Martin Englund, security engineer in the Java Network and Security group at Sun Microsystems, offers a blow-by-blow of how the company reacted to the Solaris Telnet zero-day
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of security. He is the author of three books and thousands of published articles and many more unpublished, private reports. Larry has been Technical Director at several test laboratories where he both directed and ran product testing, with a special interest in test automation. Larry began his career as a Software Engineer at the now-defunct Desktop Software Corporation in Princeton, NJ, on the team that wrote the NPL 4GL query language. He also worked on corporate IT and software development at Chase Econometrics. Larry is a graduate of the University of Pennsylvania with a degree in Public Policy.
Ms. Violet Blue (tinynibbles.com, @violetblue) is a freelance investigative reporter on hacking and cybercrime at Zero Day/ZDNet, CNET and CBS News, as well as a noted sex columnist. She has made regular appearances on CNN and The Oprah Winfrey Show and is regularly interviewed, quoted, and featured in a variety of publications that includes ABC News and the Wall Street Journal. She has authored and edited award-winning, best selling books in eight translations and has been a sex columnist for the San Francisco Chronicle. She has given keynote talks at such conferences as ETech, LeWeb, and the Forbes Brand Leadership Conference, and has given two Tech Talks at Google. In 2010, the London Times named Blue one of “40 bloggers who really count.” Ms. Blue is the author of The Smart Girl's Guide to Privacy. Violet Blue bio courtesy of TTI Vanguard.
Cisco and Adobe roll out software updates to fix a slew of vulnerabilities that could cause denial-of-service, security bypass and cross-site scripting attacks.
A close look at MS07-010 shows that Microsoft Windows Defender in Windows Vista is indeed vulnerable to a "critical" code execution flaw that was flagged by researchers at IBM's ISS X-Force unit.
The fix comes just days after a hacker known as "Kingcope" went public with details of the vulnerability, which allows a remote attacker to bypass the Sun Solaris telnet daemon's authentication mechanisms.
Microsoft's Patch Tuesday train rumbled into security central with a full load today: 12 bulletins with patches for at least 20 vulnerabilities in a wide range of widely used software products.
Joanna Rutkowska has always been a big supporter of the Windows Vista security model. Until she stumbled upon a "very severe hole" in the design of UAC (User Account Control) and found out -- from Microsoft officials -- that the default no-admin setting isn't even a security mechanism anymore.
Security guru Bruce Schneier has given a big thumbs-down to Windows Vista, arguing that the copy protection features built into the new operating system "will make your computer less reliable and less secure."
eBay’s PayPal unit has started shipping a $5.00 keyring-sized device that generates a unique security code for user accounts every 30 seconds.
Skype has released an update for Windows users to nuke a DRM (digital rights management) snoop agent that reads the serial number off a user's motherboard.
An anonymous hacker has posted instructions on how to launch attacks against a remote root exploit in the Solaris 10/11 telnet daemon.
Researchers at Penn State have filed a provision patent for a new anti-worm technology that promises to identify and contain network worms milliseconds into an attack without using anti-virus signatures.
The open-source PHP Group has shipped a new version of the general-purpose scripting language to fix multiple security holes that could lead to security bypass and the exposure of sensitive information.
SAN FRANCISCO -- Just days after unknown attackers launched denial-of-service attacks against the root servers that help manage the world's Internet traffic, Verisign announced the launch of a major initiative to significantly increase its daily DNS query capacity -- from 400 billion queries a day currently to 4 trillion queries a day.
Microsoft's Patch Day bundle this month will be a whopper: 12 bulletins with fixes for a wide range of serious security vulnerabilities.Five of the 12 bulletins will cover remotely exploitable bugs in the Windows operating system while three will deal with Microsoft Office flaws.
The One Laptop Per Child project releases Bitfrost, an architecture-level specification covering the $100 notebook's security model.