September 19, 2011 - Microsoft had to reissue an update for users of Windows XP and Windows 2003 today related to the compromise of certificate authority DigiNotar. It (continue reading...) Read more
August 3, 2011 - The second half of 2011 got off to a great start for AVAST Software (even if it was rough in terms of Prague’s “summer” weather, which been more like an out-of-place autumn). We began the third quarter with a record (continue reading...) Read more
February 5, 2010 - Microsoft Office 2010 will, by default, opt in to DEP (Data Execution Prevention), a feature (continue reading...) Read more
February 5, 2010 - Dion Blazakis provided me with a formal paper on the techniques he revealed yesterday to bypass ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention) in Windows. (continue reading...) Read more
February 4, 2010 - New attack techniques have proven capable of penetrating the state of the art in Windows systemic defenses, specifically DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization). A demonstration was made (continue reading...) Read more
February 4, 2010 - Microsoft has released their advance notification for the February, 2010 Patch Tuesday, and it's a doozy. An unlucky 13 updates to Windows and Office will be released addressing 26 vulnerabilities. 11 of (continue reading...) Read more
February 3, 2010 - Microsoft has disclosed a vulnerability in Internet Explorer that can allow an attacker to cause local files on the system to be displayed as HTML. Technically, all versions of IE are affected, (continue reading...) Read more
January 30, 2010 - Not that long after a Google employee running Internet Explorer 6 was hacked, creating an international incident, Google has announced that they will begin withdrawing support for IE6 in their (continue reading...) Read more
January 27, 2010 - The Tools-Internet Options dialog box in Internet Explorer has a wealth of important settings in it, some which affect the system outside of Internet Explorer. This dialog box is also available as (continue reading...) Read more
January 27, 2010 - A report in Computerworld describes how an unpatched vulnerability in Internet Explorer could allow an attacker to read arbitrary files on the user's computer. Jorge Luis Alvarez Medina, a security consultant with (continue reading...) Read more
January 25, 2010 - Inspired by Jack Schofield (by way of Ed Bott on Twitter), I opened up Process Explorer on my own system to examine the DEP status of programs running on my (continue reading...) Read more
January 21, 2010 - A cumulative update for Internet Explorer from Microsoft fixes the infamous vulnerability in the browser used recently to attack Google and other major companies. 7 other IE vulnerabilities were also fixed, (continue reading...) Read more
January 20, 2010 - Microsoft has announced that tomorrow, Thursday January 21, they will release an out-of-band update to Windows and Internet Explorer to fix the vulnerability that was exploited in the infamous Aurora attacks. (continue reading...) Read more
January 20, 2010 - Adobe has disclosed critical vulnerabilities in Shockwave Player versions 11.5.2.602 and earlier, creating the possibility of remote compromise of the system. Windows and Mac versions are affected. Numerous overflow vulnerabilities are referenced, (continue reading...) Read more
January 18, 2010 - In their weekly podcast, Ryan Naraine and Dennis Fisher of Kaspersky's Threatpost speculate that the political pressure surrounding the IE 0-day is such that Microsoft will issue an emergency patch. This makes (continue reading...) Read more
January 18, 2010 - Researcher Dino Dai Zovi says he has moved the Aurora exploit to the next level. On Twitter, he stated: "And now my Aurora exploit works on IE7 on Vista as well (continue reading...) Read more
January 17, 2010 - I've written it many times before: Nobody is more generous with (continue reading...) Read more
January 16, 2010 - Famed researcher HD Moore created a usable proof-of-concept exploit last night for the 0-day vulnerability in Internet Explorer used in the attack incident that everyone is now calling Aurora. It's a (continue reading...) Read more
January 14, 2010 - New evidence points to a previously unknown vulnerability in Internet Explorer as the hole through which criminals recently attacked Google and other companies, rather than a known, but unpatched vulnerability in Adobe (continue reading...) Read more
January 12, 2010 - Adobe has released a security advisory and other details on today's updates to Adobe Reader and Acrobat. The advisory lists 8 vulnerabilities fixed in the new versions 8.2 and 9.3, including (continue reading...) Read more