QuickTime bug brought down MacBook
The vulnerability is a Java-based vulnerability in QuickTime, which is installed by default on Mac OS X. Any Java-enabled Web browser on this platform is an attack vector.
Zero Day
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Ryan Naraine
Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.
Dancho Danchev
Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.
Latest Posts
10 questions for MacBook hacker Dino Dai Zovi
I caught up with security researcher Dino Dai Zovi to discuss his successful hijack of a MacBook Pro machine at last week's CanSecWest conference in Vancouver, Canada.We talk about the specific vulnerability, the motivation for the attack, Apple's response and his plans around Mac OS X research: RN: What's your OS of choice?
Russinovich: Malware will thrive, even with Vista's UAC
Despite all the anti-malware roadblocks built into Windows Vista, a senior Microsoft official is lowering the security expectations, warning that viruses, password-stealing Trojans and rootkits will continue to thrive as malware authors adapt to the new operating system.
MacBook Pro hijacked with Safari zero-day
Hackers Dino Dai Zovi and Shane Macaulay teamed up to hijack a MacBook Pro laptop at the CanSecWest security conference here, effectively pouring cold water on the Mac faithful's belief that the machines are impenetrable.
MacBooks survive day one in hacker jungle
Two tricked-out MacBook laptops survived the first day of a 'PWN to OWN' contest that dared hackers to take control of default Mac OS X installations.
Apple zaps 25 more Mac OS X bugs
Apple has issued a mega-update with patches for 25 new security vulnerabilities affecting Mac OS X users. This is the fourth update (89th security patch) issued by Apple in 2007.
JavaScript encryption added to malware arsenal
Malicious hackers are starting to encrypt JavaScript files to escape anti-virus detection, adding another element of sophistication to browser-based malware attacks.
Beware of data seepage on Google Calendar
If you use Google Calendar to set up corporate meetings or private conference calls, you might want to be careful about how that data is available to the rest of the world.
Botnet herders pounce on Windows DNS RPC flaw
Online criminals have pounced on the unpatched Windows DNS Server service vulnerability, using the security hole to seed and replenish for-profit botnets. The latest twist in the ongoing attacks comes less than a week after Microsoft's pre-patch advisory provided clues for hackers to write and release detailed exploit code.
Oracle Patch Day: 37 flaws fixed
Oracle has released its quarterly "critical patch update" with fixes for a total of 37 security holes in its database and application server products. One of the bugs fixed in this patch batch dates back to 2003.