Joanna Rutkowska has always been a big supporter of the Windows Vista security model. Until she stumbled upon a "very severe hole" in the design of UAC (User Account Control) and found out -- from Microsoft officials -- that the default no-admin setting isn't even a security mechanism anymore.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of security. He is the author of three books and thousands of published articles and many more unpublished, private reports. Larry has been Technical Director at several test laboratories where he both directed and ran product testing, with a special interest in test automation. Larry began his career as a Software Engineer at the now-defunct Desktop Software Corporation in Princeton, NJ, on the team that wrote the NPL 4GL query language. He also worked on corporate IT and software development at Chase Econometrics. Larry is a graduate of the University of Pennsylvania with a degree in Public Policy.
Ms. Violet Blue (tinynibbles.com, @violetblue) is a freelance investigative reporter on hacking and cybercrime at Zero Day/ZDNet, CNET and CBS News, as well as a noted sex columnist. She has made regular appearances on CNN and The Oprah Winfrey Show and is regularly interviewed, quoted, and featured in a variety of publications that includes ABC News and the Wall Street Journal. She has authored and edited award-winning, best selling books in eight translations and has been a sex columnist for the San Francisco Chronicle. She has given keynote talks at such conferences as ETech, LeWeb, and the Forbes Brand Leadership Conference, and has given two Tech Talks at Google. In 2010, the London Times named Blue one of “40 bloggers who really count.” Ms. Blue is the author of The Smart Girl's Guide to Privacy. Violet Blue bio courtesy of TTI Vanguard.
Security guru Bruce Schneier has given a big thumbs-down to Windows Vista, arguing that the copy protection features built into the new operating system "will make your computer less reliable and less secure."
eBay’s PayPal unit has started shipping a $5.00 keyring-sized device that generates a unique security code for user accounts every 30 seconds.
Skype has released an update for Windows users to nuke a DRM (digital rights management) snoop agent that reads the serial number off a user's motherboard.
An anonymous hacker has posted instructions on how to launch attacks against a remote root exploit in the Solaris 10/11 telnet daemon.
Researchers at Penn State have filed a provision patent for a new anti-worm technology that promises to identify and contain network worms milliseconds into an attack without using anti-virus signatures.
The open-source PHP Group has shipped a new version of the general-purpose scripting language to fix multiple security holes that could lead to security bypass and the exposure of sensitive information.
SAN FRANCISCO -- Just days after unknown attackers launched denial-of-service attacks against the root servers that help manage the world's Internet traffic, Verisign announced the launch of a major initiative to significantly increase its daily DNS query capacity -- from 400 billion queries a day currently to 4 trillion queries a day.
Microsoft's Patch Day bundle this month will be a whopper: 12 bulletins with fixes for a wide range of serious security vulnerabilities.Five of the 12 bulletins will cover remotely exploitable bugs in the Windows operating system while three will deal with Microsoft Office flaws.
The One Laptop Per Child project releases Bitfrost, an architecture-level specification covering the $100 notebook's security model.
The palm-sized PDA tucked away in Justine Aitel's pocketbook just might be the most scary device on display at this year's RSA security conference.
Stefan Esser's frustrations with the PHP Security Response Team has boiled over into plans for "month of PHP bugs" project scheduled for March 2007.
Security researchers are seeing signs of gang warfare among pump-and-dump spam scammers.
Microsoft late Friday warned users to be on the lookout for Excel files that arrive unexpectedly -- even if they come from a co-worker's e-mail address.In an advisory, Microsoft confirmed a new wave of limited "zero-day" attacks was underway, using a code execution flaw in its Microsoft Office desktop productivity suite.