In the wake of the recent malvertising attacks where malicious flash ads were appearing at trusted web sites, evidence from multiple vendors and researchers indicates that spammers and malware authors have once again switched tactics, and are one again abusing legitimate services such as Google's Picasa and ImageShack.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
Microsoft today announced plans to ship four security bulletins next Tuesday (September 9, 2008) to cover worm holes affecting Windows users.All four bulletins in September's Patch Tuesday will be rated "critical," Microsoft's highest severity rating.
Whoa! Google Chrome has crashed. Restart now? While Google's Chrome team is cheering, Rishi Narang from Evil Fingers is typing and releasing a proof of concept for a denial of service vulnerability that is successfully crashing the Chrome browser with all tabs.
Security bloggers are already commenting on Google's slightly premature "Chrome" browser leak. Built on top of the Apple sponsored WebKit engine, the browser offers several security features that we have only seen so far in the beta releases of IE8.
Google's shiny new Web browser is vulnerable to a carpet-bombing vulnerability that could expose Windows users to malicious hacker attacks.Just hours after the release of Google Chrome, researcher Aviv Raff discovered that he could combine two vulnerabilities -- a flaw in Apple Safari (WebKit) and a Java bug discussed at this year's Black Hat conference -- to trick users into launching executables direct from the new browser.
Microsoft is downplaying the severity of a password leakage issue in BitLocker, the full disk encryption feature built into Windows Vista, insisting that a real world attack scenario is "very unlikely."According to an advisory from iViZ, the password checking routine of Microsoft Bitlocker fails to sanitize the BIOS keyboard buffer after reading passwords, resulting in plain text password leakage to unprivileged local users.
Virtualization specialist VMware has shipped a mega-patch to cover several "highly critical" vulnerabilities affecting its server and workstation product lines.In all, the patch batch addresses at least 16 documented vulnerabilities affecting the VMware Workstation, VMware Player, VMware ACE, VMware Server and VMware ESX server.
The oft-rumored Google browser is real. It's called Google Chrome and it comes with a handful of security-related features like privacy mode and blacklist-based blocking of phishing and malware sites.
No CAPTCHA can survive a human that's receiving financial incentives for solving it, and with an army of low-waged human CAPTCHA solvers officially in the business of "data processing" while earning a mere $2 for solving a thousand CAPTCHA's, I'm already starting to see evidence of consolidation between India's major CAPTCHA solving companies.
Morten Krakvik from the Norwegian Honeynet Project is reporting that MSN Norway is among the latest victims of malvertising, a practice where a bogus advertising provider tricks leading portals into accepting advertisements from its network, which often end up redirecting to live exploit URLs.