In my first post in this series, I discussed the Same Origin Policy and how it protects us from some very serious attacks, the dangers of domain name based trust, and how to attack implementations of the Same Origin Policy within the Java Virtual Machine (JVM). In order to demonstrate these concepts, I used two examples of real-world attacks against the Same Origin Policy implementation within the JVM.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
Microsoft has confirmed reports of vulnerability in Word that allows an attacker to exploit a system via the Microsoft Jet Database Engine, which shares data with Access, Visual Basic and third party applications.Microsoft in its advisory said the potential for attack is "very limited.
As reported by Robert McMillan and Elizabeth Montalbano at IDG News Service, Sequoia voting systems web site has been hacked and subsequently taken down.Sequoia and its voting system is not new to the news, as it was recently investigated by the Attorney General of New Jersey for "voting discrepancies" in last months primaries.
Robert Hansen aka R-Snake has posted a very interesting article today over at his blog. As R-Snake states:Whelp, we’ve talked about it, but now it’s finally possible.
Apple on Friday shipped a security update for Aperture 2, iPhoto 7.1.
Microsoft on Thursday acquired Komoku, which provides rootkit detection software, for an undisclosed sum. Komoku's technology will be added to Microsoft's enterprise-focused Forefront and Windows Live OneCare security software.
Apple has patched a denial of service vulnerability in its Airport Extreme Base Station firmware.In an advisory Wednesday Apple said firmware version 7.
3Com on Wednesday officially declared its plan to be acquired by Bain and Huawei dead, saying that it was unable to allay U.S.
Update: Microsoft is NOT at fault for this! There seems to be some confusion within the talkbacks on this subject about this being Microsoft's fault, and also some strange claims that development shops who do only .
The Pwn2Own contest rules were announced recently for CanSecWest '08 coming up next week.Unfortuantely, or fortunately (depending on how you look at it), I won't be able to join in the fun as I will be presenting at Black Hat Europe next week, although you can rest assured I'm going to take a stab at the contest from remote!