February 5, 2010 - Microsoft Office 2010 will, by default, opt in to DEP (Data Execution Prevention), a feature (continue reading...) Read more
February 5, 2010 - Dion Blazakis provided me with a formal paper on the techniques he revealed yesterday to bypass ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention) in Windows. (continue reading...) Read more
February 4, 2010 - New attack techniques have proven capable of penetrating the state of the art in Windows systemic defenses, specifically DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization). A demonstration was made (continue reading...) Read more
February 4, 2010 - Microsoft has released their advance notification for the February, 2010 Patch Tuesday, and it's a doozy. An unlucky 13 updates to Windows and Office will be released addressing 26 vulnerabilities. 11 of (continue reading...) Read more
February 3, 2010 - Microsoft has disclosed a vulnerability in Internet Explorer that can allow an attacker to cause local files on the system to be displayed as HTML. Technically, all versions of IE are affected, (continue reading...) Read more
February 2, 2010 - It's standard operating procedure for most users to have a small number of passwords, perhaps only one, that they use on every site that requires a username and password. This is, of (continue reading...) Read more
February 2, 2010 - An anonymous entry on the CryptoPath blog describes how flaws in the iPhone OS's "chain of trust" management could allow an attacker to install their own trusted root certificate in the (continue reading...) Read more
February 2, 2010 - 5 critical flaws in the OS software for the iPhone and iPod Touch have been fixed in the just-released iPhone OS 3.1.3 for those devices. CoreAudio (CVE-2010-0036)—Due to a buffer overflow, playing (continue reading...) Read more
February 2, 2010 - A mysterious flood of SSL packets from the Pushdo botnet, possibly an attempted DDOS attack, is not succeeding, according to the Internet Storm Center. None of the attacked sites are experiencing (continue reading...) Read more
January 30, 2010 - Google has announced a number of security enhancements that are being implemented in Chrome. Some have already been implemented in other browsers, including Firefox and IE and in significant add-ons like (continue reading...) Read more
January 30, 2010 - Not that long after a Google employee running Internet Explorer 6 was hacked, creating an international incident, Google has announced that they will begin withdrawing support for IE6 in their (continue reading...) Read more
January 27, 2010 - Tomorrow, Thursday, January 28, 2010, is Data Privacy Day in North America and Europe. (Sorry I didn't get you a card. What's your address and social security number so I can (continue reading...) Read more
January 27, 2010 - A report in Computerworld describes how an unpatched vulnerability in Internet Explorer could allow an attacker to read arbitrary files on the user's computer. Jorge Luis Alvarez Medina, a security consultant with (continue reading...) Read more
January 25, 2010 - Inspired by Jack Schofield (by way of Ed Bott on Twitter), I opened up Process Explorer on my own system to examine the DEP status of programs running on my (continue reading...) Read more
January 25, 2010 - A consortium of Australian ISPs is preparing a voluntary code for handling customers whose computers have been turned into bots in a botnet. The draft plan calls on the ISP, after identifying (continue reading...) Read more
January 21, 2010 - A cumulative update for Internet Explorer from Microsoft fixes the infamous vulnerability in the browser used recently to attack Google and other major companies. 7 other IE vulnerabilities were also fixed, (continue reading...) Read more
January 21, 2010 - Web site defacements have been in the news lately and site owners are blaming their vendors. The first one came on January 12 when Baidu, the top search engine in China (especially if (continue reading...) Read more
January 20, 2010 - Microsoft has announced that tomorrow, Thursday January 21, they will release an out-of-band update to Windows and Internet Explorer to fix the vulnerability that was exploited in the infamous Aurora attacks. (continue reading...) Read more
January 20, 2010 - Adobe has disclosed critical vulnerabilities in Shockwave Player versions 11.5.2.602 and earlier, creating the possibility of remote compromise of the system. Windows and Mac versions are affected. Numerous overflow vulnerabilities are referenced, (continue reading...) Read more
January 18, 2010 - In their weekly podcast, Ryan Naraine and Dennis Fisher of Kaspersky's Threatpost speculate that the political pressure surrounding the IE 0-day is such that Microsoft will issue an emergency patch. This makes (continue reading...) Read more