Wireless hack,Wifi hack & security

A new flaw in IE 8 can be exploited to introduce XSS , or cross site scripting errors on webpages that are otherwise safe, according to twoRegister sources, who discussed the bug on the condition they not be identified. Microsoft was notified of the vulnerability a few months ago

ronically, the flaw resides in a protection added by Microsoft developers to IE 8 that’s designed toprevent XSS attacks against sites. The feature works by rewriting vulnerable pages using a technique known as output encoding so that harmful characters and values are replaced with safer ones. A Google spokesman confirmed there is a “significant flaw” in the IE 8 feature but declined to provide specifics.

It’s not clear how the protections can cause XSS vulnerabilities in websites that are otherwise safe. Michael Coates – a senior application security engineer at Aspect Security who has closely studied the feature but was unaware of the vulnerability – speculates it may be possible to cause IE 8 to rewrite pages in such a way that the new values trigger an attack on a clean site.

After the ikee worm that displayed a picture of Rick Astley on jailbroken iPhones, the first malicious iPhone worm (Google translation;original, in Dutch) has now been discovered in the wild. Internet provider XS4ALL in the Netherlands encountered several of such devices(link in Dutch) on the wireless networks of their customers and put out a warning. After obtaining a copy of the malware it was discovered that the jailbroken phones, which are exploited through openSSH with a default password, scan IP ranges of mobile internet providers for other vulnerable iPhones, phone home to a C&C botnet server, are able to update themselves with additional malware and have the ability to dump the SMS database as well. Owners of a jailbroken iPhone with a default root password are advised to flash to the latest Apple firmware in order to ensure no malware is present