As part of my work testing exploits for the recent Safari "carpet-bombing" issue -- and the combo-threat to Windows users -- I installed Apple's flagship browser on a brand-new Windows XP machine.The installation came with Apple's automatic software updater, a very valuable tool to automate patch management for end users.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
Marshall Islands National Telecommunications Authority is reporting that a sustained spamming attack during the past 24 hours managed to cause a successful Denial of Service attack on the email services of the islands only Internet Service Provider. More info on the attack : More than 18 hours after the initial attack Tuesday incoming email service to the monopoly provider had still not been restored.
Adobe has shipped a critical update to patch a code execution vulnerability affecting multiple versions of its Reader and Acrobat products.According to Adobe's advisory, the flaw "could potentially allow an attacker to take control of the affected system.
The source code of a trojan horse exploiting last week's uncovered local root escalation vulnerability in Mac OS X 10.4 and 10.
A data breach resulting from a stolen laptop has leaked sensitive information including Social Security Numbers of approximately 62,000 (as reported by Stanford University) former and current Standford University employees. The Privacy Rights Clearinghouse, a site devoted to the collection of data breach information, reports this number as 72,000, and I'm not positive which is more accurate at this time.
Guest Editorial by Dino Dai ZoviAs reported by Intego and Matasano Security, a new local privilege escalation vulnerability has been found that gives local root access on Mac OS X Tiger and Leopard.While Intego calls this a critical vulnerability, I'm mostly with Matasano's Thomas Ptacek on this one where I am saying this vulnerability is not nearly that serious.
A security researcher has released demo exploits for what appears to be a critical -- unpatched -- memory corruption vulnerability affecting the ubiquitous Microsoft Word software program.The proof-of-concept exploits accompany a warning that the flaw affects Microsoft Office 2000 and Microsoft Office 2003.
90% of all statistics can be made to say anything... 50% of the time, aka my thoughts on the Verizon report
** Update 06/23/2008: I realize I didn't do a very good job of talking about what we're reviewing here. This is in response to the statistics gathered by Verizon related to Forensic Analysis of Data Breaches over a four year span.
Security research Billy Rios posted an article today about the Apple Safari "Carpet Bomb" attack, discussing a new issue that, despite the patch which prevented a "blended" remote command execution attack when Safari was used in conjunction with IE on a Windows system, keeps the "Carpet Bomb" attack alive and well.
It appears that Google is using an invalid security certificate across many of its domains. If you type https://gmail.