Browsing Author: Ryan Naraine

Microsoft to Patch 8 Vulnerabilities in Windows, Office

Categories: Malware, Vulnerabilities

[img_assist|nid=3600|title=|desc=|link=none|align=right|width=100|height=100]Microsoft has announced plans to ship two security bulletins next week to fix a total of eight vulnerabilities affecting Windows and Office products.Both bulletins are rated “important” because of the risk compromising the confidentiality, integrity or availability of user data.

Read more...

RSA 2010: Cryptographers Discuss Wisdom of ‘Foolishness’

At the RSA conference in San Francisco, a panel of leading cryptographers reveal some of the lessons they have learned while making seemingly imprudent decisions. By going against the grain, new objectives can be made and boundaries overcome.

Read more...

RSA 2010: Microsoft Floats Idea to Quarantine Infected Computers

Categories: Malware, Vulnerabilities

[img_assist|nid=3563|title=|desc=|link=none|align=right|width=100|height=100]A top Microsoft executive is floating the idea of creating mandatory quarantines for computers with malware infections that pose a risk to internet users.The informal proposal, made Tuesday by Microsoft Vice President of Trustworthy Computing Scott Charney, was short on specifics, such as who would be responsible for monitoring and isolating malware-riddled machines. But he laid out his case for keeping them away from the general populace, comparing such a move to laws that have gone into effect over the past 20 years banning cigarette smoking in public.  Read the full story [The Register]

Read more...

Apple Snags former Mozilla Security Chief

Categories: Malware, Vulnerabilities

[img_assist|nid=3558|title=|desc=|link=none|align=right|width=100|height=100]Apple has hired former Microsoft and Mozilla security specialist Window Snyder to help secure its Mac ecosystem.Snyder, who last worked as Mozilla’s security chief, confirmed she is joining Apple as senior product manager for security.

Read more...

Google Researcher Ships Exploit to Defeat ASLR+DEP

Categories: Malware, Vulnerabilities

A prominent security researcher has released an exploit that uses a new technique to defeat ALSR + DEP on Microsoft’s Windows operating system.

The exploit, released by Google security researcher “SkyLined,” uses the ret-into-libc technique to bypass DEP (Data Execution Prevention) and launch code execution attacks on x86 platforms. 

Read more...

Hacker Report ‘High Risk’ Flaws in Safari Browser

Categories: Malware, Vulnerabilities

[img_assist|nid=3540|title=|desc=|link=none|align=left|width=100|height=100]Over the last two weeks, security researchers have reported eight different zero-day vulnerabilities in Apple’s Safari browser.Details of these vulnerabilities, all rated “high risk,” have been sold to Tippingpoint’s Zero Day Initiative (ZDI), a program that purchases the rights to vulnerability information in exchange for exclusivity to broker fixes with affected vendors.

Read more...

Microsoft Warns of New IE Code Execution Flaw

Categories: Malware, Vulnerabilities

[img_assist|nid=3534|title=|desc=|link=none|align=left|width=100|height=100]Microsoft’s security response team is investigating reports of a potentially dangerous code execution vulnerability in its flagship Internet Explorer browser.

The company warned that an attacker could host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop up dialog box.

Read more...

RSA 2010: Top 15 Conference Sessions You Shouldn’t Miss

[img_assist|nid=3454|title=|desc=|link=none|align=left|width=100|height=100]The RSA security conference is known for being a vendor-heavy, corporate-speak shindig that lacks quality content.   I disagree.   I spent some time perusing the conference agenda this year and found 15 must-attend sessions:

Read more...

Despite Security Hiccups, IE6 Usage Still High

Categories: Malware, Vulnerabilities

[img_assist|nid=3424|title=|desc=|link=none|align=left|width=100|height=100]Despite widespread calls to boycott IE 6 and Microsoft’s plans to retire support for the browser, 19%
of respondents in a Virus Bulletin poll said that they are still running the browser, whether at home, at work,
or both. In VB’s poll, 15% of respondents said they
were running the browser at work, indicating that, for many
organizations, upgrading is not a priority.  Read the full story [virusbtn.com]

Read more...

Adobe Patches Critical Hole in Download Manager

[img_assist|nid=3410|title=|desc=|link=none|align=right|width=100|height=100]Adobe today shipped a patch for a critical vulnerability in its Download Manager utility, warning that hackers could exploit the issue to take full control of Windows computers.The vulnerability, discovered by Aviv Raff, could potentially allow an attacker to download and install unauthorized software onto a user’s system, Adobe said in an advisory.

Read more...