For the last two days, security software firm Sunbelt Software has been all over what could develop into a scary trend: Rigged Google search results that deliver big malware payloads.On Monday, Sunbelt reported "we’re seeing a large amount of seeded search results which lead to malware sites.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
Mozilla has issued a patch for Firefox that fixes the "jar:" protocol handler issue.In an advisory on Monday, Mozilla said:The jar: URI scheme was introduced as a mechanism to support digitally signed web pages, enabling web sites to load pages packaged in zip archives containing signatures in java-archive format.
In a guest editorial, a senior research scientist at Cloudmark proposes a new way to deal with the menace from botnets.
Security researchers say that a new QuickTime flaw has gone public and leaves XP and Vista vulnerable to attack.According to Secunia, the latest QuickTime bug "can be exploited by malicious people to compromise a user's system.
* Ryan Naraine is on vacation. Guest Editorial by Rich MogullRecently I was watching an interesting 60 Minutes episode on the new generation of "Millennials" entering the workforce.
* Ryan Naraine is on vacation. Guest Editorial by Nate McFetersWith the holiday season fast approaching, and being so in the spirit of giving, I thought I'd compile a list of the top features that led to security issues I discovered with co-researcher Billy Rios.
Guest Editorial: It's become painfully clear to that DNS can no longer be a fire hose that just pierces the firewall. Here are some simple action items that can be implemented on just about every network out there...
* Ryan Naraine is on vacation. Guest Editorial by Dan GeerWhen the Internet was young, the design assumption for electronic commerce was clear: The client initiated the connection from a trusted machine and needed to be assured that the server side was not an impostor.
Mozilla security chief Window Snyder says the "jar:" protocol handler issue that currently haunts Firefox will be fixed very soon in the next refresh of the browser.The problem (see previous coverage) is that Firefox's "jar:" protocol handler does not validate the MIME type of the contents of an archive, which are then executed in the context of the site hosting the archive.
The WabiSabiLabi vulnerability auction house is hyping the sale of a potentially nasty remote code execution flaw in ClamAV, the popular open-source anti-virus toolkit recently acquired by Sourcefire.