Microsoft has issued a pre-patch security advisory to warn about "active, targeted attacks" against an ActiveX control for the Snapshot Viewer for Microsoft Access.The skinny:An attacker could exploit the vulnerability by constructing a specially crafted Web page.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
* Ryan Naraine is on vacation. Guest Editorial by Dan Glass A recent blog proclaiming that Twitter could soon become a rival to PayPal made me shudder in fear.
For all of my blasting of the TSA and the US Government for our strange, inappropriate, inadequate, and sometimes unacceptable security practices, I am damn proud to be an American. There's many countries I've visited in this world, and I love many of them, but none like the good old U.
A Storm Worm's Independence Day campaign is circulating online using email as propagation vector, attempting to trick users into visiting a Storm Worm infected host, where a multitude of what looks like over five different exploits attempt to automatically infect the visitors next to the malware binary fireworks.exe.
The Register covered a very interesting story about AVG. Apparently AVG is spamming the Internet with traffic that looks to be coming from Internet Explorer.
Next Tuesday, Microsoft plans to ship four security updates for multiple flaws affecting Windows, Microsoft SQL Server and Microsoft Exchange Server but the absence of fixes for publicly known Internet Explorer issues is causing raised eyebrows among security professionals.
If you're waiting on iPhone 2 to standardize your business on the awesome new device (yeah, I'll be on line to buy one), you might want to pay attention to the conspicuous absence of iPhone security patches over the last four months.As WaPo's Brian Krebs reports, the iPhone runs a stripped down version of Mac OS X but, even though OS X security updates are coming fast and furious, the iPhone has been neglected.
Opera Software has joined the list of browser vendors shipping fixes for serious remote code execution vulnerabilities.The company's new Opera 9.
If you read my blog postings semi-often, you know that I'm very, very critical of problems with airport security. Nicole Wong of the Boston Globe reported that Boston's Logan International Airport will become the next airport to implement full-body scanners (thanks for the link from the LiquidMatrix guys!
In partnership with indie security consultant Rich Mogull (left) Mozilla has launched a valuable Security Metrics Project that could help to -- we can only hope -- put an end to the silly notion that patch-counting helps to determine a product's security posture.The idea is to develop a metrics model that goes beyond simple bug counts to accurately reflect the effectiveness of secure development efforts and the relative risk to users over time.