Amidst reports on a worm squirming through a code execution hole in the Solaris 10/11 telnet daemon (in.telnetd), Sun Microsystem has released an inoculation script for systems that might still be unpatched.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of security. He is the author of three books and thousands of published articles and many more unpublished, private reports. Larry has been Technical Director at several test laboratories where he both directed and ran product testing, with a special interest in test automation. Larry began his career as a Software Engineer at the now-defunct Desktop Software Corporation in Princeton, NJ, on the team that wrote the NPL 4GL query language. He also worked on corporate IT and software development at Chase Econometrics. Larry is a graduate of the University of Pennsylvania with a degree in Public Policy.
Ms. Violet Blue (tinynibbles.com, @violetblue) is a freelance investigative reporter on hacking and cybercrime at Zero Day/ZDNet, CNET and CBS News, as well as a noted sex columnist. She has made regular appearances on CNN and The Oprah Winfrey Show and is regularly interviewed, quoted, and featured in a variety of publications that includes ABC News and the Wall Street Journal. She has authored and edited award-winning, best selling books in eight translations and has been a sex columnist for the San Francisco Chronicle. She has given keynote talks at such conferences as ETech, LeWeb, and the Forbes Brand Leadership Conference, and has given two Tech Talks at Google. In 2010, the London Times named Blue one of “40 bloggers who really count.” Ms. Blue is the author of The Smart Girl's Guide to Privacy. Violet Blue bio courtesy of TTI Vanguard.
Symantec is using the spotlight of the Black Hat DC 2007 conference to pick apart the security technologies built into Windows Vista. On the heels of its exposé of weaknesses in the UAC (user account control) mechanism, Symantec rolled out a Vista security portal with three new research papers discussing legacy threats that affect the brand new operating system.
Black Hat Diary: IOActive's decision to cancel its RFID hacking demo is the main topic of conversation here as white hat hackers ponder the ramifications of a vendor using patent infringement claims to thwart legitimate security research. The company at the center of the storm, HID Global, issued a statement acknowledging that it may be possible to clone a proximity card but insisted it "did not threaten" IOActive researcher Chris Paget to nix the presentation.
Another Black Hat conference, another vulnerability disclosure brouhaha. IOActive's Chris Paget's plan to explain why RFID technology is "insecure and untrustworthy" has run into a legal brick wall.
David Litchfield's ongoing assault on Oracle databases has unearthed a new method of exploiting PL/SQL injection vulnerabilities. Litchfield, co-founder and managing director at NGSS (Next Generation Security Software), plans to discuss the new technique at the Black Hat DC 2007 conference later this week.
Earlier this month at the RSA conference, I got a chance to see a demo of Immunity's Silica, a $3600 handheld devide that can search for and join 802.11 (Wi-Fi) access points, scan other connections for open ports, and automatically launch code execution exploits from a built-in exploit platform.
Mozilla has rolled out a major security update to fix a total of seven vulnerabilities in its flagship Firefox browser. The batch of patches apply to users of Firefox 126.96.36.199 and Firefox 188.8.131.52 (Windows, Mac, and Linux).
Firefox 184.108.40.206 as a high-priority browser
Security researchers at eEye Digital Security have found what is believed to be the first remotely exploitable vulnerability in a Microsoft Office 2007 application.
According to a published report, the recent attack against the DNS root servers was launched from a host server in Germany that controlled millions of zombie machines in South Korea
What could Cisco and Apple be up to on the security front? The two sides are not elaborating but that’s not going to stop the speculation in security circles.
Some of the biggest names in the anti-virus business -- Symantec, McAfee and CA eTrust, -- are missing from the list of vendors shipping products with the "Certified for Windows Vista" logo or the "Works with Windows Vista" logo.
It looks like Michal Zalewski is turning February into the MOFFB (month of Firefox bugs).
More than four years after Slammer started exploiting holes in Microsoft's SQL Server and Desktop Engine database products, the worm continues to squirm in machines that serve as eternal carriers for the worm.
Google has released a patch for a major security vulnerability in its powerful desktop search application.