Home Tags Webpage

Tag: webpage

Blizzard shuts down “legacy” WoW fan server hours after it goes...

Felmyst was a four-year labor of love, squashed in less than a day.

Intel shuts down group working on wearables and fitness trackers

We probably won't see any more wearables coming from Intel.

The Magala Trojan Clicker: A Hidden Advertising Threat

Magala falls into the category of Trojan Clickers that imitate a user click on a particular webpage, thus boosting advertisement click counts.
Itrsquo;s worth pointing out that Magala doesnrsquo;t actually affect the user, other than consuming some of the infected computerrsquo;s resources.

The main victims are those paying for the advertising.

Encrypt all the webpages: Let’s Encrypt to offer wildcard certificates for...

Upgrade will allow even more webpages to be protected by HTTPS.

Sony continues to lock PS4 players out of cross-platform play

But Sony exec says there's no "profound philosophical stance" against the feature.

A full-stack developer is full of something, alright

Find someone who calls himself a “full-stack developerrdquo; and smack him right across the face for being a liar or terrible. (Umm, donrsquo;t really do this: Violence is wrong.)Irsquo;ve not run the numbers, but I estimate that less than 1 percent of the developer population can make an adequate-looking webpage and a fully optimized data storage layer, let alone business logic. Just because you made everything JavaScript doesnrsquo;t solve that fundamental problem. Most papers on quantum physics are in English; I speak English but Irsquo;m not automatically a quantum physicist.

As one developer I know put it, thatrsquo;s “boss-logic.”[ InfoWorldrsquo;s quick guide: Digital Transformation and the Agile Enterprise. | Download InfoWorldrsquo;s essential guide to microservices and learn how to create modern web and mobile applications that scale. ] The truth is that most of the applications we do in business are simple.

Theyrsquo;re basic CRUD applications: Take some form data, shove in a database, display it later or possibly do a basic kind of report thing. Maybe there is a little bit of workflow, but probably not much.

They donrsquo;t even have to look that great. Wersquo;re all “full-stack developersrdquo; for that stuff.To read this article in full or to leave a comment, please click here

Meet PINLogger, the drive-by exploit that steals smartphone PINs

Sensors in phones running both iOS and Android reveal all kinds of sensitive info.

Old Windows malware may have tampered with 132 Android apps

More than 130 Android apps on the Google Play store have been found to contain malicious coding, possibly because the developers were using infected computers, according to security researchers.The 132 apps were found generating hidden iframes, or a...

Breaking The Weakest Link Of The Strongest Chain

Around July last year, more than a 100 Israeli servicemen were hit by a cunning threat actor.

The attack compromised their devices and exfiltrated data to the attackers’ C&C.
In addition, the compromised devices were pushed Trojan updates.

The operation remains active at the time of writing this post.

