Language Selection

English French German Italian Portuguese Spanish

IE And Firefox Sport New Zero-day Flaw

Filed under
Security

Multiple security organizations warned Tuesday that Internet Explorer, Firefox, Mozilla, and SeaMonkey -- on Windows, Linux, and the Mac -- are vulnerable to a JavaScript bug that could allow a determined attacker to dupe users into giving up sensitive personal information such as credit card or bank account numbers and passwords.

According to Symantec, which issued an alert late afternoon Tuesday, all versions of the Microsoft and Mozilla browsers could be used to harvest data through a JavaScript key-filtering vulnerability.

"This issue is triggered by utilizing JavaScript 'OnKeyDown' events to capture and duplicate keystrokes from users," went the Symantec warning.

The bug would let crafty criminals filter keystrokes entered into a form, say a credit card form to pay for online goods, to an invisible file upload dialog on the same Web page.

Full Story.

More in Tux Machines

Nouveau On Oibaf PPA Is Back To Running Well

Upstream Nouveau was unaware of this issue that was affecting my entire assortment of NVIDIA GeForce hardware so it was then quickly assumed to be an issue with the Oibaf PPA that constantly is packaging the latest open-source Linux GPU drivers. On top of mainline Mesa Git, recently there's been the the Gallium3D Direct3D 9 patches (Gallium-Nine). While none of my testing was relying upon the Gallium-Nine D3D9 support, it was wreaking havoc on the system anyhow. As of earlier today some patches were backed out of the Oibaf PPA and since getting back closer to Mesa mainline the Nouveau problems are a matter of the past. With that said, now I'm in the process of running some Nouveau Steam/Source Engine Linux gaming tests similar to today's 20-Way Radeon Comparison With Open-Source Graphics For Steam On Linux Gaming. Read more

Red Hat Shake-up, Desktop Users, and Outta Time

Our top story tonight is the seemingly sudden resignation of Red Hat CTO Brian Stevens. In other news, John C. Dvorak says "Linux has run out of time" and Infoworld.com says there may be problems with Red Hat Enterprise 7. OpenSource.com has a couple of interesting interviews and Nick Heath has five big names that use Linux on the desktop. Read more

Kano's Alejandro Simon: If This, Then Do That

The OS has been available since February. It is open source. We tried to release a new version of it every two or three weeks. Anybody who runs Rasperry Pi can use it. So we already have users. They share content and discuss features and exchange idea on our forums. So far, we have sold 18,000 kits since last year, through the Kickstarter campaign via preorder. We are now in production and have most of the different pieces in place. We will start shipping by the beginning of September, hopefully. We do the materials and the hardware and the components and the packages ourselves. Finally, it is all coming together. Read more

Why Linux Isn't a Desktop Alternative

The year of the Linux desktop has become a joke, referred to ironically when mentioned at all. Under the circumstances Linus Torvalds showed either courage or naivete when he admitted last week at Linuxcon that he still wants to see Linux become popular on the desktop. However, neither Torvalds nor anyone else should stay up nights waiting for the event. Most users have no awareness of the possibility, or set impossible standards for it, even though, for a minority, the year of the Linux desktop happened years ago. The problem is not a technical one, as it was in Linux's earliest days. Linux desktops like KDE's Plasma or Linux Mint's Cinnamon are not only the equal of any proprietary desktop, but in many ways more advanced. Read more