Our coverage of the Pwn2Own contest has received a lot of attention, so I thought it would make sense to go straight to the source of the Adobe Flash exploit to get some first-hand accounts of what went down.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
Why are we still talking about the value of PCI Compliance? Now we can all get it for free due to a great new product!
Ivan Ristic (pictured to the right) posted a story today on his blog that highlights some changes that are to go into effect in England sometime this year. The changes to the Computer Misuse Act (CMA) would appear to put security researchers and consultants in the UK at risk of being considered criminals.
Apple had a rough security week. Vista was hacked.
So, I've been pretty surprised by the response to the discussion of the Flash flaw that allowed the Vista machine to be compromised in the Pwn2Own contest.
If you haven't seen Day 1 or Day2/Day3 of my series on Black Hat Europe, feel free to have a look. As I mentioned in my Day 2/Day 3 posting, I didn't get a chance to meet up to interview Adam Laurie until late in the day on Thursday; therefore, I moved onto my Day2/Day 3 story and promised to post the interview with Laurie later on.
Fortify Software, which heads off insecure software code in the development, said Monday that it has launched a suite designed to head off vulnerabilities in automated and older applications.The suite, dubbed Fortify 360, expands the company's market.
Update 3/29/2008: Just to clarify in case it wasn't clear, this is a flaw in an Adobe product, Adobe Flash, and not in a Microsoft product or in the Windows Vista operating system. This is important to note, as it's not quite as glamorous as the flaw that took down the brand new, fully patched, MacBook Air; which just so happened to be a flaw in Safari.
If you haven't seen it yet, you can check out Day 1 of my coverage of Black Hat Europe 2008 here. So, for those of you looking forward to a Black Hat Day 2 update with some more from the training sessions...
Security researcher Dancho Danchev said Friday that SEO poisoning attacks have scaled up and are attacking well known sites. Google has been filtering its results as a defense, but Danchev's latest finding brings up an interesting question: Can the defenses scale?