Apple plugged the winning vulnerability in the Pwn2own contest on Wednesday in a Safari update.In an update for Safari (3.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
My good friend Billy Rios (pictured to the right) published another interesting exploit recently. It's a cross-site scripting exposure in spreadsheets.
Oracle on Tuesday delivered 41 patches--including two that are rated the highest risk--for a wide range of products.According to the Oracle security team blog:This Critical Patch Update (CPU) addresses a total of 41 vulnerabilities affecting Oracle Database Server, Oracle Application Express, Oracle Application Server, Oracle E-Business Suite, Oracle Enterprise Manager, Oracle PeopleSoft Enterprise, and Oracle Siebel CRM Applications.
Jeremiah Grossman discussed some recent comments about section 6.6 of the PCI standard made by Standards Council General Manager Bob Russo in a recent Information Security magazine article.
Websense says that hackers have streamlined their anti-CAPTCHA tools and can attack Microsoft's Live Hotmail service in about 6 seconds.Websense has been on the CAPTCHA case for a while and the latest attack on Microsoft's Hotmail is an evolutionary leap because hackers' tools are automated and operating almost instantaneously.
Last week Department of Homeland Security Michael Chertoff outlined plans for a federal Manhattan Project to bolster cyber security. The big question is whether this project will bolster cyber security defenses as attacks on U.
Oracle has announced details of its own patch Tuesday--April 15--with 17 security fixes covering the company's flagship database and 41 patches collectively.Oracle said in an advisory that the patches cover "multiple security vulnerabilities" across its products.
The Department of Homeland Security said this week that it will name Richard Mangogna CIO.Mangogna comes to the DHS from Mason Harriman Group, where he was a senior advisory to the firm's agencies.
Adobe published an advisory covering issues, including a fix for the Pwn2Own flaw that we previously discussed here. Adobe's details are published here.
A couple of great articles came out recently, one from Ryan Naraine and one from our very own Larry Dignan, about some of the defenses that Apple is trying to build into QuickTime to defend Vista users.As we've talked about here before, with Vista, it's all about the DEP and the ASLR (ok, and SafeSEH, stack/heap canaries, etc.