Guest editorial by Dino Dai ZoviIn evolutionary biology, the theory of punctuated equilibiria states that evolution is not a gradual process but instead consists of long periods of stasis interrupted by rapid, catastrophic change. This is supported by fossil evidence that shows little variation within a species and new species that appear to come out of nowhere.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
Security code review specialists Fortify Software has issued a warning about major configuration weaknesses affecting SOA (service oriented architecture) deployments from IBM, Microsoft and Apache.According to Fortify, certain configurations of Apache Axis, Apache Axis 2, IBM WebSphere 6.
The end of the Neosploit web malware exploitation kit? RSA's FraudAction Research Labs recent monitoring of ongoing communications between Neosploit team members and their potential customers indicates so.
Graham Tibbetts of the UK Telegraph is reporting that the British Foreign Office has admitted to losing around 3,000 passports and visa stickers, which were stolen on their way from Manchester to RAF Northolt in London, where they were to be sent to British embassies. From the article:Officials claimed the chip technology incorporated in the passports would prevent them being used.
The distributors of Neosploit, one of the more dangerous drive-by download exploit kits on the Internet, have shut down operations because of financial problems, according to malware researchers at RSA FraudAction Research Labs.In a blog entry, the company said it found evidence that Neosploit will no longer be supported (yes, the do-it-yourself malware installation kit comes with terms of service and customer support!
Guest editorial by Oliver DayIn June 2008, StopBadware published a report with statistics (.pdf) based on our sample of infected website data from Google.
UPDATE: Arbor Networks have provided more details in their "30 Days of DNS Attack Activity" analysis, SANS confirmed HD Moore's statement on DNS cache poisoned AT&T DNS servers. Numerous independent sources are starting to see evidence of DNS cache poisoning attempts on their local networks, in what appears to be an attempt to take advantage of the "recent" DNS cache poisoning vulnerability :" client 143.
Guest Editorial by Katie Moussouris of MicrosoftIf cyberspace is a mass, consensual hallucination, as William Gibson characterized it, then HOPE was a dream manifested in meatspace that would not die. While Hackers On Planet Earth has been running every other year since 1994, it was my first journey to the con.
For the first time since the introduction of its quarterly Critical Patch Update process in 2005, Oracle has released an emergency alert to offer mitigation for a zero-day vulnerability that's been published on the Internet.
Another day, another unpatched Safari browser vulnerability.According to this flaw warning found on the NVD (National Vulnerability Database), Apple's flagship browser is vulnerable to session fixation attacks because of the way it handles cookies in country-specific top-level domains.