Southern writes:  

World's first inter-protocol exploit, but not the last

Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.

Using a piece of javascript embedded into a web link, the hackers force users of the open-source browser to join IRC networks and flood channels with diatribes that include the same internet address. As IRC users with Firefox follow the link, their browsers are also forced to spam the channels, giving the attack a viral quality that has has caused major disruptions for almost a month.

"Huge numbers of users of the Freenode network ended up getting banned themselves because they would click the link and then they would join the network and flood the network," one of the hackers, who goes by the moniker Weev, told The Register. "We get this huge rollover effect."

Register

kguske writes:  

Google announced today that it will "phase out support for Microsoft Internet Explorer 6.0 as well as other older browsers that are not supported by their own manufacturers."

Is 2010 the end of the road for IE 6?

Related Read More...

Websense Security Labs(TM) ThreatSeeker(TM) Network has discovered that the home page of the Oklahoma Tax Commission Web site has been compromised with malicious script code. The heavily obfuscated code has been injected at the bottom of the page.

The injected script code goes through a series of deobfuscation techniques that ultimately take the victim computer to an attack Web site without the victim's consent or knowledge.

At the time of this posting, the attack Web site is down, but it could come back up at anytime to carry out attacks against visitors to the Oklahoma Tax Commission home page.

Websense Messaging and Websense Web Security customers are protected against this attack.

To view the details of this alert Click here

Southern writes:  

Jorge Luis Alvarez Medina, a security consultant working for Core Security, has discovered a string of vulnerabilities in Internet Explorer that make it possible for an attacker to gain access to your C drive - complete with files, authentication and HTTP cookies, session management data, etc.

Exploitation of the vulnerability relies solely on the ability for a would-be attacker to provide malicious HTML content from a website and to predict the full path name for the file that will be used to cache it locally on the victim's system," says the advisory Core Security published. "If the entire path name can be predicted, the attacker can cause a redirection to the locally stored file using an URI specified in UNC form and force the local content to be rendered as an HTML document, which will permit to run scripting commands and instantiate certain ActiveX controls."

net-security.org

nb1 writes:  

PhpSecInfo provides an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. It is not a replacement for secure development techniques, and does not do any kind of code or app auditing, but can be a useful tool in a multilayered security approach

PHPSec Home Page

papamike writes:  

I have been around the technology field for 30+ years as a Network Engineer. I retired in 1996 and started a hobby on the web. Since that time I had several different web host.

Recently I was hosted on a server running a unmanaged VPS. One day out of the blue all of the websites I manage were down. I was told that the servers drive was corrupt and that the data was lost permanently. I had backups of all my data but the aggravation it caused me was too much.

So I started the process of searching for a new host when I thought of Raven's Web Hosting. I contacted Raven and in just a small amount of time I had a new host. He was great in getting me ready to go on-line. Professional courteous service has won me over. The fact that I felt I was taking care of the folks who depend on me while at the same time supporting the community. Look around, when you are truly a member of Raven's community he has everything to offer all members. Need good web hosting, it's there, how 'bout knowledgeable friendly people to answer your questions on a forum that covers just about everything. Want to keep informed on the important news about things that affect the security of applications, it's here too.

Excellent prices, good relationships with his clients and members has won me over. I can safely say that I will be a client for the long haul.

Let's all support the community that gives us so much. To design and code a secure feature rich CMS is a daunting task, but the talented RavenNuke(tm) team is highly qualified to reach their goals.

Thanks for taking the time to read this.

Mike (papamike)

Note: 

Mike, thank you so much for this endorsement and review! And, as always, for all you do in support of RavenNuke™!