Technical Tidbits™

I came across this title while finishing up this weeks Weekly Security Digest issue.  (If you aren’t getting your free month, sign up here! There’s also a sample to view!)

Okay, after that shameless plug for my newsletter, back to the one bug to rule them all title.

This is the title of security advisory that I found while gathering all the vulnerabilites for the weekly summary.  To give the author credit, specifically, it’s this one:  http://www.g-sec.lu/one-bug-to-rule-them-all.html

What’s interesting enough about this advisory – besides the title that is – is that this one reported bug affects a multitude of products! And not what you would think would be related products – necessarily.

It affects browsers from IE through Google Chrome, Apple Safari, Opera, Firefox, and a few more! But that’s not all, how about throwing in the iPhone, Blackberry, Nokia, and Siemens phones.  Okay, so they do use browsers too!

Okay, but then what do all of those have to do with SeaMonkey, Thunderbird, Sony PS3, Nintendo Wii, and the iPod?

Give up?

The answer is Javascript!

Specifically, it’s a programming error in how the systems handle a particular code called the select() method.

Be that as it may, those of you so inclined can click the above link to the advisory and see the Proof of Concept (PoC) and the details of the problem.  For those who are not so technically inclined, there is something I want to point out that you should “GET” from this post.

Security isn’t just about your PC, Mac, or Linux computer, laptop, or netbook! Security issues affect everything in our daily life now because programming code is used in nearly every device we use!

Whether you’re talking on the phone, playing Guitar Hero, or the Wii Fit, listening to music on your MP3 player, texting, or surfing – you are using technology that’s been programmed to do what it does.

Isn’t it time you started paying attention to security?