Say what you want about the ethics of the "month of bugs" phenomenon, these vulnerability disclosure projects are getting immediate -- and valuable -- results.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of security. He is the author of three books and thousands of published articles and many more unpublished, private reports. Larry has been Technical Director at several test laboratories where he both directed and ran product testing, with a special interest in test automation. Larry began his career as a Software Engineer at the now-defunct Desktop Software Corporation in Princeton, NJ, on the team that wrote the NPL 4GL query language. He also worked on corporate IT and software development at Chase Econometrics. Larry is a graduate of the University of Pennsylvania with a degree in Public Policy.
Ms. Violet Blue (tinynibbles.com, @violetblue) is a freelance investigative reporter on hacking and cybercrime at Zero Day/ZDNet, CNET and CBS News, as well as a noted sex columnist. She has made regular appearances on CNN and The Oprah Winfrey Show and is regularly interviewed, quoted, and featured in a variety of publications that includes ABC News and the Wall Street Journal. She has authored and edited award-winning, best selling books in eight translations and has been a sex columnist for the San Francisco Chronicle. She has given keynote talks at such conferences as ETech, LeWeb, and the Forbes Brand Leadership Conference, and has given two Tech Talks at Google. In 2010, the London Times named Blue one of “40 bloggers who really count.” Ms. Blue is the author of The Smart Girl's Guide to Privacy. Violet Blue bio courtesy of TTI Vanguard.
Next week's Patch Tuesday updates from Microsoft will include fixes for a wide range of "critical" vulnerabilities in the Windows, Office and Exchange product lines, the software giant announced today.As part of its advance notice mechanism, Microsoft said a total of 7 bulletins will be released on May 8, 2007.
Secunia is muscling its way into the corporate vulnerability scanning market with a new tool that challenges established players like Tenable, Qualys and Sourcefire.
After a brief lull -- and two fakes -- the "month of bugs" security projects are back, taking aim this time at flaws in ActiveX controls used by software developers.
Apple has released QuickTime 7.1.6 to patch the code execution hole discovered by Dino Dai Zovi and exposed during the CanSecWest MacBook hijack contest.
Security holes in two popular desktop software applications could put millions of computer users at risk of code execution attacks. The flaws, rated "highly critical," were flagged in the Trillian cross-platform IM program and Nullsoft's Winamp media player.
Verisign is expected to announce a deal with Innovative Card Technologies to equip banks and e-commerce sites with cards that work with its two-factor authentication system.
CNET News.com security reporter Joris Evers is leaving the journalism field to take a job in McAfee's PR department.
How did the super-critical animated cursor (.ani) vulnerability get past all the strict code review, fuzz testing and other defense-in-depth mitigations built into Windows Vista? Michael Howard has the answer and he's sharing it with us...
An anonymous blogger claims he/she was able to monitor the network at CanSecWest security conference and snag a full packet capture of the MacBook hijack contest.
Photoshoppers, be careful. Publicly available exploit code for a serious security flaw in Adobe Photoshop could allow attackers to take complete control of your Windows machine.
Mozilla seems to be having a hard time pulling the plug on Firefox 1.5. After today, the open-source group planned to stop shipping security and stability updates for Firefox 1.5 but now I'm hearing that support has been extended to the middle of May.
The vulnerability is a Java-based vulnerability in QuickTime, which is installed by default on Mac OS X. Any Java-enabled Web browser on this platform is an attack vector.
I caught up with security researcher Dino Dai Zovi to discuss his successful hijack of a MacBook Pro machine at last week's CanSecWest conference in Vancouver, Canada.We talk about the specific vulnerability, the motivation for the attack, Apple's response and his plans around Mac OS X research: RN: What's your OS of choice?
Despite all the anti-malware roadblocks built into Windows Vista, a senior Microsoft official is lowering the security expectations, warning that viruses, password-stealing Trojans and rootkits will continue to thrive as malware authors adapt to the new operating system.