Researchers at CoreLabs have issued a warning for several serious IBM Lotus Notes vulnerabilities that could cause remote execution of arbitrary commands .
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is an outspoken and controversial author and journalist; she contributes to ZDNet, CNET, CBS News and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
For the last two days, security software firm Sunbelt Software has been all over what could develop into a scary trend: Rigged Google search results that deliver big malware payloads.On Monday, Sunbelt reported "we’re seeing a large amount of seeded search results which lead to malware sites.
Mozilla has issued a patch for Firefox that fixes the "jar:" protocol handler issue.In an advisory on Monday, Mozilla said:The jar: URI scheme was introduced as a mechanism to support digitally signed web pages, enabling web sites to load pages packaged in zip archives containing signatures in java-archive format.
In a guest editorial, a senior research scientist at Cloudmark proposes a new way to deal with the menace from botnets.
Security researchers say that a new QuickTime flaw has gone public and leaves XP and Vista vulnerable to attack.According to Secunia, the latest QuickTime bug "can be exploited by malicious people to compromise a user's system.
* Ryan Naraine is on vacation. Guest Editorial by Rich MogullRecently I was watching an interesting 60 Minutes episode on the new generation of "Millennials" entering the workforce.
* Ryan Naraine is on vacation. Guest Editorial by Nate McFetersWith the holiday season fast approaching, and being so in the spirit of giving, I thought I'd compile a list of the top features that led to security issues I discovered with co-researcher Billy Rios.
Guest Editorial: It's become painfully clear to that DNS can no longer be a fire hose that just pierces the firewall. Here are some simple action items that can be implemented on just about every network out there...
* Ryan Naraine is on vacation. Guest Editorial by Dan GeerWhen the Internet was young, the design assumption for electronic commerce was clear: The client initiated the connection from a trusted machine and needed to be assured that the server side was not an impostor.
Mozilla security chief Window Snyder says the "jar:" protocol handler issue that currently haunts Firefox will be fixed very soon in the next refresh of the browser.The problem (see previous coverage) is that Firefox's "jar:" protocol handler does not validate the MIME type of the contents of an archive, which are then executed in the context of the site hosting the archive.