* Ryan Naraine is on vacation. Guest Editorial by Nate McFetersWith the holiday season fast approaching, and being so in the spirit of giving, I thought I'd compile a list of the top features that led to security issues I discovered with co-researcher Billy Rios.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
Guest Editorial: It's become painfully clear to that DNS can no longer be a fire hose that just pierces the firewall. Here are some simple action items that can be implemented on just about every network out there...
* Ryan Naraine is on vacation. Guest Editorial by Dan GeerWhen the Internet was young, the design assumption for electronic commerce was clear: The client initiated the connection from a trusted machine and needed to be assured that the server side was not an impostor.
Mozilla security chief Window Snyder says the "jar:" protocol handler issue that currently haunts Firefox will be fixed very soon in the next refresh of the browser.The problem (see previous coverage) is that Firefox's "jar:" protocol handler does not validate the MIME type of the contents of an archive, which are then executed in the context of the site hosting the archive.
The WabiSabiLabi vulnerability auction house is hyping the sale of a potentially nasty remote code execution flaw in ClamAV, the popular open-source anti-virus toolkit recently acquired by Sourcefire.
Apple has fessed up to at least three serious design weaknesses in the new application-based firewall that ships with Mac OS X Leopard.
Malicious hackers are using Skype to try to trick Windows users into buying a rogue anti-malware application. The lures arrive via Skype's instant messaging feature with a warning that malware has been detected on the machine and urging users to buy and run a fake "repair utility.
Apple today released a monster update to provide belated cover for at least 41 security holes in its flagship Mac operating system.
A survey by renowned database hacker David Litchfield has found a whopping 492,000 Microsoft SQL and Oracle database servers directly accessible to the Internet without firewall protection.
Microsoft has finally shipped a comprehensive fix for a critical URI handling vulnerability that exposes Windows users to drive-by malware attacks.