Browsing Author: Ryan Naraine

Googler Drops Windows Zero-Day, Microsoft Unhappy

Categories: Vulnerabilities

[img_assist|nid=5309|title=|desc=|link=none|align=left|width=100|height=100]Google security researcher Tavis Ormandy has set the cat among the “responsible disclosure” pigeons with the release of technical details of a zero-day vulnerability affecting the Microsoft Windows Help and Support Center without giving Microsoft adequate time to prepare a patch.

Read more...

Patch Tuesday: Microsoft Kills Pwn2Own Browser Bug

[img_assist|nid=5199|title=|desc=|link=none|align=left|width=100|height=100]The Microsoft Patch Tuesday train rolled into town today, dropping off a massive 10 security bulletins with fixes for at least 34 documented vulnerabilities. Three of the bulletins are rated “critical” because of the risk of remote code execution attacks.  Affected products include the Windows operating system, Microsoft Office, the Internet Explorer browser and Internet Information Services (IIS).

Read more...

Understanding The Porn + Malware Connections

Categories: Malware, Web Security

[img_assist|nid=5260|title=|desc=|link=none|align=right|width=100|height=100]CAMBRIDGE — For a minimal investment of about $160, a single porn site operator can infect more than 20,000 computers with malware for use in cybercrime, according to an academic study presented at the Workshop on the Economics of Information Security (WEIS 2010).

Read more...

Apple Plugs 48 Security Holes in Safari Browser

[img_assist|nid=5253|title=|desc=|link=none|align=right|width=100|height=100]Apple has shipped new versions of its Safari browser with patches for at least 48 security vulnerabilities.The Safari 4.1 and 5.0 updates, considered “highly critical,” is available for both Windows and Mac OS X.  Exploitation of some of these vulnerabilities could lead to drive-by download (remote code execution) attacks.

Read more...

Adobe Warns of Flash, PDF Zero Day Attack

Categories: Vulnerabilities

[img_assist|nid=5234|title=|desc=|link=none|align=right|width=100|height=100]Adobe issued an alert late Friday night to warn about zero-day attacks against an unpatched vulnerability in its Reader and Flash Player software products.The vulnerability, described as critical, affects Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems.

Read more...

MS Patch Tuesday Heads-up: 10 Bulletins, 34 Vulnerabilities

Categories: Vulnerabilities

[img_assist|nid=5199|title=|desc=|link=none|align=right|width=100|height=100]Microsoft’s Patch Tuesday this month will be a big one:  10 bulletins fixing 34 vulnerabilities in Windows, Office and Internet Explorer.Three of the 10 bulletins will be rated “critical,” Microsoft’s highest severity rating.  The flaws addressed in those bulletins typically expose users to remote code execution attacks.

Read more...

Facebook Developer Verification Won’t Stop Rogue Apps

Looking to clamp down on the escalation of malicious apps on its popular social network, Facebook will now require that every developer to verify their Facebook account by providing a mobile phone number or adding a credit card to their account.

While this is clearly a step in the right direction, this won’t stop rogue apps from wreaking havoc on the social network.

Read more...

Gartner to Businesses: Eliminate Windows XP by 2012

Categories: Malware, Vulnerabilities

[img_assist|nid=5189|title=|desc=|link=none|align=left|width=100|height=100]As Microsoft prepares to pull the plug on support for Windows XP SP2, a move that stops the release of security updates for that operating system, research firm Gartner is urging businesses to start planning and testing Windows 7 this year with a plan to completely eliminate Windows XP by the end of 2012.

Read more...

Rutkowska’s Qubes OS to Implement Disposable VMs

[img_assist|nid=5188|title=|desc=|link=none|align=right|width=100|height=100]Joanna Rutkowska’s Qubes OS project will include a feature to create one-time use-and-discard virtual machines.The idea behind Disposable VMs is to have very lightweight virtual machines that can be created and booted quickly with a sole purpose of hosting only one application.  “Then, once you’re done, you just throw it away,” Rutkowska explained.

Read more...