Microsoft's out-of-band update for the critical -- and under attack -- animated cursor (.ani) vulnerability has finally crossed the finish line, one week ahead of Redmond's own schedule but more than three months after it was first reported by a private security research company.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of security. He is the author of three books and thousands of published articles and many more unpublished, private reports. Larry has been Technical Director at several test laboratories where he both directed and ran product testing, with a special interest in test automation. Larry began his career as a Software Engineer at the now-defunct Desktop Software Corporation in Princeton, NJ, on the team that wrote the NPL 4GL query language. He also worked on corporate IT and software development at Chase Econometrics. Larry is a graduate of the University of Pennsylvania with a degree in Public Policy.
Ms. Violet Blue (tinynibbles.com, @violetblue) is a freelance investigative reporter on hacking and cybercrime at Zero Day/ZDNet, CNET and CBS News, as well as a noted sex columnist. She has made regular appearances on CNN and The Oprah Winfrey Show and is regularly interviewed, quoted, and featured in a variety of publications that includes ABC News and the Wall Street Journal. She has authored and edited award-winning, best selling books in eight translations and has been a sex columnist for the San Francisco Chronicle. She has given keynote talks at such conferences as ETech, LeWeb, and the Forbes Brand Leadership Conference, and has given two Tech Talks at Google. In 2010, the London Times named Blue one of “40 bloggers who really count.” Ms. Blue is the author of The Smart Girl's Guide to Privacy. Violet Blue bio courtesy of TTI Vanguard.
eEye Digital Security has shaken up its top management, firing chief executive officer Ross Brown less than six months after promoting him to the top slot.Kamal Arafeh, who previously managed eEye's sales operations, will be the new CEO.
Sana Security has scooped up $12 million in a fifth round of funding and hired telco crash survivor Don Listwin to take over the corner office. Sana, which excels at behavior blocking software, is banking on the new CEO to find new customers for its Active Malware Defense Technology and figure out an exit strategy in a very tricky security market.
Microsoft plans to release an emergency, out-of-cycle Windows update on Tuesday, April 3, 2006 to patch the animated cursor (.ani) vulnerability currently being used in widespread malware attacks.
On the Full Disclosure mailing list comes this announcement from a group of anonymous security researchers: During one week (2007-04-02/08), new undisclosed vulnerabilities / flaws / exploitation techniques discovered in the latest versions of the Microsoft Windows Vista operating system and softwares will be publicly disclosed on this page. This project is launched as a challenge by an unofficial team of security experts.
A private security research outfit says it notified Microsoft about the animated cursor (.ani) code execution vulnerability since December 2006, a full four months ahead of yesterday's discovery of Internet Explorer drive-by attacks.
Spammers are using fake Internet Explorer 7 (Beta 2) downloads to lure Windows users into downloading a nasty backdoor Trojan.The fake downloads are part of a massive spam run that includes an official-looking graphic (see image below) linked to Web sites that auto-launch an executable named "ie7.
[UPDATE: March 29, 2007 @ 1:15 PM Eastern] Microsoft has confirmed that this is indeed a zero-day flaw that will require a security update. Although Internet Explorer is the primary attack vector, this is a vulnerability in the way Windows handles animated cursor (.
HD Moore's open-source Metasploit Framework has been rewritten from scratch and released with 177 exploits, 104 payloads and new modules to exploit Wi-Fi driver vulnerabilities in the Windows kernel. Version 3.
If you haven't applied the "critical" patch in Microsoft's MS07-009 bulletin, now might be a good time to hit that download-and-install button.Detailed exploit code for the vulnerability -- discovered during HD Moore's MOBB (month of browser bugs) project and fixed on Patch Tuesday in February -- has surfaced on the Internet, offering malware authors step-by-step instructions on how to launch PC takeover attacks.
Less than six months after the discovery of zero-day attacks against Microsoft XML Core Services 4.0, Microsoft plans to "killbit" MSXML4 and completely remove the XML parser from its download center.
Apple's Mac OS X has a date with some of the world's smartest hackers.At this year's CanSecWest 2007 conference in Vancouver, BC, a "PWN to OWN" contest will pit security researchers against a MacBook Pro in an experiment to see how well a default Mac OS X install can survive hacker scrutiny.
A design error in Microsoft's Windows Mail, the e-mail application bundled into Windows Vista, could expose users to remote file-execution attacks, according to a warning from security researchers.A hacker known as "Kingcope" published proof-of-concept code to show that remote code execution is possible if a user is tricked into clicking a malicious link.
Ninety days after the release of Microsoft's Windows Vista to business customers, the new operating system has a much better security vulnerability profile than its predecessor and several other modern workstation operating systems including Red Hat, Ubuntu, Novell and Apple products.That's according to Jeff Jones, security strategy director in Microsoft's Trustworthy Computing group.