RHSA-2017:0190-1: Critical: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 5, Red HatEnterprise Linux 6, and Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact ofCritical. A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Mozilla Firefox is an open source web browser.This update upgrades Firefox to version 45.7.0 ESR.Security Fix(es):* Multiple flaws were found in the processing of malformed web content. A webpage containing malicious content could cause Firefox to crash or, potentially,execute arbitrary code with the privileges of the user running Firefox.(CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380,CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396)Red Hat would like to thank the Mozilla project for reporting these issues.Upstream acknowledges Jann Horn, Muneaki Nishimura, Nils, Armin Razmjou,Christian Holler, Gary Kwong, André Bargull, Jan de Mooij, Tom Schuster, andOriol, Rh0, Nicolas Grégoire, and Jerri Rice as the original reporters. Red Hat Enterprise Linux (v. 5 server) SRPMS: firefox-45.7.0-1.el5_11.src.rpm     MD5: 2b1dec6ead6378170de4bc8a7684043fSHA-256: e76106926213b88f14d6e1032bc6cf7a443dd36c20fe860eac94e526c49baa61   IA-32: firefox-45.7.0-1.el5_11.i386.rpm     MD5: ec834a3d41b6149891d5fcc29dbb4019SHA-256: 60dacc641e98b617aefff4cea75e5c87c58fe379cd9a5ae3bdce6b2cff0a744d firefox-debuginfo-45.7.0-1.el5_11.i386.rpm     MD5: 58b8ddf14b04d58a69d9a8559d6c640eSHA-256: d544789304de861b6491d64e4cda052eeda4b3e67727bf275a2f4e51cdfa8632   PPC: firefox-45.7.0-1.el5_11.ppc64.rpm     MD5: 8b25ba172ad088253983c0df0bcf17c5SHA-256: 36389c08ccb8e1362dde937e65ea12326228ce32c552eeeeaddedf83b10cca00 firefox-debuginfo-45.7.0-1.el5_11.ppc64.rpm     MD5: b85a6bc7bec3d6d863f8bfdaa4710f72SHA-256: 83f4042c1f550793634cf60a0dfeae96451562accb1aa3d8997d63975c6493ec   s390x: firefox-45.7.0-1.el5_11.s390x.rpm     MD5: adcf2bbf86d194fa27d53fcdf69a2546SHA-256: 5303f6b6d26a3194eae69ae23139ae3d6c678355ad8118464ea93c18c40b9420 firefox-debuginfo-45.7.0-1.el5_11.s390x.rpm     MD5: 82103fbf027df425402f65f9aa04683bSHA-256: a3235e409b16349d799fab84aa7c58edb0320c10cacaff413b38fda47bbfce76   x86_64: firefox-45.7.0-1.el5_11.i386.rpm     MD5: ec834a3d41b6149891d5fcc29dbb4019SHA-256: 60dacc641e98b617aefff4cea75e5c87c58fe379cd9a5ae3bdce6b2cff0a744d firefox-45.7.0-1.el5_11.x86_64.rpm     MD5: 6d04b3beec9bd3c885f60507668393caSHA-256: 3fc61aa258633191a6fdb97a601f5cffbdf8d782c2809bda3e80f3156359a3e0 firefox-debuginfo-45.7.0-1.el5_11.i386.rpm     MD5: 58b8ddf14b04d58a69d9a8559d6c640eSHA-256: d544789304de861b6491d64e4cda052eeda4b3e67727bf275a2f4e51cdfa8632 firefox-debuginfo-45.7.0-1.el5_11.x86_64.rpm     MD5: 7e0442cef583cf3eafe949a7bdc65c62SHA-256: 82358fd4a0f3c6b532f65410dc5c075c82d6708cad49f6bedc31d6512d8312ea   Red Hat Enterprise Linux Desktop (v. 5 client) SRPMS: firefox-45.7.0-1.el5_11.src.rpm     MD5: 2b1dec6ead6378170de4bc8a7684043fSHA-256: e76106926213b88f14d6e1032bc6cf7a443dd36c20fe860eac94e526c49baa61   IA-32: firefox-45.7.0-1.el5_11.i386.rpm     MD5: ec834a3d41b6149891d5fcc29dbb4019SHA-256: 60dacc641e98b617aefff4cea75e5c87c58fe379cd9a5ae3bdce6b2cff0a744d firefox-debuginfo-45.7.0-1.el5_11.i386.rpm     MD5: 58b8ddf14b04d58a69d9a8559d6c640eSHA-256: d544789304de861b6491d64e4cda052eeda4b3e67727bf275a2f4e51cdfa8632   