A high-severity security flaw in the Creative Software automatic update engine could put Windows computers at risk of remote code execution attacks, according to a warning from the US-CERT (Computer Emergency Readiness Team).The vulnerability affects the software used to provide updates to Creative Labs' audio/video entertainment product line, which includes the popular Zen MP3 player line.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
It's official, even a pothead can social engineer Network Solutions.
Apple makes a big deal -- and lots of funny commercials -- around the security profile of its products. On the Safari download site, the boast is that users get "worry-free Web browsing on any computer" because, in Cupertino's words, "Apple engineers designed Safari to be secure from day one.
So, in catching up with blogs after vacation, I went and had a peak at Michael Howard's web log, and was glad to see another post from him. His posts are very insightful (I just wish he would post more).
For a couple of hours yesterday, Comcast's Internet Portal (comcast.net) had its DNS records hijacked and a defaced web page was loading from third-party domains.
Yesterday, Collin Mulliner of the trifinite.group, a group of computer experts researching insecurities in wireless communications, has released the slides as well as the research tools he came up with in order to demonstrate various attacks and vulnerabilities in Near Field Communication mobile phones, a technology that will change the face of mobile payments, and naturally result in more innovative mobile phishing and malware attempts.
How realistic is an attack that successfully hijacks a domain by social engineering the domain's registrar? Pretty realistic according to ICANN's recently released advisory on preventing Registrar Impersonation Phishing Attacks :In this Advisory, SSAC describes generic forms of this type of attack.
Researchers at Secunia have flagged a "highly critical" vulnerability in Samba, the widely deployed open-source software for networked file sharing and printing.According to an advisory from Secunia, the vulnerability affects Samba versions 3.
What's the current state of click fraud, and what tools and tactics do the people behind click fraud campaigns have in their arsenal? A recently analyzed affiliate based network for using botnets to commit click fraud provides a timely assessment of the situation, and provides evidential facts on the internal success rate of such a consolidated botnet.
It's Patch Day in the land of Mac OS X Leopard.Apple today shipped Security Update 2008-003 (Mac OS X 10.