March, 2011

article thumbnail

Dangerous file write bug in Foxit PDF Reader

Scary Beasts Security

This is fixed in the recently released Foxit PDF Reader v4.3.1.0218. That release is marked as an important security update , although this file bug is not mentioned. Recently, I've been playing around with the various JavaScript APIs available in various different PDF readers. In case you wanted to do the same, I made some little tools, including a simple one to execute PDF-based JS via an URL: [link] The serious bug I found in Foxit PDF Reader permits arbitrary files to be written with arbitra

50
article thumbnail

Five surprising captcha schemes

Elie

Since I started doing research on CAPTCHA security two years ago, I have relentlessly collected samples of all the different schemes I have encountered. In this blog post, I want to share with you five of the most crazy, funny, and interesting schemes I collected.

48
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Multi-browser heap address leak in XSLT

Scary Beasts Security

It's not often that I find a bug that affects multiple different codebases in the same way, but here is an interesting info-leak bug that is currently unpatched in Firefox, Internet Explorer and Safari. I'm releasing it now for a few reasons: The bug was already publicly noted here. This bug cannot damage anyone in and of itself; it's a low severity info-leak that does not corrupt anything.

article thumbnail

Busy Chrome day.

Scary Beasts Security

I did a bunch of fairly interesting things with my corporate hat on today (not to be confused with any of my personal research ;-) Firstly, Chrome 10 went out with a record $16k+ series of rewards. It's continually humbling to see such a wide range of researchers and a wide range of bug categories! [link] Also, there are some nice new security pieces in Chrome 10.

50
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.