Telstra has revealed the addition of almost one million new mobile services in the six months to December 2011, but Sensis revenues plummeted 24 percent in 12 months.
A weakness in the Adobe Reader plugin's execution of JavaScript can be combined with a cross site scripting attack with "breathtaking" ease, a security researcher has warned.
Writing in Symantec's Security Response Weblog, senior security response engineer Hon Lau said an attack could be made via any web site that hosts a PDF file as no server-side vulnerabilities were involved: "anybody hosting a .pdf file, including well-trusted brands and names on the Web, could have their trust abused and become unwilling partners in crime."
An exploit would involve persuading a user to click on a specially-formed URL that points to a legitimate PDF file but also contains JavaScript attack code. "Given that it is easy to exploit, I would expect that we will see this method used considerably in the coming days and weeks, until it is resolved," warned Lau.
However, the problem seems to be specific to Firefox and can be avoided by changing settings so that PDF files are opened by the Acrobat Reader application rather than the plugin, Lau advised. Other defences include JavaScript filtering at the firewall.
David Bass
| For the fourth year in a row, IDC has placed content security provider Websense (NASDAQ: WBSN) at the top of the IDC Worldwide Web Security 2011 –…
How to Make Business Discovery Work for Your Business
Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more
Try an easy-to-use set of web-enabled
tools for business-class productivity services. Office 365 provides
anywhere-access to email, important documents, contacts, and calendars
on almost any device.