x86_64: firefox-45.7.0-1.el5_11.i386.rpm     MD5: ec834a3d41b6149891d5fcc29dbb4019SHA-256: 60dacc641e98b617aefff4cea75e5c87c58fe379cd9a5ae3bdce6b2cff0a744d firefox-45.7.0-1.el5_11.x86_64.rpm     MD5: 6d04b3beec9bd3c885f60507668393caSHA-256: 3fc61aa258633191a6fdb97a601f5cffbdf8d782c2809bda3e80f3156359a3e0 firefox-debuginfo-45.7.0-1.el5_11.i386.rpm     MD5: 58b8ddf14b04d58a69d9a8559d6c640eSHA-256: d544789304de861b6491d64e4cda052eeda4b3e67727bf275a2f4e51cdfa8632 firefox-debuginfo-45.7.0-1.el5_11.x86_64.rpm     MD5: 7e0442cef583cf3eafe949a7bdc65c62SHA-256: 82358fd4a0f3c6b532f65410dc5c075c82d6708cad49f6bedc31d6512d8312ea   Red Hat Enterprise Linux Desktop (v. 6) SRPMS: firefox-45.7.0-1.el6_8.src.rpm     MD5: b2ea4596f2a8691e2cfbaad9171ba813SHA-256: 1e452af6d20a4ce0b75316fb040faa7144c6bc63214e6d8fb612fd47c2e4d47d   IA-32: firefox-45.7.0-1.el6_8.i686.rpm     MD5: ee5356e13ab405f60c3ced7486255afdSHA-256: b6dac4a873a64d8d9d96505bfb263e2ee1af73ac67a624a208c4b1ee915e98b1 firefox-debuginfo-45.7.0-1.el6_8.i686.rpm     MD5: 452a51627b460333aa05c30f421a559aSHA-256: 71a1d75e9826d8ed817931db1d5ffd261c9a34949070c3314d81a1de4cb70d00   x86_64: firefox-45.7.0-1.el6_8.i686.rpm     MD5: ee5356e13ab405f60c3ced7486255afdSHA-256: b6dac4a873a64d8d9d96505bfb263e2ee1af73ac67a624a208c4b1ee915e98b1 firefox-45.7.0-1.el6_8.x86_64.rpm     MD5: 787c92bb87ac309cb73419a6b6344466SHA-256: 3d1138e5b8c522795a37908ad737ae7688a93861ab4c2f7294464758b1486f76 firefox-debuginfo-45.7.0-1.el6_8.i686.rpm     MD5: 452a51627b460333aa05c30f421a559aSHA-256: 71a1d75e9826d8ed817931db1d5ffd261c9a34949070c3314d81a1de4cb70d00 firefox-debuginfo-45.7.0-1.el6_8.x86_64.rpm     MD5: 0d9ea1818ce93e6bee0c830c360c56cdSHA-256: 6c126b3470d298070da7a6f5f955aa36d1c6ba3252cd0ea05f17d722eb94b7b0   Red Hat Enterprise Linux Desktop (v. 7) SRPMS: firefox-45.7.0-1.el7_3.src.rpm     MD5: 1fd5dd8baf285bd69a349c75269d2d63SHA-256: 32f2c9602dfbd29b243c717ed65c72413911abc7c90fb9fd9c298b87dbbbdbe1   x86_64: firefox-45.7.0-1.el7_3.i686.rpm     MD5: 093621500570e2ed1fc3290697713d5cSHA-256: 042b611ca212fe22b6b99d95486fd0c15a8ce9abdda802dcc478804a658a6e86 firefox-45.7.0-1.el7_3.x86_64.rpm     MD5: a9d9528b1c92190adb5f994801c99d76SHA-256: cd21ad7f5a7a75449df379832e08f513424a1f87d6e9d7e977c2c58e7edb0e7d firefox-debuginfo-45.7.0-1.el7_3.i686.rpm     MD5: 4cb4d719145315c7883dbf685b13f8e2SHA-256: 7b19e89d7be73ac77683343f4bc251d98e66b6812c984621e48a18a8ffdc0a13 firefox-debuginfo-45.7.0-1.el7_3.x86_64.rpm     MD5: 43c4571a807ffd84f950256ea595e58dSHA-256: 16ef9346047b8142e15f3ef0b0201329fd372ea6b9e768c05ba4c33792a2a071   Red Hat Enterprise Linux HPC Node (v. 6) SRPMS: firefox-45.7.0-1.el6_8.src.rpm     MD5: b2ea4596f2a8691e2cfbaad9171ba813SHA-256: 1e452af6d20a4ce0b75316fb040faa7144c6bc63214e6d8fb612fd47c2e4d47d   x86_64: firefox-45.7.0-1.el6_8.i686.rpm     MD5: ee5356e13ab405f60c3ced7486255afdSHA-256: b6dac4a873a64d8d9d96505bfb263e2ee1af73ac67a624a208c4b1ee915e98b1 firefox-45.7.0-1.el6_8.x86_64.rpm     MD5: 787c92bb87ac309cb73419a6b6344466SHA-256: 3d1138e5b8c522795a37908ad737ae7688a93861ab4c2f7294464758b1486f76 firefox-debuginfo-45.7.0-1.el6_8.i686.rpm     MD5: 452a51627b460333aa05c30f421a559aSHA-256: 71a1d75e9826d8ed817931db1d5ffd261c9a34949070c3314d81a1de4cb70d00 firefox-debuginfo-45.7.0-1.el6_8.x86_64.rpm     