At one point, I thought that PCI certification was a great thing. Now I realize that it's not really about security at all...
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
Darth Vader: You underestimate the power of the Dark Side. If you will not fight, then you will meet your destiny.
A colleague of mine, Dave Wong, from Ernst & Young's Advanced Security Center in New York, pointed me to a really interesting article on targeted spear phishing attacks by John Markoff of the New York Times. Phishing has been really interesting to me lately, as I've seen a wave of discussions, black hat presentations, and technologies abound that deal with phishing and identity theft.
Mark Dowd's null pointer dereference exploit and advanced Flash ActionScript techiques proove definitively: Aliens Do Exist!
Alright, I'm just going to start out with a little background before I start, this particular research was so cool that I've been talking about it all day. Reading this whitepaper, written by Mark Dowd, was as exciting to me as watching highlights of Michael Jordan sinking that winning shot, which when you look at the replay looks like he's jump kicking Craig Ehlo right in his face.
Mozilla one Wednesday patched one flaw in Firefox in an update (2.0.
Apple plugged the winning vulnerability in the Pwn2own contest on Wednesday in a Safari update.In an update for Safari (3.
My good friend Billy Rios (pictured to the right) published another interesting exploit recently. It's a cross-site scripting exposure in spreadsheets.
Oracle on Tuesday delivered 41 patches--including two that are rated the highest risk--for a wide range of products.According to the Oracle security team blog:This Critical Patch Update (CPU) addresses a total of 41 vulnerabilities affecting Oracle Database Server, Oracle Application Express, Oracle Application Server, Oracle E-Business Suite, Oracle Enterprise Manager, Oracle PeopleSoft Enterprise, and Oracle Siebel CRM Applications.
Jeremiah Grossman discussed some recent comments about section 6.6 of the PCI standard made by Standards Council General Manager Bob Russo in a recent Information Security magazine article.
Websense says that hackers have streamlined their anti-CAPTCHA tools and can attack Microsoft's Live Hotmail service in about 6 seconds.Websense has been on the CAPTCHA case for a while and the latest attack on Microsoft's Hotmail is an evolutionary leap because hackers' tools are automated and operating almost instantaneously.