Last week, I wrote about hackers starting to agitate for Microsoft (and other software vendors) to start paying for information on security vulnerabilities. As a follow-up to that post, I pinged a few security research pros, asking whether they agreed it's inevitable will start buying bugs.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.
Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.
Using a homegrown tool called Fiddler, researchers at Microsoft have come up with a system to track the money that flows from big-name advertisers to search engine spammers.
Here's a major security update that may have slipped under the (mainstream media) radar.The new version of RHEL (Red Hat Enterprise Linux) desktop includes fixes for a wide range of vulnerabilities, some rated "critical.
The month-of-bugs phenomenon is showing no signs of slowing down. Next up: MySpace.
Hackers are starting to agitate for Microsoft to start paying for information on security flaws found in its software products.The issue surfaced this week after the MSRC (Microsoft Security Response Team) posted a message on the sla.
Trend Micro has acquired HijackThis, the freeware spyware-removal program created by Merijn Bellekom. Financial terms of the deal, believed to be all-cash, were not released.
When the controversial Month of Apple Bugs (MOAB) project ended earlier this year, a derisive "that was it?" reaction could be heard coming from the Mac faithful.
On October 22, 2004, Argentine hacker Cesar Cerrudo approached Microsoft with the discovery of a Windows Kernel GDI local privilege escalation vulnerability. At the time, Cerrudo said Redmond's security response team deemed it a "design problem" and filed it away as something "to be fixed in a future service pack.
From the "neat-find-department" comes word from McAfee that Windows Vista is vulnerable to a Sticky Keys backdoor that could be exploited -- under perfect circumstances -- to launch malicious executables.McAfee researcher Vinoo Thomas said the security risk, which is already well-known on Windows XP, exists because Windows Vista does not check the integrity of the Sticky Keys file (%systemroot%windowssystem32sethc.
The man who wrote the book on Microsoft's highly rated SDL (Security Development Lifecycle) believes buffer-related security vulnerabilities found in Windows Vista should be downgraded because of back-up mitigations built into the operating system.