Tuesday, May 06, 2008 11:18 AM/CST
Some of the biggest names in the IT software business still are very lax when it comes to fixing security holes reported by third-party brokers. According to a list maintained by TippingPoint's Zero Day Initiative, Microsoft, Novell, Oracle, Computer Associates...
Tuesday, April 22, 2008 3:43 PM/CST
There's a serious brain drain affecting the OLPC (One Laptop Per Child) initiative and it's not a good sign for security. The latest high-profile defector from the nonprofit organization is Walter Bender, a former MIT Media Lab executive who...
Tuesday, April 22, 2008 2:55 PM/CST
Security researcher Petko D. Petkov (aka pdp) has discovered a gaping hole in fully patched versions of Apple's QuickTime for Windows Media Player. The zero-day vulnerability allows an attacker to use rigged movie (.mov) files to take full control of...
Tuesday, April 22, 2008 10:12 AM/CST
Adobe has issued a prepatch advisory for a critical vulnerability in Photoshop Album Starter Edition 3.2, its free image-manipulation software product. The flaw, which affects Windows users, could be exploited to launch code execution attacks if the target is...
Monday, April 21, 2008 4:44 PM/CST
Microsoft's Windows XP SP3 (Service Pack 3) is finally here, offering several subtle security goodies alongside thousands of bug fixes. The biggest security feature in this service pack is the inclusion of NAP (Network Access Protection) to help organizations...
Saturday, April 19, 2008 6:40 PM/CST
OpenOffice has issued a high-priority update to fix at least six vulnerabilities affecting users of its free desktop productivity suite. The open-source group said the critical vulnerabilities affect OpenOffice.org suite versions prior to 2.4. An alert from Symantec's DeepSight...
Friday, April 18, 2008 12:36 PM/CST
[[ UPDATE: Here are the slides from Cerrudo's HiTB talk (.pdf) that prompted Microsoft's advisory. At the company's request, Cerrudo has opted not to release exploit code. ]] Last month, when I wrote about hacker Cesar Cerrudo's (left) plans to...
Friday, March 28, 2008 10:43 PM/CST
Using a zero-day vulnerability in Adobe's ubiquitous Flash Player, hacker Shane Macaulay hacked into a Windows Vista laptop to win a $5,000 cash prize at this year's CanSecWest Pwn2Own challenge. Macaulay, who uses the "K2" hacker moniker, also won...
Thursday, February 21, 2008 3:38 PM/CST
After a short stay of execution, America Online has finally pulled the plug on Netscape with an update notice encouraging users to migrate immediately to either Firefox or Flock. On the screen, Flock is listed ahead of Netscape and there's...
Wednesday, February 06, 2008 5:14 PM/CST
Here's a quick update on the Adobe Reader silent fix I wrote about earlier today. Adobe spokesperson John Cristofano sent me a statement confirming the severity of the vulnerability fixed with Adobe Reader 8.1.2 and promising that a detailed...
