Ever since Rob McMillan of IDG published a story giving a preview of our coming Black Hat talk, specifically a preview of the portion of our talk related to GIFARs, media coverage of the research has swirled a bit out of control and there's been some misconceptions. My co-presenter John Heasman has a write-up on GIFARs that explains this all just a bit more.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is an outspoken and controversial author and journalist; she contributes to ZDNet, CNET, CBS News and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
About 75 percent of all Web sites serving up malicious code are legitimate sites that have been hacked/compromised, according to a new report from WebSense.This number validates statistics from ScanSafe showing a dramatic rise in 'good' sites being being used as a conduit for drive-by malware downloads and other social engineering attacks.
Less than 24 hours after Apple (belatedly) released a patch for the DNS cache poisoning vulnerability, there are reports circulating that the DNS client on the OSX 10.4.
Guest editorial by Roger ThorntonLast week, Fortify published a study on adoption of security best-practices within the Open Source community. Given mounting risk posed by extensive use of Open Source technologies within business and government IT, we were gratified to see the passionate discussions that followed.
The less popular search engines always have the best privacy policies, it's a fact. Take Cuil, the recently launched search engine pitching itself as the most comprehensive index of the Web, and their stance on privacy.
Rob McMillan from IDG interviewed John Heasman and I today about the presentation we will be delivering with Rob Carter at Black Hat Vegas next week. The article has a good teaser about one of the more interesting of the many attacks we will cover, namely what we've coined the GIFAR attack.
[ UPDATE: nCircle Andrew Storms reports that the DNS client on the OSX 10.4.
Brian Krebs from the Washington Post "Security Fix" Blog reported that one of the talks slated for next week's Black Hat convention on a previously undiscovered flaw in Apple's FileVault encryption system has been canceled, the researcher citing confidentiality agreements as the reason he will not be speaking.The article states:Charles Edge, a researcher from Georgia, had been slated to discuss his research on a weakness that could be used to defeat FileVault encryption on the Mac.
My colleagues at Kaspersky Lab (see disclosure) have intercepted two new worms squirming through MySpace and Facebook, using social engineering lures to plant malware on Windows systems.The worms propagate via the comments features on the two popular social networks, using video lures and fake Flash Player downloads to trick end users into installing malicious executables.
Last week, TechCrunch's Jason Kincaid wrote about an obvious Twitter vulnerability that allowed a user called "johng77536" to game the popular micro-blogging service to add thousands of followers (subscribers) in a short period of time.The "johng77536" account has since been disabled but a security researcher tracking Twitter security flaws and weaknesses has discovered a new vulnerability that lets users easily game the "follow" system.