Ryan Naraine

Critical Flaws Haunt VLC Media Player

VideoLAN has released a security advisory to address multiple vulnerabilities in the VLC Media Player. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

Privacy Tool Sidesteps Google’s Data Collection

BOSTON — Privacy advocate Moxie Marlinspike used the spotlight of the SOURCE conference here to call attention to Google’s data harvesting practices, warning that the search engine giant can mine information to figure out even what Web surfers are thinking about.


The New York Times is reporting that Google’s password system was compromised during a targeted attack last December.The system, called Gaia or Single Sign-On,  controls access by millions of users worldwide to almost all of the company’s Web services, including e-mail and business applications.

Forbes reporter Andy Greenberg polled a group of security researchers about the security posture of Apple’s new iPad device and comes away with a simple conclusion:  The iPad is just as insecure as the iPhone.  Some quotes from the story:

The Cisco Secure Desktop contains a vulnerable ActiveX control that could allow an attacker to execute arbitrary code with the privileges of the user who is currently logged into the affected system, according to a warning from the networking vendor.

In a sudden about-face, Sun has rushed out a Java update to fix a drive-by download vulnerability that exposed Windows users to in-the-wild malware attacks.The patch comes less than a week after Sun told a Google researcher it did not consider the issue serious enough to warrant an out-of-cycle patch and less than a day after researchers spotted live exploits on a booby-trapped song lyrics Web site.