Monthly Archives: April 2009

Open Redirect at Ask.com

Spammers have found an open redirect in the ask.com website. These redirects are often used to mask their URL’s from RBL’s and services like Spamcop.

Redirect:
http://wzeu.ask.com/r?t=lyc&u=http://www.microsoft.com/

I have put Microsoft in as an example here anyone can put any URL in at he end to use this redirect. I have filed a support ticket with Ask about this.

A redirect that they were using at Go.com is still open a month later even after I sent them notice of it. (Lazy)

Mozilla Firefox 3.0.9 Released

Firefox has been updates to version 3.0.9, list of fixes follows:

  • MFSA 2009-22 Firefox allows Refresh header to redirect to javascript: URIs
  • MFSA 2009-21 POST data sent to wrong site when saving web page with embedded frame
  • MFSA 2009-20 Malicious search plugins can inject code into arbitrary sites
  • MFSA 2009-19 Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString
  • MFSA 2009-18 XSS hazard using third-party stylesheets and XBL bindings
  • MFSA 2009-17 Same-origin violations when Adobe Flash loaded via view-source: scheme
  • MFSA 2009-16 jar: scheme ignores the content-disposition: header on the inner URI
  • MFSA 2009-15 URL spoofing with box drawing character
  • MFSA 2009-14 Crashes with evidence of memory corruption (rv:1.9.0.9)

Fixed in Firefox 3.0.9

Microsoft Security Bulletin Summary for April 2009

Here are this months updates:

  • Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)
  • Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)
  • Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)
  • Cumulative Security Update for Internet Explorer (963027)
  • Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557)
  • Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)
  • Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759)
  • Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)

Australian National Broadband Network, $43 Billion, FTTP

The Australian Federal Government has announced the results of it’s national broadband network.

Essentially they have rejected all tenders and are going to spend $43 Billion to create a new wholesale communications company over a period of 8 years, that will provide Fibre To The Premises (FTTP, also refered to as Fibre To The Home – FTTH).