September 20, 2010 - Part 2 of a three-part Q&A podcast series with Pat Clawson, Chairman and CEO, Lumension and Patrick O’Grady, Technology Writer, Phoenix Business Journal Part 1: Not Your Father’s Whitelisting Click here to view Part 1: Not Your Father’s Whitelisting Part 2: Four (continue reading...) Read more
September 20, 2010 - I was fortunate enough to find a hijacked site which was being used to host fake "Hot video" pages, which I've blogged about before. However, this time around, the site had directory listings enabled. As such, I could view (continue reading...) Read more
September 20, 2010 - Probably my biggest pet peeve related to application security is the claim by many (typically management) that “We know we’re secure, we just had an audit”. I can’t tell you how (continue reading...) Read more
September 20, 2010 - Firefox: how much freer can it get?Alert Sunbelt Blog reader Jesse C alerted us to this one. We’ll just quote his email to describe what’s going on:“After (continue reading...) Read more
September 20, 2010 - The Zeus botnet has been in the wild since 2007 and it is among the top botnets active today. This bot has an amazing and rarely observed means of stealing personal information–by infecting users’ computers and capturing all the information (continue reading...) Read more
September 20, 2010 - Tip of the hat to @FSecure for directing my attention to a piece at Discovery News about 5 Unexpected Threats of Online Social Networking. The article touches on such issues as hidden charges for online games, (continue reading...) Read more
September 20, 2010 - A day or two ago I put up a blog pointing to a number of resources relating to social media and privacy, primarily Facebook (and to a lesser extent Twitter). One of the articles I mentioned there was Kevin Townsend’s (continue reading...) Read more
September 19, 2010 - Kurt Wismer posted a much-to-the-point blog a few days ago about the way that purveyors of scareware (fake/rogue anti-virus/security products) mimic the marketing practices of legitimate security providers. You may remember that a while ago, I (continue reading...) Read more
September 18, 2010 - Do you have a firewall? Maybe it's not as useful as you think it is. I was surprised to discover that IPv6 was enabled on several hosts with default firewall policies of ACCEPT and no rules. This (continue reading...) Read more
September 17, 2010 - We have been made aware of a recent blog posting pointing to the fact that the print spooler vulnerability used by W32.Stuxnet and addressed in the Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability was in fact (continue reading...) Read more
September 17, 2010 - The users at 4chan, a popular image board responsible for many Internet memes such as the Rickroll, lolcats, and the "Anonymous" assault on the Church of Scientology, publicly announced a coordinated DDoS attack against the Motion Picture Association of America (continue reading...) Read more
September 17, 2010 - Our analysis of Stuxnet has been ongoing for some time now, although we have not posted any information on our blog about it we have been continuously analyzing the threat since it was discovered earlier this year. Initial investigation into (continue reading...) Read more
September 17, 2010 - Hi everyone, Today we released Security Advisory 2416728 describing a publicly disclosed vulnerability in ASP.NET that affects all versions of the .NET Framework. At this time we are not aware of any attacks using this vulnerability and we encourage customers (continue reading...) Read more
September 17, 2010 - Hello, Today we published the Questions & Answers from the September 2010 Security Bulleting webcast. During the webcast, we answered (continue reading...) Read more
September 17, 2010 - Symantec has observed an increase in the volume of email spam with HTML attachments that contain malicious JavaScript. In the last couple weeks, spammers masquerading as known individuals or companies sent email invitations or business notifications. The message entices recipients to (continue reading...) Read more
September 17, 2010 - McAfee Labs has been monitoring a spam run that was launched earlier today. The message follows: Subject: A very warm invitation to you Body: Hello, Hope your week has been wonderfull well. I would like to extend a very warm invitation to you to (continue reading...) Read more
September 17, 2010 - We have seen an ever increasing use of PDFs for malicious purposes over the past two years. During this time, we have tracked the growth and usage and have been constantly improving our detections to handle the different evolutions of (continue reading...) Read more
September 17, 2010 - This week I have been putting the finishing touches to my presentation for the Virus Bulletin Conference in Vancouver later this month. While doing the research I have collected a large corpus of PDF files; (continue reading...) Read more
September 17, 2010 - This week I have been putting the finishing touches to my presentation for the Virus Bulletin Conference in Vancouver later this month. While doing the research I have (continue reading...) Read more
September 17, 2010 - The website viewmorepix(dot)com is currently being spammed out on services such as Twitter, and I thought it was worth poking with a stick. Click to Enlarge Yes, this (continue reading...) Read more