In what amounts to a major about-face, Apple has patched the Safari "carpet bombing" vulnerability that led to a Safari-to-Internet Explorer remote code execution combo threat.After insisting for weeks that the issue is more of an irritant than a security risk, Apple today released Safari v3.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
Yesterday, an anonymous reader released details on a local root escalation vulnerability in Mac OS x 10.4 and 10.
Microsoft has re-released its critical MS08-030 bulletin for Windows XP SP2 and SP3 users, warning that "two separate human issues" caused a major hiccup with the critical security patch.The original version of the patch, which corrects a remote code execution flaw in the Windows Bluetooth stack, failed to properly fix the vulnerability for Windows XP users, according to Christopher Budd, a program manager in the MSRC (Microsoft Security Response Center).
The popular document and media sharing service DivShare, suffered a security breach according to a security announcement posted by DivShare's support team earlier this week :Late last night we were alerted of a security breach that allowed a malicious user to access our database, which included user e-mail addresses and other basic profile information. No financial information has been accessed by any unauthorized parties.
Don't forget to go and vote on the Pwnie Awards, which will happen at Black Hat Vegas again this year. I don't want to campaign for votes, but I wouldn't be pissed if some of my loyal readers out there voted for me, Billy Rios, Rob Carter, and John Heasman and some of our interesting research that I've presented here on the blog.
The Xinhua news agency is reporting that the web site defacer which I mentioned in a previous post regarding the use of web site defacements as tools for psychological operations, has been located and detained in less than a week after he defaced the Seismic Emergency and Public Center of the Guangxi province where he left a fake message on an upcoming earthquake that's going to hit China.
"There is no such thing as bad publicity except your own obituary" - Brendan Behan. Ypigsfly, a company describing itself as a group of seasoned veterans of the Internet network infrastructure business, has just launched Killthisbox.
It's not all about world records for Firefox 3.0.Just hours after the official release of the latest refresh of Mozilla's flagship browser, an unnamed researcher has sold a critical code execution vulnerability that puts millions of Firefox3.
Finjan's Malicious Code Research Center has uncovered a half of gigabyte of stolen data from US Healthcare organizations and from a major airline on crimeware servers in Argentina and Malaysia.A representative of Finjan stated:"Hackers incorporated sophisticated attacks using crimeware toolkits, Trojans, and Command and Control servers to drive traffic from a specific region with specific characteristics.
Yesterday, Photobucket the world's most popular photo sharing site according to Hitwise had its DNS records hijacked to return a hacked page courtesy of the NetDevilz hacking group, a Turkish web site defacement group most widely known for its defacement of the adult video site Redtube earlier this year.