Tuesday, May 06, 2008 11:18 AM/CST
Some of the biggest names in the IT software business still are very lax when it comes to fixing security holes reported by third-party brokers. According to a list maintained by TippingPoint's Zero Day Initiative, Microsoft, Novell, Oracle, Computer Associates...
Monday, April 28, 2008 12:39 PM/CST
Hewlett-Packard's ongoing struggle to keep its software updater free of serious ActiveX control vulnerabilities is showing no signs of letting up. According to a "highly critical" alert issued by Secunia, the HP Software Update package pre-installed on notebooks contains...
Thursday, April 24, 2008 1:31 PM/CST
Software engineers at Microsoft will get a front-row seat to hear about an unpatched Windows security hole that was once pooh-poohed as a "design issue" that shouldn't be seen as a security vulnerability. At the Spring edition of Redmond's...
Tuesday, April 22, 2008 2:55 PM/CST
Security researcher Petko D. Petkov (aka pdp) has discovered a gaping hole in fully patched versions of Apple's QuickTime for Windows Media Player. The zero-day vulnerability allows an attacker to use rigged movie (.mov) files to take full control of...
Monday, April 21, 2008 4:44 PM/CST
Microsoft's Windows XP SP3 (Service Pack 3) is finally here, offering several subtle security goodies alongside thousands of bug fixes. The biggest security feature in this service pack is the inclusion of NAP (Network Access Protection) to help organizations...
Monday, April 21, 2008 2:10 PM/CST
Microsoft has chosen a new song to continue its public slow dance with the white hat hacking community: online properties like *.microsoft.com, *.msn.com and *.live.com. According to Dan Goodin reporting from Toorcon Seattle, Microsoft security strategist Katie Moussouris pledged...
Friday, April 18, 2008 12:36 PM/CST
[[ UPDATE: Here are the slides from Cerrudo's HiTB talk (.pdf) that prompted Microsoft's advisory. At the company's request, Cerrudo has opted not to release exploit code. ]] Last month, when I wrote about hacker Cesar Cerrudo's (left) plans to...
Thursday, April 17, 2008 6:47 PM/CST
Apple has made a small but significant tweak to its Automatic Software Update utility to make a clear distinction between security patches and new products being pushed out to Windows users. The UI redesign, which adds a new box labeled...
Thursday, April 17, 2008 5:54 PM/CST
Hackers have posted attack code for what appears to be a zero-day vulnerability in Microsoft Works, the productivity software suite aimed at small businesses and home offices. The basic details, via McAfee analyst Kevin Beets: The flaw lies in...
Wednesday, April 16, 2008 6:06 PM/CST
It's Patch Day in the land of Web browsers. In separate warnings, Apple and Mozilla confirmed -- and fixed -- critical vulnerabilities affecting users of the Safari and Mozilla browsers. The Apple Safari patch (available for Windows and Mac...
