Mozilla has patched a very critical flaw in Firefox that allows attackers to pose as a legitimate Firefox update server and implant harmful code into a victim’s computer. Firefox 3.0.13 and 3.5.2 are no longer vulnerable to this attack and the update should automatically run. It would be prudent to check it manually under the Firefox “Help” menu and open the “About” window.
If the bad news about all the new critical iPhone and Mac OS X vulnerabilities announced at BlackHat 2009 weren’t bad enough, there now appears to be a new vulnerability in Apple’s hardware. This type of a hack h0wever isn’t something where you can go into an Apple store and have an Apple “genius” exorcise because once the Apple keyboard is infected and locked; there is no practical way of undoing the damage.
Read the rest and see my video interview with the researcher at DigitalSociety.org
Here at DEFCON 2009, there never seems to be a dull moment in the press room. Two years ago it was NBC Dateline’s Michelle Madigan making my day. Our Korean hacker friend Mudsplatter got a little tap on the cheek.