The Windows KDC didn't properly validate parts of Kerberos tickets. It may be possible for admins to detect if they have been exploited.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of security. He is the author of three books and thousands of published articles and many more unpublished, private reports. Larry has been Technical Director at several test laboratories where he both directed and ran product testing, with a special interest in test automation. Larry began his career as a Software Engineer at the now-defunct Desktop Software Corporation in Princeton, NJ, on the team that wrote the NPL 4GL query language. He also worked on corporate IT and software development at Chase Econometrics. Larry is a graduate of the University of Pennsylvania with a degree in Public Policy.
Ms. Violet Blue (tinynibbles.com, @violetblue) is a freelance investigative reporter on hacking and cybercrime at Zero Day/ZDNet, CNET and CBS News, as well as a noted sex columnist. She has made regular appearances on CNN and The Oprah Winfrey Show and is regularly interviewed, quoted, and featured in a variety of publications that includes ABC News and the Wall Street Journal. She has authored and edited award-winning, best selling books in eight translations and has been a sex columnist for the San Francisco Chronicle. She has given keynote talks at such conferences as ETech, LeWeb, and the Forbes Brand Leadership Conference, and has given two Tech Talks at Google. In 2010, the London Times named Blue one of “40 bloggers who really count.” Ms. Blue is the author of The Smart Girl's Guide to Privacy. Violet Blue bio courtesy of TTI Vanguard.
The latest stable version of Chrome removes the source of the POODLE bug and SSLv3 support will be out altogether over time. The Canary version disparages implementations not up to standards.
The top security threats of 2014 include equal parts old mistakes, new adversaries, innocent human nature and the evils that people do.
You might not hire a pickpocket to be a guard, but the UK's cybersecurity shortage has prompted a skill hire, no matter the origin.
From drug cartels to passwords, security expert Brian Krebs weighs in on how to keep your personal data and bank account safe.
Problems with the update affected only Windows Server 2008 R2 and Windows Server 2012. The new update does not apply the new TLS ciphers by default.
A privilege escalation bug being exploited in the wild could turn a normal user into a domain administrator.
[UPDATED] An out-of-band update to all Windows versions will be released today. This is MS14-068, one of two updates held back on the November Patch Tuesday.
Just how many hidden Tor services seized by law enforcement were genuine websites, and how many were clones and copies?
The tech giant is making the OpenSOC security and data analytics framework available through open source.
Anonymous has issued a statement regarding its retaliation against the Ku Klux Klan's Ferguson threats, calling the KKK a terrorist group and vowing to continue the campaign. Meanwhile, the KKK has responded poorly.
The Mac/iOS malware was able to install on non-jailbroken iOS devices, but was quickly neutered. Three suspects are in custody.
A consumer electronics coalition warns that many of its companies have "lost business" or have faced backlash from governments fearing the National Security Agency.
The State Department says that its unclassified email system may have been breached, but that classified systems remain safe.
In a bid to shore up security under the gaze of the FTC, Snapchat has decided a ban on all third-party apps is the best solution.