.com/bid/16791 Macromedia Shockwave Player is prone to a buffer overflow when a particular ActiveX control is passed malicious parameters. Attackers can exploit this vulnerability to cause the application to fail or potentially execute arbitrary code. Macromedia Shockwave Player versions 10.1.0.11 and earlier are vulnerable. Vulnerable: Macromedia Shockwave 8.5.1 r106Macromedia Shockwave 8.5.1 r105Macromedia Shockwave 8.0Macromedia Shockwave 6.0 Macromedia Shockwave 5.0 Macromedia Shockwave 4.0 Macromedia Shockwave 3.0 Macromedia Shockwave 2.0 Macromedia Shockwave 1.0 Macromedia Shockwave 10.1.0.11 Solution:   This issue has been addressed by Adobe. Reportedly, no action needs to be taken by users to correct this vulnerability.

Mozilla Thunderbird IFRAME JavaScript Execution Vulnerability

Published by SecurityFocus’ BugTraq:http://www.securityfocus.com/bid/16770 Mozilla Thunderbird is prone to a script-execution vulnerability. The vulnerability presents itself when an attacker supplies a specially crafted email to a user containing malicious script code in an IFRAME and the user tries to reply to the mail. Arbitrary JavaScript can be executed even if the user has disabled JavaScript execution in the client. Mozilla Thunderbird 1.0.7 and prior versions are reportedly affected. Vulnerable:Mozilla Thunderbird 1.0.7 Mozilla Thunderbird 1.0.6 Mozilla Thunderbird 1.0.5 Mozilla Thunderbird 1.0.2 Mozilla Thunderbird 1.0.1 Mozilla Thunderbird 1.0  Not Vulnerable:  Mozilla Thunderbird 1.5 Additional notes:Reports indicate that this issue has been addressed Thunderbird … Continue reading Mozilla Thunderbird IFRAME JavaScript Execution Vulnerability

Microsoft updated Windows Defender Beta 2 (fixed reported issue on non-English Windows)

An updated version of Windows Defender Beta 2 is now available from the Microsoft Download Center. This update resolves the two issues relating to non-English versions of Windows and referenced in KB915087. If you are running on a non-English version of Windows, then we advise that you uninstall the previous installation and install the updated version. If you are running on an English version of Windows, then no action is required. Windows Defender (Beta 2) x64 is also available and re-released (updated) yesterday. Guide: How to install and set up Windows Defender (Beta 2)