MD5: 0d9ea1818ce93e6bee0c830c360c56cdSHA-256: 6c126b3470d298070da7a6f5f955aa36d1c6ba3252cd0ea05f17d722eb94b7b0   Red Hat Enterprise Linux Server (v. 6) SRPMS: firefox-45.7.0-1.el6_8.src.rpm     MD5: b2ea4596f2a8691e2cfbaad9171ba813SHA-256: 1e452af6d20a4ce0b75316fb040faa7144c6bc63214e6d8fb612fd47c2e4d47d   IA-32: firefox-45.7.0-1.el6_8.i686.rpm     MD5: ee5356e13ab405f60c3ced7486255afdSHA-256: b6dac4a873a64d8d9d96505bfb263e2ee1af73ac67a624a208c4b1ee915e98b1 firefox-debuginfo-45.7.0-1.el6_8.i686.rpm     MD5: 452a51627b460333aa05c30f421a559aSHA-256: 71a1d75e9826d8ed817931db1d5ffd261c9a34949070c3314d81a1de4cb70d00   PPC: firefox-45.7.0-1.el6_8.ppc64.rpm     MD5: 069e4d823d63aef85ba7ca2d517d1bf2SHA-256: 62d4942969861419d190e8eeaf4459212b004e81929cd8014000d788b6857942 firefox-debuginfo-45.7.0-1.el6_8.ppc64.rpm     MD5: da598e8f60df66a59c858f8c11724f9fSHA-256: c3d0e0be7ee2d1894f4f82cc79bd8c4952dafc55db3199d60fc5a5b904154eb7   s390x: firefox-45.7.0-1.el6_8.s390x.rpm     MD5: 4da0b635699941fcdf51d5b721aaaf5dSHA-256: e7162344260685a638e0dc6f6926e7c68c801216ed12ef9014cff2b9d0fc94bd firefox-debuginfo-45.7.0-1.el6_8.s390x.rpm     MD5: 586724a7fe10e97b0b20ddfa66e5100bSHA-256: 6172b8ed83851ba2adc69e9ec8191f9be4137f2e2b839773075cdb696fc73227   x86_64: firefox-45.7.0-1.el6_8.i686.rpm     MD5: ee5356e13ab405f60c3ced7486255afdSHA-256: b6dac4a873a64d8d9d96505bfb263e2ee1af73ac67a624a208c4b1ee915e98b1 firefox-45.7.0-1.el6_8.x86_64.rpm     MD5: 787c92bb87ac309cb73419a6b6344466SHA-256: 3d1138e5b8c522795a37908ad737ae7688a93861ab4c2f7294464758b1486f76 firefox-debuginfo-45.7.0-1.el6_8.i686.rpm     MD5: 452a51627b460333aa05c30f421a559aSHA-256: 71a1d75e9826d8ed817931db1d5ffd261c9a34949070c3314d81a1de4cb70d00 firefox-debuginfo-45.7.0-1.el6_8.x86_64.rpm     MD5: 0d9ea1818ce93e6bee0c830c360c56cdSHA-256: 6c126b3470d298070da7a6f5f955aa36d1c6ba3252cd0ea05f17d722eb94b7b0   Red Hat Enterprise Linux Server (v. 7) SRPMS: firefox-45.7.0-1.el7_3.src.rpm     MD5: 1fd5dd8baf285bd69a349c75269d2d63SHA-256: 32f2c9602dfbd29b243c717ed65c72413911abc7c90fb9fd9c298b87dbbbdbe1   PPC: firefox-45.7.0-1.el7_3.ppc64.rpm     MD5: 84f58bd190215a79e84c57e657362164SHA-256: 8fd176f5ee79ec47777ca389793f5c985fb93e4e1c7df1bef980fb84e2cf25b1 firefox-debuginfo-45.7.0-1.el7_3.ppc64.rpm     MD5: 42ea902950f1abe079daa22a4f7e180fSHA-256: 98324d749df96c7269bc4f594b0358a6382026d5b33bb674e74186436171d81d   PPC64LE: firefox-45.7.0-1.el7_3.ppc64le.rpm     MD5: a26021d328466ae57dcb69b6036c3633SHA-256: 9bfa70ed36ccdac48b14280b06fcdd0a2fdc6689e3d280b9194635dac364572b firefox-debuginfo-45.7.0-1.el7_3.ppc64le.rpm     MD5: dfb22651c1cec514c1c8f846a02bd092SHA-256: ef981d61acb85dbd0cb8ef4bfb94db14ce220687d894cc463d52d1114246be3f   s390x: firefox-45.7.0-1.el7_3.s390x.rpm     MD5: 88229dd866fcfef6faa5c70238a1d43fSHA-256: f5bdb8710b8b5c355aef7f140c727ec5306409e9f746d5a9de23ec20467e5b6e firefox-debuginfo-45.7.0-1.el7_3.s390x.rpm     MD5: 5fd8d473955c6a0427670310b9e476d6SHA-256: 2e3883f704972ba8034b92986592c6e3b70fa5cdd17450cfbe6ed7db0b15d426   x86_64: firefox-45.7.0-1.el7_3.i686.rpm     MD5: 093621500570e2ed1fc3290697713d5cSHA-256: 042b611ca212fe22b6b99d95486fd0c15a8ce9abdda802dcc478804a658a6e86 firefox-45.7.0-1.el7_3.x86_64.rpm     MD5: a9d9528b1c92190adb5f994801c99d76SHA-256: