Update: CSS2 Rollovers. We’ve tweaked our pure CSS2 rollovers to perfection, and moved them to their own directory. These vertical rollovers use the hover pseudo-class for CSS2 browsers, and display properly in Netscape 4.x. By Andy King et al. 0329 [WebReference News]
Drive by hacking linked to cyberterror. The Register Mar 28 2002 1:36PM ET [Moreover - Computer security news]
TechRepublic: Serious Java hole affects multiple operating systems
Several versions of the Java Virtual Machine that have been in use for years contain a serious vulnerability. Although the problem was only recently disclosed, Sun has apparently known for 11 months that the Java RunTime Environment code contains a flaw that could allow an attacker to capture sensitive data by redirecting Web traffic.
Microsoft reports that this problem is a threat to anyone who connects to the Internet through a proxy server. A remote server could use a hostile Java applet to hijack the user’s HTTP connection to the proxy. It’s more than a bit ironic that proxy servers are normally used to improve security but the bug could allow attackers to redirect proxy Web traffic to a new destination.
Microsoft was the first to release a patch for this problem (MS02-013), but the threat isn’t confined to Internet Explorer users. This vulnerability also affects Netscape Navigator and Sun platforms. The Sun security bulletin HttpURLConnection is #00216. Mitre identifies this vulnerability in report CAN-2002-0058. Again, any system with an HTTP proxy server could be at risk.
According to Sun Microsystems, Netscape Navigator versions 6.1, 6.0.1, and 6.0, as well as Netscape Communicator version 4.79 and earlier, contain the vulnerable Java code. Microsoft’s Virtual Machine through build 3802 are all affected.
SecurityFocus: D.I.R.T. Spyware Exposed on Web Software marketed as a computer surveillance tool for law enforcement investigators has its secrets laid bare on an anonymous Web site. By Kevin Poulsen
SecurityFocus: A Certified Waste of Time In which your intrepid columnist hands over $450 to sit for the CISSP exam, only to conclude that it measures little of value. By Jon Lasser
You are currently browsing the Liudvikas Bukys weblog archives for March, 2002.
