December 28, 2009 - Bots and botnets have been around for a long time. There's some innovation in the programming form, but the large majority are Windows executables in PE (Portable Executable) format. Cisco's security blog has (continue reading...) Read more
December 27, 2009 - A vulnerability in certain older versions of Microsoft's IIS (Internet Information Server) web server could allow an attacker to upload malicious files, bypassing some security checks. The vulnerability was discovered by Soroush Dalili (continue reading...) Read more
December 27, 2009 - Security services firm infySEC has a cool list of what they call the Top 10 of the most infamous unsolved computer crimes. These aren't all famous, or infamous crimes, but the unsolved (continue reading...) Read more
December 22, 2009 - In October Microsoft released a Knowledge Base entry describing which files on a Windows system were not necessary to scan with anti-virus products. These files are not at risk of infection (continue reading...) Read more
December 21, 2009 - Joanna Rutkowska of Invisible Things Lab has disclosed a new vulnerability in certain Intel processors. The SINIT feature of SMM (System Management Mode) can interfere with TXT (Trusted eXecution Technology), allowing (continue reading...) Read more
December 18, 2009 - Twitter's DNS records were hijacked for a time last night and the site redirected users to a site (screen shot nearby, click (continue reading...) Read more
December 15, 2009 - It used to be that end-of-year security predictions were bold and almost science-fictiony. They have become more conservative this year and therefore more reasonable. I've been barraged with them and have attempted to collect the best here.It's clear to me (continue reading...) Read more
December 11, 2009 - In the Twitter gab as last Patch Tuesday was unfolding, researcher Alex Sotirov complained that vendors weren't paying for those who found the bugs in their products, and that this was unjust.Most of the bug-finding for major products (continue reading...) Read more
December 8, 2009 - Hidden behind the Patch Tuesday updates, Microsoft released two separate security advisories and one set of updates that were not mentioned in the advance notification. The first one, "Microsoft Security Advisory (continue reading...) Read more
December 8, 2009 - The Internet seems full of people inclined not to trust Google's new Public DNS offering.The first reaction many of us waited for was that of (continue reading...) Read more
December 7, 2009 - We've written about it before and now Microsoft's reminding us: This coming July Microsoft will end support for Windows 2000 Server, Windows 2000 Client and Windows XP SP2. Gold code for (continue reading...) Read more
December 5, 2009 - One of the world's great botnets, Gumblar, is experiencing a steady resurgence lately, according to Kaspersky Labs.The tens of thousands of machines involved worldwide aren't really what's impressive about Gumblar. It's (continue reading...) Read more
December 5, 2009 - Intuit has warned that a phishing e-mail targeting QuickBooks users is circulating. The real Intuit alert describes and quotes a fake Intuit alert sent out by e-mail. The fake alert says that (continue reading...) Read more
December 3, 2009 - Cracking passwords is often much easier than users think, even if the passwords they use are strong. For years Passware has shipped products which can break past the protection of passwords in (continue reading...) Read more
December 3, 2009 - Next Tuesday, December 8, Microsoft will release 6 security bulletins and software updates to address the vulnerabilities described in them. 3 of the bulletins have a maximum rating of critical and (continue reading...) Read more
November 30, 2009 - Netcraft reports that 24 of the top 100 HTTPS sites have disabled renegotiation, blocking a recently-revealed flaw in the SSL3/TLS protocols. There is some controversy over how much of a real-world (continue reading...) Read more
November 25, 2009 - Google has announced improvements to their webmaster tools. These tools can be used by webmasters to work with Google, including when Google thinks your site is serving malware or phishing. We first (continue reading...) Read more