Hot on HuffPost Tech:

See More Stories
Engadget for the iPhone: download the app now
AOL Tech

Tag: HOLE

Twitter onMouseOver flaw poses huge risk to users, is being actively exploited

Sophos Labs' Graham Cluely posted this morning about a nasty little Twitter security flaw that is being actively exploited. Twitter apparently doesn't block onMouseOver JavaScript code, which (you guessed it!) kicks in when your mouse pointer passes over a specially crafted link. What happens next is up to the creator. It could be something harmless like the alert box you see above, or it coul...

Diaspora's "open Facebook" source code riddled with security issues

It's important to note that the team at Diaspora was very up front about the recent pre-alpha dev-release of their code having "security holes and bugs" -- but early reports from coders who have gone through it paint a pretty grim picture so far. Code that's wrought with bugs and security holes is one thing, but many devs don't see the point in contributing the time and effort required to fix the...

Adobe warns of another new critical flaw in Flash

Yesterday, Adobe reported another critical security exploit in Flash. Show us your surprised face. Unlike a lot of the Flash warnings we see, however, this one is actively being exploited, and a successful attack allows untrusted code to be remotely executed. That's bad, especially since Adobe's post states that the patch won't be arriving for about two weeks. Flash can't seem to catch a bre...

New Adobe zero-day hole already exploited, Trojan virus in the wild

Is it just me, or are Adobe Acrobat and Reader about as secure as the contents of President Skroob's suitcase? Remember that new zero-day exploit which they announced yesterday? Well, if yesterday was day zero it's now day one, and that exploit is being targeted by the bad guys. Trend Micro reports that a trojan is spreading which drops a downloader -- which then drops another downloader. From...

Adobe issues zero-day warning for Reader, Acrobat -- again.

Anyone else having deja vu? Adobe's improved security efforts have been a welcome change, but it sure seems like they're still not doing enough. Of course, it's also possible that things have been footloose and fancy-free for so long that it's going to take a while to sort out. They've promised sandboxing is coming, and that should help. In the meantime, however, we're going to see more new...

Matousec report says your antivirus app is way too easy to exploit

Savvy Download Squad readers are already well aware of the fact that antivirus programs don't guarantee security. There's still one exploitable vector no program can do anything about: the end user. Regardless of how good a program is at protecting a system, a careless user can still wind up getting his or her machine infected. Regardless, it's generally regarded as a bad idea to use a compute...

Adobe finally ready to make Reader, Acrobat updates mandatory

With 2010 just begun, Adobe seems primed to take yet another step in making sure Acrobat and Adobe Reader users are protected from the security exploits which plagued the apps in 2009. Currently in beta testing is the Adobe Refresh Manager which will handle automatic update duties for both products. According to Brad Arkin, Adobe's chief of security and privacy, the current system just isn't w...

Microsoft OneCare not much of a firewall

Microsoft has made much of Windows OneCare, its new security bundle that includes, among other things, a firewall. It turns out, however, that in its default configuration OneCare's firewall is full of holes. According to InfoWorld's Roger Grimes, OneCare automatically permits all traffic from two types of programs: Any program using the Java Virtual Machine, and any program digitally signed. Micr...