A web-borne vulnerability lurking in a popular email application seriously compromised the security of 40 million accounts until it was fixed early last month, independent researchers said. The flaw, in the Memova messaging application sold by a company known as Critical Path, is yet another testament to the awesome power of XSS …
PoC vid - yikes!
Watching the point of concept video made me realize how good I have it with Firefox and AdBlock in place. Those demo pages had so many ads buzzing about it was enough to send the viewer into an epileptic fit.
"spoof of concept" is more appropriate, no?
Responsible researchers and fast response
In order to exploit all 40m users the attacker would have to have all their addresses, so a flaw in any widely used email client would have similar results.
On the whole though this is an example of how security researchers are supposed to work with companies and how companies should respond.
1. Researcher discloses to company
2. Company fixes quickly and their clients apply the fix promptly
3. Publish vulnerability
Compare and contrast with other researchers and vendors is left as an exercise for the reader.
- DAYS from end of life as we know it: Boffins tell of solar storm near-miss
- Put down that Oracle database patch: It could cost $23,000 per CPU
- The END of the FONDLESLAB KINGS? Apple and Samsung have reason to FEAR
- Pics It's Google HQ - the British one: Reg man snaps covert shots INSIDE London offices
- Bose says today IS F*** With Dre Day: Beats sued in patent battle