For a long time, the experience of patching Sun's Java software has been less than pleasant. The updates were huge and time consuming, the patching instructions were a mess and, even worse, Sun never removed older, vulnerable versions from the patched machine.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
It's Apple's turn on the Patch Day treadmill and, for Mac OS X users, it's quite ugly.As I write, Apple has released four different bulletins to cover 48 documented vulnerabilities in the Mac OS X ecosystem, a solitary code execution flaw affecting Safari for Windows and four different security problems in Java for Mac OS X.
Microsoft has announced an alliance of various industry partners whose goal is to fight the Conficker worm. The announcement is short on actionable methods for stopping the worm, but it does include one gem: a $250,000 (US) bounty for information leading to the capture of those responsible for the worm.
A security researcher wants Microsoft to follow the lead of other browser makers and start fixing Internet Explorer security problems outside of the Patch Tuesday cycle to help contain the Windows malware epidemic.
According to PandaSecurity, the social news site Digg.com is among the very latest Web 2.
After two straight years of taking dead aim at Macbooks and Windows-powered machines, hackers at this year's CanSecWest conference will have shiny new targets: Web browsers and mobile phones.According to CanSecWest organisers, there will be two separate Pwn2Own competitions this year -- one pitting hackers against IE8, Firefox 3 and Safari and another targeting Google Android, Apple iPhone, Nokia Symbian and Windows Mobile.
Guest post by Eric SchultzeIt's a seemingly light batch of patches this month, trailing an even lighter, single patch release in January. Two critical items were released -- including patches for Internet Explorer 7 and Microsoft Exchange Server.
Research in Motion (RIM) today raised an alarm for a serious security vulnerability in the BlackBerry Application Web Loader, warning that it exposes Windows users to code execution attacks.When a BlackBerry device user browses to a web site that is designed to install the BlackBerry Application Web Loader ActiveX control on BlackBerry devices over a USB connection, and clicks Yes to install and run the ActiveX control, the ActiveX control introduces the vulnerability to the computer.
Microsoft today shipped four bulletins with patches for at least 8 documented security vulnerabilities affecting Windows users and warned that "consistent exploit code could be easily crafted" to launch attacks via the Internet Explorer browser.The Patch Tuesday batch includes fixes for a pair of code execution holes in IE, two bugs in the Microsoft Exchange Server, a remote code execution issue in the Microsoft SQL Server, and three separate flaws haunting users of Microsoft Office Visio.
A recently released report by BeyondTrust entitled "Reducing the Threat from Microsoft Vulnerabilities" indicates that that according to the company's analysis of all the security bulletins Microsoft published in 2008, 92% of the critical vulnerabilities could have been mitigated by the principle of the least privilege.