Just hours after the release of the Google Chrome browser last month, researcher Aviv Raff discovered that he could combine two vulnerabilities -- a flaw in Apple Safari (WebKit) and a Java bug -- to trick users into launching executables direct from the new browser. (Here's a demo showing how a Google Chrome users can be lured into downloading and launching a JAR (Java Archive) file that gets executed without warning.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
As many of you already know, the anti-Midas touch of the financial crisis is spreading to the technology sector. Sequoia Capital, one of the largest VC funds in Silicon Valley, gave a presentation that pretty much said become profitable now or pack up and go home.
According to SophosLabs Adobe's owned seriousmagic.com has been automatically SQL injected by the Asprox botnet, becoming the very latest high profile legitimate web sites injected with links to exploits and malware serving sites :"The infection, which resides at hxxp://www.
Deloitte's recently released Wireless Security Survey assessing Mumbai's -- India's financial capital -- state of security awareness in respect to wireless security, shows an ugly picture of insecure wireless networks in both, business, and residential districts. With Mumbai being the home of India's most important financial institutions, next to the majority of multinational corporations, it may also turn into the playground for the next high profile data breach.
Adobe has released Flash Player 10 (Techmeme discussion) with a chock-full of major security improvements, including patches and mitigation for at least five serious security vulnerabilities.The vulnerabilities covered with Flash Player 10 could allow an attacker to bypass the software's security controls, Adobe warned.
In a recently conducted comparative review, Danish security company Secunia, tested the detection rate of 12 different Internet Security Suites against 300 exploits (144 malicious files and 156 malicious web pages) affecting popular end user applications, to find that even the top performer in the test is in fact performing poorly in general. Their conclusion :"These results clearly show that the major security vendors do not focus on vulnerabilities.
Malicious attackers are once again taking advantage of event-based social engineering attacks, and are currently mass mailing fake notifications for Microsoft's Patch Tuesday, attaching a copy of Trojan.Backdoor.
It seems that not a day goes by without a new media alert regarding bad things in the chinese supply chain. First it was lead in our toys, then it was melamine in our milk, and now it also may be backdoors in our counterfeit Cisco hardware.
There are many ways of telling the world about a security vulnerability. A vulnerability can be announced without telling the vendor, it can be announced after giving the vendor a period of time to fix the issue, or it may just be circulated amongst the underground without ever coming to the surface.
We tend to say that information security is a small world. Conferences quickly become real-life demonstrations of the principle of six-degrees-of-separation.