Katie Moussouris, a pen testing specialist who founded and managed Symantec Vulnerability Research, has left 'Big Yellow' to join Microsoft as a security strategist.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.
Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.
At the ToorCon Seattle (beta) conference, Web application security specialist Robert Hansen (RSnake) demoed Mr-T (Master Recon-Tool), a new utility that combines information disclosure bugs in Internet Explorer and Firefox to collect information on a target's computer system.
According to an alert posted on The Pirate Bay's blog, the stolen user credentials were encrypted but the site is still urging users to immediately change usernames and passwords to avoid the risk of identity theft.
A security researcher in India is warning that Citibank's new virtual keyboard anti-phishing mechanism can be easily defeated.
Apple has released a new version of the open-source Darwin Streaming Server to plug a pair of security flaws that could cause code execution attacks.
White hat hackers have descended on Seattle for two semi-private security conferences where new attack and exploitation techniques are being discussed.
Microsoft plans to ship a file conversion tool to give Office 2003 users a chance to protect against exploits rigged into .doc, .xls, .ppt documents.
Microsoft has released seven advisories -- all rated critical -- with patches for at least 19 vulnerabilities affecting the Windows operating system, the widely deployed Office productivity suite and the dominant Internet Explorer browser. Vista is affected by 6 of the 19 flaws.
Like an old grandfather clock, the controversy surrounding last month's CanSecWest MacBook hijack contest just keeps on ticking, loud enough to stick in your ear but so monotonous and tiring that it's near impossible to perk up and listen.
Say what you want about the ethics of the "month of bugs" phenomenon, these vulnerability disclosure projects are getting immediate -- and valuable -- results.