The Black Hat group on Twitter provided a message today alerting people to a webcast to be put on by Dan Kaminsky on the DNS vulnerabilities that I've heavily covered as follows: Dan Kaminsky breaks DNS, massive multi-vendor patch coming, details at Black Hat Vegas '08 Kaminsky and Ptacek comment on DNS flaw Don't doubt Deputy DanThe story has also received extensive coverage over at Securosis, where Rich Mogull has provided a podcast on the subject.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
More details coming out on the Oracle patches that were released last week, see Ryan Naraine's write up here. David Litchfield, noted security researcher from NGSSoftware, released details of one of the vulnerabilities on the Full-Disclosure email list today, and the details are staggering.
Engadget's Joshua Topolsky reports that the iPhone Dev Team has already jailbroken an iPhone 3G. Topolsky writes: We can't say this is a surprise...
Ah, this is a fun little trick. I'm not sure if it represents a vulnerability, but certainly I expect Google will try to get rid of this feature.
WordPress, one of the fastest growing blog software providers, has shipped a new update with fixes for nearly 200 bugs and a major security-related change to disable remote publishing protocols by default.With WordPress 2.
Symantec has reported that the Neosploit toolkit has been updated to include attack vectors for the recent Microsoft Access ActiveX vulnerability. Neosploit is a toolkit for sale on the market (price estimates fall between $1500-$3000) that seeks to automate and extend the capability of browser exploits.
Kris Kaspersky, author of numerous books on reverse engineering and software engineering, will be presenting his research on remote code execution through Intel CPU bugs at the upcoming Hack in the Box Security Conference in Malaysia.
Update: TSA has commented on the CNN story on their website.From our good friend Dave Lewis from Liquidmatrix Security Digest, and memorable quotes from Samuel L.
A XSS worm was crawling across Justin.tv, the popular lifecasting platform at the end of June, details of the incident emerged in the middle of last week.
Database server giant Oracle plans to ship patches for a total of 45 security vulnerabilities on Thursday (July 17), bringing the vulnerability count for 2008 to a whopping 112.Since January 2006 (this CPU included), Oracle has shipped fixes for a total of 572 vulnerabilities.