Mozilla’s security response team is scrambling to ready a patch [zdnet.com] for what appears to be a serious security vulnerability affecting users of its flagship Firefox browser.
Browsing Category: Vulnerabilities
By Chuck Miller, SC Magazine
Security updates for Cisco’s Internetwork Operating System (IOS) were released Wednesday [scmagazine.com] to shield against a number of vulnerabilities.
The security issues [cisco.com] are varied and relate to TCP, UDP, mobile and VPN vulnerabilities. In describing one bug, an advisory warned about a problem that could block traffic to a router or even cause it to crash.
By Gregg Keizer, ComputerWorld
Adobe Systems Inc. revealed today that it patched five critical vulnerabilities behind the scenes [computerworld.com] when it updated its Reader and Acrobat applications earlier this month to fix a bug already under attack.
According to a security bulletin issued today [adobe.com], the updates to Reader 9.1 and Acrobat 9.1 that Adobe delivered on March 10 included patches for not just one bug — as Adobe indicated at the time — but for five other vulnerabilities as well.
By Joan Goodchild, CSO
Whether it is employees who travel frequently for their job or staff that work out of a home office full or part-time, their mobility poses serious security risks to your organization. Here are the common mistakes employees often make [csoonline.com] while telecommuting some advice on how to put a damper on them.
In an essay published on his personal blog [doxpara.com], security researcher Dan Kaminsky is starting to sound the alarm about “the extraordinary damage” we face from infrastructure attacks, warning that the industry needs to treat infrastructure with more security due diligence and care.
“Forget patching infrastructure. When my DNS bug hit, a remarkable number of sites suddenly found themselves simply identifying the DNS servers they were dependent on. We can do better. We need better operational awareness of our infrastructure. And we need infrastructure, over time, to become a lot safer and easier to update,” Kaminsky said.
By Byron Acohido, LastWatchdog.com
Two schools of thought exist about what the Conficker worm will do come the wee hours of April 1, 2009, GMT.
Some experts, like WinPatrol creator Bill Pytlovany, are sensing that the worm’s controllers will run circles [lastwatchdog.com] around the Microsoft-led “cabal” of security groups trying to block some 3 million to 12 million Conficker-infected PCs from phoning home on April Fools Day.
It’s been the better part of a decade now since Microsoft got religion about the security of its products, following the release of Bill Gates’s famous Trustworthy Computing memo. In that time, the reliability, security and resiliency of the company’s products has improved greatly, as has Microsoft’s standing in the security community.
HP has released a free static-analysis tool designed to find vulnerabilities in applications developed on the Adobe Flash platform. But HP SWFScan is no security geek plaything.
It’s meant specifically for developers without much in the way of security training.
Researchers at DroneBL have spotted signs of a stealthy router-based botnet worm [zdnet.com] targeting routers and DSL modems.
The worm, called “psyb0t,” has been circulating since at least January this year, infecting vulnerable embedded Linux devices such as the Netcomm NB5 ADSL modem and launching denial-of-service attacks on some Web sites.
From the article:
It appears that the free ride is over for software vendors.
For years, software makers have benefited from the work done by the community of security researchers who spend days or weeks looking for vulnerabilities and novel ways to break the vendors’ products. This work is virtually always done pro bono by researchers who either have day jobs and do their research as a sideline or by experts at security companies who do the work as a way to promote their research teams. Either way, until recently, most of these bug reports were given to the affected vendors for free.