More than two years after Symantec pulled the plug on L0phtCrack, the venerable password cracking tool is being prepped for a return to the spotlight.The original creators of L0phtCrack has reacquired the tool with plans to release a new version at next week's SOURCE Boston conference.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
Design specs on the President's helicopter, Marine One, have been found on an Iranian server, according to a security firm that gathers intelligence on peer-to-peer networks.According to P2P intelligence firm Tiversa, a soon-to-be-ex-employee of a Bethesda-based military contractor installed a P2P app on their cleared desktop and leaked out the design specs for the helicopter that carries the President from the White House to Air Force One.
The open-source PHP Group has issued a patch for at least four security flaws in the widely-used general-purpose scripting language.With PHP 5.
A Microsoft Web application security specialist is suggesting an offbeat defense-in-depth strategy to protect Web sites and applications from cross-site scripting (XSS) and cross-site request forgery (XSRF) attacks.According to Bryan Sullivan, security program manager for Redmond's Security Development Lifecycle team, Web developers should consider URL Rewriting as a technique to ward off hackers looking to exploit Web app vulnerabilities.
Starting this week, Microsoft will ship an update to Windows Vista Ultimate users to ferret out cracked copies of its most expensive and feature-packed operating system.The renewed anti-piracy campaign is aimed directly at the activation exploit known as the "SoftMod hack," according to a post on Microsoft's WGA blog.
In a newly released paper entitled "Evil Searching: Compromise and Recompromise of Internet Hosts for Phishing" Tyler Moore and Richard Clayton provide empirical evidence according to which 75.8% of the phishing sites that they've analyzed (2486 sites) were hosted on compromised web servers to which the phishers obtained access through Google hacking techniques (search engine reconnaissance).
I'm a little bit late with this but it's such a useful move by Microsoft, I figured I'd point it out for Zero Day readers.Microsoft has been adding a nifty one-click "fix it" utility to its Knowledge Base (KB) articles to help end users solve Windows problems without having to navigate through the maze of instructions.
Google is (indirectly) buying security vulnerabilities from white hat hackers.Under the guise of a Native Client Security Contest, the search engine firm is offering big cash prizes to hackers who find bugs and other security flaws in the open-source research technology for running x86 native code in Web applications.
Remember last month's Google Video search results poisoning attack which was hijacking legitimate YouTube titles in order to acquire potential traffic coming from Google Video? Or the massive comment-spam attack on Digg.
After more than two weeks (months?) of inexplicable silence on mitigations for a known code execution vulnerability in its Reader and Acrobat product lines, Adobe has finally posted public information on the problem but the company's response falls well short of providing definitive mitigation guidance for end users.