Computer maker Hewlett Packard has fessed up to a gaping security hole on more than 80 laptop models, warning that the backdoor could users at risk of drive-by code execution attacks.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
Apple has shipped a new QuickTime version to plug at least three more security vulnerabilities that put Mac OS X and Windows users at risk of code execution attacks.
The co-founder's exit comes just seven months after eEye dismissed CEO Ross Brown and went through a small round of layoffs to cut costs to cope in a super-competitive vulnerability assessment and intrusion prevention software market. The company has had two CEOs in less than a year.
A Department of Homeland Security official said Cyber Storm II, a national cyber security exercise, is slated for March 2008.In comments before the New York Metro Infragard Alliance Security Summit on Tuesday, Greg Garcia, assistant secretary of cybersecurity and communications at the DHS, said planning is underway for a March 2008 cyber security exercise, dubbed Cyber Storm II.
Penthouse Media Group has acquired Various Inc., a company that operates a stable of adult-oriented social networking sites such as AdultFriendFinder, Gradfinder and others.
According to a US-CERT alert, the attacks are using an unpatched stack buffer overflow vulnerability in the way Microsoft Access handles specially crafted database files.
A zero-day hole is several major HP laptop models could provide an easy way for hackers to take complete control of Windows machines, according to a warning from an independent security researcher.
Microsoft's final batch of patches for 2007 has been released to cover at least 11 security vulnerabilities that put millions of users at risk of remote code execution attacks.
There are 28 vulnerabilities in the ZDI pipeline, all high-severity, affecting some of the world's biggest IT vendors -- Computer Associates, Microsoft, Hewlett Packard, Novell, Oracle, IBM, Symantec, Sun Microsystems, Veritas and Borland.
The specific flaw exists within the 'skype4com' URI handler created by Skype during installation. When processing short string values through this handler an exploitable memory corruption may occur which can result in arbitrary code execution under the context of the current user.