cd21ad7f5a7a75449df379832e08f513424a1f87d6e9d7e977c2c58e7edb0e7d firefox-debuginfo-45.7.0-1.el7_3.i686.rpm     MD5: 4cb4d719145315c7883dbf685b13f8e2SHA-256: 7b19e89d7be73ac77683343f4bc251d98e66b6812c984621e48a18a8ffdc0a13 firefox-debuginfo-45.7.0-1.el7_3.x86_64.rpm     MD5: 43c4571a807ffd84f950256ea595e58dSHA-256: 16ef9346047b8142e15f3ef0b0201329fd372ea6b9e768c05ba4c33792a2a071   Red Hat Enterprise Linux Server TUS (v. 7.3) SRPMS: firefox-45.7.0-1.el7_3.src.rpm     MD5: 1fd5dd8baf285bd69a349c75269d2d63SHA-256: 32f2c9602dfbd29b243c717ed65c72413911abc7c90fb9fd9c298b87dbbbdbe1   x86_64: firefox-45.7.0-1.el7_3.i686.rpm     MD5: 093621500570e2ed1fc3290697713d5cSHA-256: 042b611ca212fe22b6b99d95486fd0c15a8ce9abdda802dcc478804a658a6e86 firefox-45.7.0-1.el7_3.x86_64.rpm     MD5: a9d9528b1c92190adb5f994801c99d76SHA-256: cd21ad7f5a7a75449df379832e08f513424a1f87d6e9d7e977c2c58e7edb0e7d firefox-debuginfo-45.7.0-1.el7_3.i686.rpm     MD5: 4cb4d719145315c7883dbf685b13f8e2SHA-256: 7b19e89d7be73ac77683343f4bc251d98e66b6812c984621e48a18a8ffdc0a13 firefox-debuginfo-45.7.0-1.el7_3.x86_64.rpm     MD5: 43c4571a807ffd84f950256ea595e58dSHA-256: 16ef9346047b8142e15f3ef0b0201329fd372ea6b9e768c05ba4c33792a2a071   Red Hat Enterprise Linux Workstation (v. 6) SRPMS: firefox-45.7.0-1.el6_8.src.rpm     MD5: b2ea4596f2a8691e2cfbaad9171ba813SHA-256: 1e452af6d20a4ce0b75316fb040faa7144c6bc63214e6d8fb612fd47c2e4d47d   IA-32: firefox-45.7.0-1.el6_8.i686.rpm     MD5: ee5356e13ab405f60c3ced7486255afdSHA-256: b6dac4a873a64d8d9d96505bfb263e2ee1af73ac67a624a208c4b1ee915e98b1 firefox-debuginfo-45.7.0-1.el6_8.i686.rpm     MD5: 452a51627b460333aa05c30f421a559aSHA-256: 71a1d75e9826d8ed817931db1d5ffd261c9a34949070c3314d81a1de4cb70d00   x86_64: firefox-45.7.0-1.el6_8.i686.rpm     MD5: ee5356e13ab405f60c3ced7486255afdSHA-256: b6dac4a873a64d8d9d96505bfb263e2ee1af73ac67a624a208c4b1ee915e98b1 firefox-45.7.0-1.el6_8.x86_64.rpm     MD5: 787c92bb87ac309cb73419a6b6344466SHA-256: 3d1138e5b8c522795a37908ad737ae7688a93861ab4c2f7294464758b1486f76 firefox-debuginfo-45.7.0-1.el6_8.i686.rpm     MD5: 452a51627b460333aa05c30f421a559aSHA-256: 71a1d75e9826d8ed817931db1d5ffd261c9a34949070c3314d81a1de4cb70d00 firefox-debuginfo-45.7.0-1.el6_8.x86_64.rpm     MD5: 0d9ea1818ce93e6bee0c830c360c56cdSHA-256: 6c126b3470d298070da7a6f5f955aa36d1c6ba3252cd0ea05f17d722eb94b7b0   Red Hat Enterprise Linux Workstation (v. 7) SRPMS: firefox-45.7.0-1.el7_3.src.rpm     MD5: 1fd5dd8baf285bd69a349c75269d2d63SHA-256: 32f2c9602dfbd29b243c717ed65c72413911abc7c90fb9fd9c298b87dbbbdbe1   x86_64: firefox-45.7.0-1.el7_3.i686.rpm     MD5: 093621500570e2ed1fc3290697713d5cSHA-256: 042b611ca212fe22b6b99d95486fd0c15a8ce9abdda802dcc478804a658a6e86 firefox-45.7.0-1.el7_3.x86_64.rpm     MD5: a9d9528b1c92190adb5f994801c99d76SHA-256: cd21ad7f5a7a75449df379832e08f513424a1f87d6e9d7e977c2c58e7edb0e7d firefox-debuginfo-45.7.0-1.el7_3.i686.rpm     MD5: 4cb4d719145315c7883dbf685b13f8e2SHA-256: 7b19e89d7be73ac77683343f4bc251d98e66b6812c984621e48a18a8ffdc0a13 firefox-debuginfo-45.7.0-1.el7_3.x86_64.rpm     MD5: 43c4571a807ffd84f950256ea595e58dSHA-256: 16ef9346047b8142e15f3ef0b0201329fd372ea6b9e768c05ba4c33792a2a071   (The unlinked packages above are only available from the Red Hat Network) These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

