Apple has shipped another mega-update to address security vulnerabilities affecting Mac OS X users, warning that the most serious issues could lead to arbitrary code execution attacks.The update, available for Tiger and Leopard, addresses a total of 34 documented vulnerabilities, some in third-party components like ClamAV, BIND, OpenSSH and Ruby.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
With Facebook persistently under attacks from phishers and malware authors, looking for creative ways to efficiently exploit its users base, Facebook's security team has silently introduced a new "security warning feature" alerting its users on the potential maliciousness of the third-party site they are about to visit. Is the newly introduced featured a PR move, and how applicable is this approach during an ongoing attack?
If you haven't applied Microsoft's MS08-053 security update, now might be a good time to hit that patch button.Proof-of-concept exploit code for the vulnerability, which allows remote code execution attacks via the Web, has been posted online, raising the likelihood that we'll soon see in-the-wild exploitation.
Malicious hackers have broken into several sections of BusinessWeek.com and are now using the popular site to redirect visitors to malware-laden servers.
Throttling is a fundamental technique that finds numerous applications in information security. It helps buy time for a security team to decide the proper course of action for remediating a problem.
A spamming vendor known as the SET-X Corporation, has recently launched the distributed SET-X Mail System, a sophisticated managed spamming service available for rent on a monthly basis starting from $2000, promising to achieve "spamming speed" of 5000 to 7000 emails per minute and over 1 million spam messages per day, courtesy of the 5000 bots it comes preloaded with.
At Black Hat last month, when I spoke to Mozilla security chief Window Snyder, she made it clear that Private Browsing would not make it into the next revision of Firefox.Today, the open-source group all but announced that the privacy feature, which puts the browser into a temporary state where no information about the user's browsing session is stored locally, will definitely make it into Firefox 3.
Apple's long-awaited iPhone 2.1 software update was released today with patches for at least eight security vulnerabilities, some of which could lead to remote code execution attacks.
Danish security research firm Secunia has launched a pay-as-you-go vulnerability analysis service aimed at providing technical details, exploits and proof-of-concept code to security software vendors.The new Binary Analysis Service is billed as a one-stop-shop for indepth analysis of the "worst and most interesting vulnerabilities" affecting widely deployed software products.
The invaluable NoScript for Firefox plug-in just got a tad better.According to Giorgio Maone, the developer behind the popular browser extension, a new experimental feature called "Forced Secure Cookies" has been added to NoScript v1.