January 30, 2010 - Google has announced a number of security enhancements that are being implemented in Chrome. Some have already been implemented in other browsers, including Firefox and IE and in significant add-ons like (continue reading...) Read more
January 30, 2010 - Not that long after a Google employee running Internet Explorer 6 was hacked, creating an international incident, Google has announced that they will begin withdrawing support for IE6 in their (continue reading...) Read more
January 27, 2010 - The Tools-Internet Options dialog box in Internet Explorer has a wealth of important settings in it, some which affect the system outside of Internet Explorer. This dialog box is also available as (continue reading...) Read more
January 27, 2010 - Tomorrow, Thursday, January 28, 2010, is Data Privacy Day in North America and Europe. (Sorry I didn't get you a card. What's your address and social security number so I can (continue reading...) Read more
January 27, 2010 - A report in Computerworld describes how an unpatched vulnerability in Internet Explorer could allow an attacker to read arbitrary files on the user's computer. Jorge Luis Alvarez Medina, a security consultant with (continue reading...) Read more
January 21, 2010 - A cumulative update for Internet Explorer from Microsoft fixes the infamous vulnerability in the browser used recently to attack Google and other major companies. 7 other IE vulnerabilities were also fixed, (continue reading...) Read more
January 21, 2010 - Web site defacements have been in the news lately and site owners are blaming their vendors. The first one came on January 12 when Baidu, the top search engine in China (especially if (continue reading...) Read more
January 18, 2010 - In their weekly podcast, Ryan Naraine and Dennis Fisher of Kaspersky's Threatpost speculate that the political pressure surrounding the IE 0-day is such that Microsoft will issue an emergency patch. This makes (continue reading...) Read more
January 18, 2010 - Researcher Dino Dai Zovi says he has moved the Aurora exploit to the next level. On Twitter, he stated: "And now my Aurora exploit works on IE7 on Vista as well (continue reading...) Read more
January 16, 2010 - Famed researcher HD Moore created a usable proof-of-concept exploit last night for the 0-day vulnerability in Internet Explorer used in the attack incident that everyone is now calling Aurora. It's a (continue reading...) Read more
January 14, 2010 - That's what they're calling it at ISC: PDF Babushka, because it's a PDF nested inside another PDF. Click here if you need the joke explained. I won't repeat the gritty analysis (continue reading...) Read more
January 12, 2010 - It's an eventful day. Just as they release an important new version of Acrobat, Adobe has also revealed that "...a sophisticated, coordinated attack..." was mounted "...against corporate network systems managed by (continue reading...) Read more
January 11, 2010 - A recent contest of engineering students from 5 universities measured their ability to design malicious elements into integrated circuits, as well as the ability to defend against them. Such attacks are probably (continue reading...) Read more
January 8, 2010 - German security research group SySS GmbH reports a serious vulnerability in encrypted USB drives from Kingston, SanDisk and Verbatim. SySS analyzed the PC-based (continue reading...) Read more
January 5, 2010 - I haven't made any hard predictions for 2010 yet, but it could be the first year of Internationalized Domain (continue reading...) Read more
January 4, 2010 - Today I came across a reference to a web service called Wepawet, which scans PDF, Flash and JavaScript files for malicious content. Wepawet is a project of the Computer Security Group (continue reading...) Read more
January 3, 2010 - Since the death of Milw0rm, The Exploit Database has been one of the hotter spots for researcher and malcoders to find the latest exploit code. Their latest post takes a (continue reading...) Read more
December 27, 2009 - A vulnerability in certain older versions of Microsoft's IIS (Internet Information Server) web server could allow an attacker to upload malicious files, bypassing some security checks. The vulnerability was discovered by Soroush Dalili (continue reading...) Read more
December 27, 2009 - Below this text is a list of passwords not accepted by Twitter in their signup process. The list is copied from the HTML source at https://twitter.com/signup. You might call it the (continue reading...) Read more
December 27, 2009 - Security services firm infySEC has a cool list of what they call the Top 10 of the most infamous unsolved computer crimes. These aren't all famous, or infamous crimes, but the unsolved (continue reading...) Read more