Widely used WebEx plugin for Chrome will execute attack code—patch now!

EnlargeTavis Ormandy reader comments 12 Share this story The Chrome browser extension for Cisco Systems WebEx communications and collaboration service was just updated to fix a vulnerability that leaves all 20 million users susceptible to drive-by attacks that can be carried out by just about any website they visit. A combination of factors makes the vulnerabilities among the most severe in recent memory.

First, WebEx is largely used in enterprise environments, which typically have the most to lose.
Second, once a vulnerable user visits a site, it's trivial for anyone with control of it to execute malicious code with little sign anything is amiss.

The vulnerability and the resulting patch were disclosed in a blog post published Monday by Tavis Ormandy, a researcher with Google's Project Zero security disclosure service. Martijn Grooten, a security researcher for Virus Bulletin, told Ars: If someone with malicious intentions (Tavis, as per Google's policy, disclosed this responsibly) had discovered this, it could have been a goldmine for exploit kits. Not only is 20 million users a large enough number to make it worthwhile in opportunistic attacks, I assume people running WebEx are more likely to be corporate users.
Imagine combining this with ransomware! All that's required for a malicious or compromised website to exploit the vulnerability is to host a file or other resource that contains the string "cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html" in its URL.

That's a "magic" pattern the WebEx service uses to remotely start a meeting on visiting computers that have the Chrome extension installed. Ormandy discovered that any visited website can invoke the command not just to begin a WebEx session, but to execute any code or command of the attacker's choice.

To make the exploit more stealthy, the string can be loaded into an HTML-based iframe tag, preventing the visitor from ever seeing it. While Monday's patch came a commendable two days after Ormandy privately reported the vulnerability, the researcher warned the patch may not adequately secure the Chrome extension from all types of code-execution exploits.

That's because the update still allows Cisco's webex.com website to invoke the magic pattern with no warning.
Should the site ever experience a cross-site scripting vulnerability—a vexingly common type of Web application bug that lets attackers inject scripts into Web pages—it might be possible to use it to once again exploit the WebEx extension flaw. Some critics also faulted the fix for providing a less-than-clear warning message when WebEx-enabled browsers visit sites that load the magic string.

