Saturday, 14 February 2015

Microsoft fix 10 year old bug rated Critical by Microsoft... now onto the 15 year old bug

Microsoft's list of updates for its Windows platform, released to the public as part of its regular Patch Tuesday update cycle earlier this week, included a patch for a decade-old flaw known as Jasbug. Described as a 'fundamental design flaw,' the security vulnerability - rated Critical by Microsoft, its highest designation - took Microsoft and discoverer JAS Global Advisors a year to resolve post-discovery. Now, details of another bug in the platform have been released by Breaking Malware - and this one stretches back even further, up to fifteen years... those still on unsupported platforms like Windows XP will not receive the patch.

Facebook fixes security flaw that allowed "any" photo to be deleted

What if your photos get deleted without your knowledge?
Obviously that's very disgusting isn't it? Yup this post is about a vulnerability found by me which allows a malicious user to delete any photo album on Facebook. Any photo album owned by an user or a page or a group could be deleted.

According to Facebook developers documentation, photo albums cannot be deleted using the album node in Graph API.

The bug was so severe that after he reported the bug to the social networking giant, it was fixed within two hours.

For his efforts, he was awarded $12,500, one of the highest rewards available.