Microsoft discloses zero day in all versions of Internet Explorer

By  for Zero Day |

Late Saturday Microsoft revealed a vulnerability in all versions of Internet Explorer that is being used in “limited, targeted attacks.” They are investigating the vulnerability and exploit and have not yet determined what action they will take in response or when.

All versions of Internet Explorer from 6 through 11 are listed as vulnerable as well as all supported versions of Windows other than Server Core. Windows Server versions on which IE is run in the default Enhanced Security Configuration are not vulnerable unless an affected site is placed in the Internet Explorer Trusted sites zone.

The vulnerability was reported to Microsoft by research firm FireEye. FireEye says that, while the vulnerability affects all versions of IE, the attack is specific to versions 9, 10 and 11. It is a “use after free” attack in which memory objects in the browser are manipulated after being released. The attack bypasses both DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization).

The specific exploit, according to FireEye, uses an Adobe Flash SWF file to manipulate the heap with a technique called heap feng shui. Neither Microsoft nor FireEye says it, but this implies that systems without Flash installed are not vulnerable to the specific exploit, although they are to the underlyng vulnerability in Internet Explorer. Internet Explorer 10 and 11 come with Flash embedded, so they are vulnerable by default.

EMET, the Enhanced Mitigation Experience Toolkit, will also make it more difficult to exploit this vulnerability.

Coming soon: a whole new you, in your Twitter profile

Moment by moment, your Twitter profile shows the world who you are. Starting today, it will be even easier (and, we think, more fun) to express yourself through a new and improved web profile.

What’s new about the new you? The new web profile lets you use a larger profile photo, customize your header, show off your best Tweets and more. Here are main features:

  • Best Tweets: Tweets that have received more engagement will appear slightly larger, so your best content is easy to find.
  • Pinned Tweet: Pin one of your Tweets to the top of your page, so it’s easy for your followers to see what you’re all about.
  • Filtered Tweets: Now you can choose which timeline to view when checking out other profiles. Select from these options: Tweets, Tweets with photos/videos, or Tweets and replies.

Coming soon to everyone
This new profile setup is available today to a small group of users. If you’re new to Twitter, you’ll start in with the new profile. In the coming weeks, we will roll out the new features to everyone.

In the meantime, for a peek at what’s coming, check out these web profiles:

10 important URLs that every single Google user needs to know

Original Source: http://bgr.com/

Personally, I love that Google is so creative with my private data. I am fully aware that in order to use Google’s many great “free” services, I pay the company in information about myself that helps it serve better ads. That same information lets it create fantastic services such as Google Now, and it saves me a tremendous amount of pain and suffering. It also, of course, helps make Google Search better. But even if you’re like me and you’re happy with this model, it’s still very important to be fully aware of what Google collects and how you can control it.

With that in mind, here are 10 important URLs compiled recently by Digital Inspiration that every single Google user should be aware of.

https://accounts.google.com/SignUpWithoutGmail — Create a Google account with your current email address instead of making a new gmail.com address.

https://www.google.com/ads/preferences — View and edit your profile within Google’s system as it relates to advertising (you can also opt out of interest-based ads here).

https://www.google.com/takeout — Use this link to export all of your data contained within the Google ecosystem, including emails, photos and YouTube videos.

https://support.google.com/legal — This URL will let you file a complaint in the event you find your content being used without permission on a Google website.

https://maps.google.com/locationhistory — This is exactly what you think it is, your location history if you use an Android phone or the Google Now iOS app.

https://history.google.com — Your entire search history; make a pot of coffee before you start digging.

https://www.google.com/settings/account/inactive — If you have unused Gmail accounts, use this to ensure that Google doesn’t delete them after extended periods of inactivity.

https://security.google.com/settings/security/activity — Think someone might have gained unauthorized access to your account? This is your first stop.

https://security.google.com/settings/security/permissions — Here is a complete list of all Web, mobile and desktop apps that can access your data.

https://admin.google.com/YOURDOMAIN/VerifyAdminAccountPasswordReset — A link to reset your Google Apps password if your account is ever hacked (replace “YOURDOMAIN” with your URL, including the top-level domain).