The warning reads: "WebEx meeting launcher needs to launch a WebEx meeting on this site. WebEx meeting client will be launched if you accept this request." The message then gives users the option of clicking Cancel or OK. "This is a social engineering nightmare," Filippo Valsorda, a security researcher at content delivery network CloudFlare, told Ars. He provided this guide for protecting against the vulnerability. In an e-mail, independent cryptography and security researcher Aaron Zauner provided this technical analysis: The extension has its own sort-of-an API and passes JSON messages between the extension, the website where the WebEx session is supposed to happen (e.g is embedded into the website), and native browser code (i.e.Chrome).

As Tavis [Ormandy] notes, the extension passes a lot of properties about the session along, many of which seem security sensitive and may be able to allow for attack vectors. One of these properties seems to have its own scripting language (Tavis's words) and thus allows interaction with native code.

The extension ships (at least parts) of Microsoft's C runtime and thus gives an attacker the possibility to call C functionality by just passing JSON properties/objects.

An exploit may be a simple webpage with JavaScript code in it. Having the WebEx extension in chrome installed—an attacker may point the victim to such a website and run arbitrary code or start programs, delete files et cetera on the victim's computer. The critical update is made available in version 1.0.3 of the WebEx extension for Chrome.
It will be downloaded and run automatically, but given the severity, users should make sure it's installed immediately by clicking on the three vertical dots in the top rights of Chrome.

They should choose More Tools, Extensions, and view the information pertaining to WebEx.

To force WebEx to update right away, users can check the "Developer Mode" checkbox and click the "Update extensions now" button.

Cisco’s WebEx Chrome plugin will execute evil code, install malware via...

Just get rid of it – bin it now Malicious websites can remotely execute commands on Windows systems that have Cisco WebEx's Chrome extension installed.

About 20 million people actively use this broken software. All attackers need to know is a “magic URL” hidden within WebEx, Google Project Zero bug hunter Tavis Ormandy revealed on Monday. We think a secret "magic URL" is the nicest possible way of saying "backdoor," be it deliberate or accidental. Specifically, any URL request – such as a silent request for an invisible iframe on a page – that includes the string cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html opens up WebEx to remote-control execution. Ormandy clocked he could exploit this via Chrome's native messaging system to execute C library and Windows system calls. The Googler quickly produced a proof-of-concept webpage that pops open calc.exe on vulnerable machines that have Cisco's dodgy extension installed.

This demonstrates that a victim just has to browse a website that targets Cisco's plugin to come under attack and find their computer is infected with malware. “I noticed that [Cisco] ships a copy of the CRT (Microsoft's C Runtime, containing standard routines like printf, malloc, etc), so I tried calling the standard _wsystem() routine (like system(), but for WCHAR strings), like this,” wrote Ormandy, before throwing in this JavaScript: var msg = { GpcProductRoot: "WebEx", GpcMovingInSubdir: "Wanta", GpcProductVersion: "T30_MC", GpcUnpackName: "atgpcdec", GpcExtName: "atgpcext", GpcUnpackVersion: "27, 17, 2016, 501", GpcExtVersion: "3015, 0, 2016, 1117", GpcUrlRoot: "http://127.0.0.1/", GpcComponentName: btoa("MSVCR100.DLL"), GpcSuppressInstallation: btoa("True"), GpcFullPage: "True", GpcInitCall: btoa("_wsystem(ExploitShellCommand);"), ExploitShellCommand: btoa("calc.exe"), } “Unbelievably, that worked,” he added. There was a secret URL in WebEx that allowed any website to run arbitrary code. ¯\_(ツ)_/¯ https://t.co/sAqZrDN4ad — Tavis Ormandy (@taviso) January 23, 2017 And PRs wonder why we get uppity when we’re told to install weird extensions during press briefings - PDF + text is fine, thanks. https://t.co/whPRlSXnqX — The Register (@TheRegister) January 23, 2017 Cisco has rushed out WebEx version 1.0.3 to fix the issue, although crypto developer Filippo Valsorda says the patch is incomplete.

Given Cisco's devotion to programming standards, or lack thereof, just delete and forget about the crappy thing entirely. ® Sponsored: Customer Identity and Access Management