Update 3/29/2008: Just to clarify in case it wasn't clear, this is a flaw in an Adobe product, Adobe Flash, and not in a Microsoft product or in the Windows Vista operating system. This is important to note, as it's not quite as glamorous as the flaw that took down the brand new, fully patched, MacBook Air; which just so happened to be a flaw in Safari.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
If you haven't seen it yet, you can check out Day 1 of my coverage of Black Hat Europe 2008 here. So, for those of you looking forward to a Black Hat Day 2 update with some more from the training sessions...
Security researcher Dancho Danchev said Friday that SEO poisoning attacks have scaled up and are attacking well known sites. Google has been filtering its results as a defense, but Danchev's latest finding brings up an interesting question: Can the defenses scale?
The MacBook Air fell in two minutes at the CanSecWest security conference's PWN 2 OWN.According to Infoworld, Charlie Miller won the $10,000 prize.
EMC said Thursday that it is partnering with Verint to offer physical security services.Verint provides IP video security software and dashboards.
Cisco patched multiple vulnerabilities on Wednesday with the most important fixes covering data-link switching, IPv6 and VPN flaws.Among the highest rated patches (all rated 7 or above on a 10 scale):Cisco patched multiple vulnerabilities in the Data-link Switching (DLSw) feature in its IOS.
Mozilla has patched 10 vulnerabilities in Firefox 2.0 with update 2.
Considering my previous posts on my experiences at Black Hat Federal received pretty good reviews, I thought it would make sense to again highlight a Black Hat trip. This time it was all the way out to Amsterdam, where Rob Carter and I will be speaking about URI Use and Abuse.
In my first post in this series, I discussed the Same Origin Policy and how it protects us from some very serious attacks, the dangers of domain name based trust, and how to attack implementations of the Same Origin Policy within the Java Virtual Machine (JVM). In order to demonstrate these concepts, I used two examples of real-world attacks against the Same Origin Policy implementation within the JVM.
Microsoft has confirmed reports of vulnerability in Word that allows an attacker to exploit a system via the Microsoft Jet Database Engine, which shares data with Access, Visual Basic and third party applications.Microsoft in its advisory said the potential for attack is "very limited.