In a comment in a talkback on the original issue discovered in Adobe Flash that led to the compromise of the Vista machine at the Pwn2Own contest, an Adobe representitive, Erick Lee, Manager of Adobe Secure Software Engineering Team (ASSET), claimed that Adobe knew of the flaw and has a patch on the way. This announcement acknowledges that Adobe knew of the risk, accepted it as their own, and was working on fixing it.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is an outspoken and controversial author and journalist; she contributes to ZDNet, CNET, CBS News and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
While checking out Billy Rios's XS-Sniper blog today, I noted that he had included an interesting link to some videos produced by Microsoft. I haven't had a chance to check them all out yet, but they are quite interesting.
Our coverage of the Pwn2Own contest has received a lot of attention, so I thought it would make sense to go straight to the source of the Adobe Flash exploit to get some first-hand accounts of what went down.
Why are we still talking about the value of PCI Compliance? Now we can all get it for free due to a great new product!
Ivan Ristic (pictured to the right) posted a story today on his blog that highlights some changes that are to go into effect in England sometime this year. The changes to the Computer Misuse Act (CMA) would appear to put security researchers and consultants in the UK at risk of being considered criminals.
Apple had a rough security week. Vista was hacked.
So, I've been pretty surprised by the response to the discussion of the Flash flaw that allowed the Vista machine to be compromised in the Pwn2Own contest.
If you haven't seen Day 1 or Day2/Day3 of my series on Black Hat Europe, feel free to have a look. As I mentioned in my Day 2/Day 3 posting, I didn't get a chance to meet up to interview Adam Laurie until late in the day on Thursday; therefore, I moved onto my Day2/Day 3 story and promised to post the interview with Laurie later on.
Fortify Software, which heads off insecure software code in the development, said Monday that it has launched a suite designed to head off vulnerabilities in automated and older applications.The suite, dubbed Fortify 360, expands the company's market.
Update 3/29/2008: Just to clarify in case it wasn't clear, this is a flaw in an Adobe product, Adobe Flash, and not in a Microsoft product or in the Windows Vista operating system. This is important to note, as it's not quite as glamorous as the flaw that took down the brand new, fully patched, MacBook Air; which just so happened to be a flaw in Safari.