Web application security firm Cenzic has flagged a serious cross-site scripting vulnerability affecting millions of Yahoo Mail users.The flaw, which was patched by Yahoo on June 13, opened the door for hackers to steal Yahoo identities and gain access to users' sensitive and private information.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
From a Slashdot article posted by "kdawson", written by "Don't Believe in Imaginary Property": "F-Secure is reporting that there are two new Mac OS X trojans. The first is just a proof-of-concept from the MacShadows people that takes advantage of the unpatched ARDAgent vulnerability to get root access when run by the user.
So, in a move that I can't currently understand, Trend Micro CEO Eva Chen has thrown out some buzz words claiming that they will move their anti-virus software into the cloud. Wait...
Yesterday, the Stopbadware.org initiative released a report entitled "May 2008 Badware Websites Report" summarizing the findings out of analyzing over 200,000 sites spreading malware.
On the heels of a dramatic rise in SQL injection attacks linked to drive-by malware downloads, Microsoft has released aimed at helping Webmasters and IT administrators block and eradicate this attack class.According to a security advisory from the Redmond, Wash.
As part of my work testing exploits for the recent Safari "carpet-bombing" issue -- and the combo-threat to Windows users -- I installed Apple's flagship browser on a brand-new Windows XP machine.The installation came with Apple's automatic software updater, a very valuable tool to automate patch management for end users.
Marshall Islands National Telecommunications Authority is reporting that a sustained spamming attack during the past 24 hours managed to cause a successful Denial of Service attack on the email services of the islands only Internet Service Provider. More info on the attack : More than 18 hours after the initial attack Tuesday incoming email service to the monopoly provider had still not been restored.
Adobe has shipped a critical update to patch a code execution vulnerability affecting multiple versions of its Reader and Acrobat products.According to Adobe's advisory, the flaw "could potentially allow an attacker to take control of the affected system.
The source code of a trojan horse exploiting last week's uncovered local root escalation vulnerability in Mac OS X 10.4 and 10.
A data breach resulting from a stolen laptop has leaked sensitive information including Social Security Numbers of approximately 62,000 (as reported by Stanford University) former and current Standford University employees. The Privacy Rights Clearinghouse, a site devoted to the collection of data breach information, reports this number as 72,000, and I'm not positive which is more accurate at this time.