January 25, 2010 - Inspired by Jack Schofield (by way of Ed Bott on Twitter), I opened up Process Explorer on my own system to examine the DEP status of programs running on my (continue reading...) Read more
January 21, 2010 - A cumulative update for Internet Explorer from Microsoft fixes the infamous vulnerability in the browser used recently to attack Google and other major companies. 7 other IE vulnerabilities were also fixed, (continue reading...) Read more
January 20, 2010 - Microsoft has announced that tomorrow, Thursday January 21, they will release an out-of-band update to Windows and Internet Explorer to fix the vulnerability that was exploited in the infamous Aurora attacks. (continue reading...) Read more
January 18, 2010 - In their weekly podcast, Ryan Naraine and Dennis Fisher of Kaspersky's Threatpost speculate that the political pressure surrounding the IE 0-day is such that Microsoft will issue an emergency patch. This makes (continue reading...) Read more
January 18, 2010 - Researcher Dino Dai Zovi says he has moved the Aurora exploit to the next level. On Twitter, he stated: "And now my Aurora exploit works on IE7 on Vista as well (continue reading...) Read more
January 17, 2010 - I've written it many times before: Nobody is more generous with (continue reading...) Read more
January 16, 2010 - Famed researcher HD Moore created a usable proof-of-concept exploit last night for the 0-day vulnerability in Internet Explorer used in the attack incident that everyone is now calling Aurora. It's a (continue reading...) Read more
January 14, 2010 - New evidence points to a previously unknown vulnerability in Internet Explorer as the hole through which criminals recently attacked Google and other companies, rather than a known, but unpatched vulnerability in Adobe (continue reading...) Read more
January 12, 2010 - Adobe has released a security advisory and other details on today's updates to Adobe Reader and Acrobat. The advisory lists 8 vulnerabilities fixed in the new versions 8.2 and 9.3, including (continue reading...) Read more
January 12, 2010 - Adobe has released versions 8.2 and 9.3 of Acrobat and Reader, making significant new security changes in all variations. Windows, Mac and UNIX versions are all available. We haven't yet seen any blog (continue reading...) Read more
January 12, 2010 - A vulnerability in the Windows Embedded OpenType Font Engine could lead to remote code execution as explained in MS10-001: Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution, (continue reading...) Read more
January 5, 2010 - I haven't made any hard predictions for 2010 yet, but it could be the first year of Internationalized Domain (continue reading...) Read more
January 5, 2010 - In an interview with Kaspersky's ThreatPost (podcast and transcript), Adobe security chief Brad Arkin revealed that Adobe is working on a new version of their updater software that will automatically download (continue reading...) Read more
December 16, 2009 - Mozilla has released Firefox 3.5.6, 3.0.16, and SeaMonkey 2.0.1 to address 7 newly-disclosed vulnerabilities, 3 of (continue reading...) Read more
December 15, 2009 - Adobe has issued an advisory for the 0-day vulnerability disclosed the other day. The vulnerability is critical, potentially allowing remote code execution, and affects all versions of Acrobat and Reader on all (continue reading...) Read more
December 15, 2009 - It used to be that end-of-year security predictions were bold and almost science-fictiony. They have become more conservative this year and therefore more reasonable. I've been barraged with them and have attempted to collect the best here.It's clear to me (continue reading...) Read more
December 12, 2009 - The PandaLabs blog has a screen shot of an interesting development in rogue anti-virus: One that has been optimized to look like it's part of Windows 7.The program is an exact replica of the Windows 7 Explorer shell program. (continue reading...) Read more
December 11, 2009 - One of the first things many people do to try and avoid security problems on Windows is to switch users to Firefox. It's true that Internet Explorer (continue reading...) Read more
December 11, 2009 - In the Twitter gab as last Patch Tuesday was unfolding, researcher Alex Sotirov complained that vendors weren't paying for those who found the bugs in their products, and that this was unjust.Most of the bug-finding for major products (continue reading...) Read more
December 8, 2009 - Adobe released new versions of Flash and AIR today to address vulnerabilities in both products. Applying these updates as soon as practicable is a good idea, as Flash vulnerabilities are popular exploit vehicles in the wild.Click here to install (continue reading...) Read more