Language Selection

English French German Italian Portuguese Spanish

IE And Firefox Sport New Zero-day Flaw

Filed under
Security

Multiple security organizations warned Tuesday that Internet Explorer, Firefox, Mozilla, and SeaMonkey -- on Windows, Linux, and the Mac -- are vulnerable to a JavaScript bug that could allow a determined attacker to dupe users into giving up sensitive personal information such as credit card or bank account numbers and passwords.

According to Symantec, which issued an alert late afternoon Tuesday, all versions of the Microsoft and Mozilla browsers could be used to harvest data through a JavaScript key-filtering vulnerability.

"This issue is triggered by utilizing JavaScript 'OnKeyDown' events to capture and duplicate keystrokes from users," went the Symantec warning.

The bug would let crafty criminals filter keystrokes entered into a form, say a credit card form to pay for online goods, to an invisible file upload dialog on the same Web page.

Full Story.

More in Tux Machines

today's howtos

96Boards SBC showcases Mediatek’s deca-core Helio X20

MediaTek launched the fastest open-spec SBC to date with a 96Boards development board that runs Android on its deca-core Cortex-A53 and -A72 Helio X20 SoC. The “Helio X20 Development Board” is MediaTek’s first 96Boards form-factor single-board computer, and the most powerful open-spec hacker SBC to date. Although we’ve seen some fast 64-bit SoCs among 96Boards SBCs, such as the HiKey, based on an octa-core, Cortex-A53 HiSilicon Kirin 6220, the Helio X20 Development Board offers an even more powerful Helio X20 system-on-chip processor. Read more

Red Hat Financial News

Leftovers: OSS and Sharing

  • New projects, security, and more OpenStack news
  • LibreOffice 5.1.4 Released with Over 130 Fixes
    The first release candidate represented 123 fixes. Some include a fix for a crash in Impress when setting a background image. This occurred with several popular formats in Windows and Linux. Caolán McNamara submitted the patches to fix this in the 5.1 and 5.2 branches. David Tardon fixed a bug where certain presentations hung Impress for extended periods to indefinitely by checking for preconditions earlier. Laurent Balland-Poirier submitted the patches to fix a user-defined cell misinterpretation when using semicolon inside quotes.
  • Open source. Open science. Open Ocean. Oceanography for Everyone and the OpenCTD
    Nearly four years ago, Kersey Sturdivant and I launched a bold, ambitious, and, frankly, naive crowdfunding initiative to build the first low-cost, open-source CTD, a core scientific instrument that measures salinity, temperature, and depth in a water column. It was a dream born from the frustration of declining science funding, the expense of scientific equipment, and the promise of the Maker movement. After thousands of hours spent learning the skills necessary to build these devices, hundreds of conversations with experts, collaborators, and potential users around the world, dozens of iterations (some transformed into full prototypes, others that exist solely as software), and one research cruise on Lake Superior to test the housing and depth and temperature probes, the OpenCTD has arrived.
  • RuuviTag Open-Source Bluetooth Internet Of Things Sensor Beacon Hits Kickstarter (video)
  • Retro gaming on open source 2048 console
    Retro gaming in the open source vein could be on the upswing this season. Creoqode is the London-based technology design company behind 2048, the DIY game console with retro-style video games and visuals that is also supposed to help users learn coding.