By Jeremiah Grossman

There are several security issues affecting all major Web browsers that have remained unaddressed for years (probably because the bad guys haven’t leveraged them aggressively enough, but the potential is there). The problem is that the only known ways to fix these issues (adequately) is to “break the Web” -- i.e. negatively impact the usability of a significant and unacceptable percentage of websites. Doing so is a non-starter for any browser vendor looking to grow market share. The choice is clear for most vendors: Be less secure and adopted, rather than secure and obscure. This is what the choice comes down to. This is a topic deserving of further exploration.

By Joshua Wright

Recently, I picked up a Verizon MiFi device for $50 and the extension of my service contract for another 2 years. The fun that I've had with the device so far has well made up for both costs.

By Magnus Kalkuhl

Have you ever found a false positive when uploading a file to a website like VirusTotal? Sometimes it happens that not just one scanner detects the file, but several. This leads to an absurd situation where every product which doesn't detect this file automatically looks bad to users who don't understand that it's just false positives.

By Gunter Ollmann, Damballa

The recent Google Advanced Persistent Threat (APT) dialogue has been hogging the press for a week now, and each day reveals new (and often conflicting) insight. As I mentioned on Thursdays blog – “Preemptive Protection” Isn’t – If You’re Battling APT’s – this particular attack doesn’t represent some new shift in tactics. It’s not the first APT in the world, in fact I’m pretty sure it’s not Google’s first exposure to APT’s, and I’m certain it isn’t going to the last. In fact I’d say its a safe bet to say that there are several other equivalent APT successes currently operating within Google’s networks waiting to be discovered. Such is the state of the threat.

By Scott Crawford & Nick Selby

There has been much talk recently about the "Advanced Persistent Threat." According to Richard Bejtlich [1] and others, the term originated with the US Air Force around 2006, which explains why Bejtlich and others with an Air Force pedigree, such as Mandiant founder Kevin Mandia, have made much of the term.

Ninety years ago KitchenAid released their first countertop mixer, which weighed in at about 69 pounds. More interestingly, the mixer also had a special socket that allowed users to attach assorted add-ons for new functionality such as slicers, shredders and meat grinders. Today this sort of extensibility of countertop-appliances is old hat for KitchenAid and their competitors.  The interesting thing about this socket is that it has not changed in size or shape since the very first version was released. As a result, you can buy a brand new attachment, say the pasta rollers and it will work in every single version of every KitchenAid stand mixer ever made. Talk about backward compatibility!

By Dmitry Bestuzhev   

As any reader of this site knows, cybercriminals can steal your money not just by putting malware on your machine, but by phishing attacks too. Phishing attacks don't just target online banking and e-payment systems, but almost any site which asks the user to input sensitive data.

By Andrew Storms

The year was 2001. Code Red, the Microsoft Web Server worm was running rampant and underscored every security professional's perception that Microsoft products were both a necessary evil and a serious security liability.

Fast-forward to nine years later. Microsoft products still contain more than a few nasty bugs, but the company is more likely to be considered a valued partner than a security liability by the security community.

An unidentified man breached airport security at Newark Airport on Sunday, walking into the secured area through the exit, prompting an evacuation of a terminal and flight delays that continued into the next day. This problem isn't common, but it happens regularly. The result is always the same, and it's not obvious that fixing the problem is the right solution.