I caught up with security researcher Dino Dai Zovi to discuss his successful hijack of a MacBook Pro machine at last week's CanSecWest conference in Vancouver, Canada.We talk about the specific vulnerability, the motivation for the attack, Apple's response and his plans around Mac OS X research: RN: What's your OS of choice?
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is an outspoken and controversial author and journalist; she contributes to ZDNet, CNET, CBS News and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
Despite all the anti-malware roadblocks built into Windows Vista, a senior Microsoft official is lowering the security expectations, warning that viruses, password-stealing Trojans and rootkits will continue to thrive as malware authors adapt to the new operating system.
Hackers Dino Dai Zovi and Shane Macaulay teamed up to hijack a MacBook Pro laptop at the CanSecWest security conference here, effectively pouring cold water on the Mac faithful's belief that the machines are impenetrable.
Two tricked-out MacBook laptops survived the first day of a 'PWN to OWN' contest that dared hackers to take control of default Mac OS X installations.
Apple has issued a mega-update with patches for 25 new security vulnerabilities affecting Mac OS X users. This is the fourth update (89th security patch) issued by Apple in 2007.
If you use Google Calendar to set up corporate meetings or private conference calls, you might want to be careful about how that data is available to the rest of the world.
Online criminals have pounced on the unpatched Windows DNS Server service vulnerability, using the security hole to seed and replenish for-profit botnets. The latest twist in the ongoing attacks comes less than a week after Microsoft's pre-patch advisory provided clues for hackers to write and release detailed exploit code.
Oracle has released its quarterly "critical patch update" with fixes for a total of 37 security holes in its database and application server products. One of the bugs fixed in this patch batch dates back to 2003.
How's this for a new twist on the old responsible disclosure debate: Hackers are taking advantage of information released in Microsoft's pre-patch security advisories to create exploits for zero-day vulnerabilities.The latest zero-day flaw in the Windows DNS Server RPC interface implementation is a perfect example of the tug-o-war within the MSRC (Microsoft Security Response Center) about how much information should be included in the pre-patch advisory.