| | |

Hack Windows Vista; Get Paid

Less than a month after Trend Micro discovered Vista flaws being sold off for $50,000 in the underground market by hackers, VeriSign’s iDefense Labs has placed an $8,000 bounty on remote code execution holes in Windows Vista and Internet Explorer 7. This is part of its three-year old Vulnerability Contributor Program which compensates individuals who provide iDefense with advance notification of unpublished vulnerabilities and/or exploit code. 3Com’s Zero Day Initiative is a similar program.

| |

Beware: Potential vulnerability in Adobe Reader

Secunia reports that Piotr Bania has found a vulnerability in Adobe Reader, which can potentially be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to an unspecified error when processing PDF files. This can be exploited to cause a heap corruption and may allow execution of arbitrary code when a specially-crafted PDF file is opened.

| | |

Beware: IE and Firefox can help steal your password!

Just when we were settling into the so called more secure versions of the two most popular browsers, Robert Chapin has stated that both Internet Explorer 7 and Firefox 2 are vulnerable to what he dubbed as a reverse cross-site request, or RCSR. An exploit for this flaw has already been seen on social-networking site MySpace.com when Netcraft discovered a fraudulent login page was hosted on MySpace servers.