Dennis Fisher

Just a few days after releasing Chrome 19, Google has updated the browser again, fixing 13 vulnerabilities, including two critical bugs.  Read more »

Yahoo on Wednesday launched a new browser called Axis and researchers immediately discovered that the company had mistakenly included its private signing key in the source file, a serious error that would allow an attacker to create a malicious, signed extension for a browser that the browser will then treat as authentic. Read more »

Browsers are a really nice target for attackers of all stripes and skill levels. But, unless you're a savant or have just landed here from the future, you may want to take a pass on going after Google Chrome, judging by the insane level of effort and skill that an anonymous security researcher had to deploy in order to compromise Chrome during the company's Pwnium contest in March. Read more »

With a deadline for users to disinfect their computers or potentially lose Internet access thanks to the DNSchanger malware, Google is undertaking an effort to notify infected users through messages on search results pages. The federal government also is working to warn users about the infections and potential consequences if their machines aren't cleaned by July 9. Read more »

There's an old saying that all things end badly or else they wouldn't end. It sounds nice, but it's not necessarily true. Plenty of things simply end. The useful career of the Police, Man Vs. Food and highway A1A all ended without any catastrophic effects or gnashing of teeth. Now, with the end of Howard Schmidt's career as White House cybersecurity coordinator nearing its end, much will be made of what he did or didn't accomplish in his time in government service. That's a fun parlor game to play, but the most important aspect of Schmidt's time in Washington is the simple fact that he answered the bell when no one else would. Read more »

In this talk from the TEDx San Jose conference, security and privacy researcher Chris Soghoian explains the way that surveillance works these days, why it's so easy for law enforcement to watch private citizens and why companies such as Facebook, Twitter, Google and others won't protect their users from this surveillance.

UPDATE--An Android handset produced by Chinese manufacturer ZTE has a backdoor installed that could enable an attacker to take control of an affected device remotely and run arbitrary code. The manufacturer has acknowledged the issue in the ZTE Score M, which includes a harcoded password, and says that it plans to push out a fix soon.  Read more »

Since the beginning of recorded time, security researchers, software vendors and hackers have been issuing security advisories in all kinds of nutty formats. Some feature excellent ASCII art, some have clever inside jokes and some come from Microsoft. Now, there's a effort underway, called the Common Vulnerability Reporting Framework, to standardize the way that vulnerabilities are reported so that they're in a common, machine-readable format.  Read more »

For the aspiring attacker or pen tester, there is no shortage of attack tools, scripts, crimeware kits and exploits available online. But, the Internet being what it is, there's always room for one more. Enter HULK, a new DDoS tool that arrives just in time to coincide with the release of some movie involving the actual Hulk and other CGI-ified mediocre-heroes. Read more »

Twitter has implemented the Do Not Track header on its site, giving users the option of telling the site that they do not want to be tracked across other sites on the Web. The implementation is being done through the DNT technology in the Firefox browser. Read more »