Date: 02/06/08     Keywords: no keywords

Mozilla said that it plans to release Firefox 2.0.0.12 Feb. 7 or Feb. 8. The release will fix a high severity vulnerability. The vulnerability, which was given a severity rating on Jan. 29, allows an attacker to swipe cookies and other critical data that can leak out...

Source: http://blogs.zdnet.com/security/?p=857

Date: 02/06/08     Keywords: no keywords

Apple on Tuesday dropped a patch for iPhoto to plug a "format string vulnerability." The iPhoto 7.1.2 update patches CVE-2008-0043. According to Apple's advisory, a hacker cold lure a user to subscribe to a malicious photocast. From there, an attacker could launch a arbitrary code execution. ...

Source: http://blogs.zdnet.com/security/?p=856

Date: 02/06/08     Keywords: html, security, web

Skype said today that a security bug in the Skype for Windows client has been identified and fixed. Here's the problem, according to Skype: Skype uses Internet Explorer web control to render HTML content. ...

Source: http://blogs.zdnet.com/ip-telephony/?p=3168

Date: 02/05/08     Keywords: security

IBM's Internet Security Systems is previewing its X-Force report and disclosed a notable factoid: Vulnerability disclosures fell 5.4 percent in 2007 relative to 2006. Here's the data in a chart as disclosed in the ISS blog: Feel safer yet? You...

Source: http://blogs.zdnet.com/security/?p=855

Date: 02/05/08     Keywords: security

Interesting email in today mailbag:  "Will SP1 contain undisclosed or undocumented security fixes?" For some people, counting the number of security flaws that one OS has compared to another is important because it offers a metric upon which to determine which OS is the most secure (personally,...

Source: http://blogs.zdnet.com/hardware/?p=1225

Date: 02/05/08     Keywords: spam

Symantec released its February state of spam report and Europe has become the center of the spam universe. In its report, Symantec said: The percentage of spam messages that claimed to originate from Europe is now significantly greater than the percentage of spam messages originating from...

Source: http://blogs.zdnet.com/security/?p=853

Date: 02/05/08     Keywords: technology

President Bush unveiled his $3.1 trillion--yes trillion--fiscal 2009 budget and there are a lot of technology highlights to go around. Whether this budget ever gets approved anywhere near its current state remains to be seen (fiscal 2008's budget isn't official), but directionally there are some key highlights....

Source: http://blogs.zdnet.com/BTL/?p=7888

Date: 02/05/08     Keywords: security

The White House unveiled its fiscal 2009 budget proposal and the $3.1 trillion monstrosity throws the U.S. Computer Emergency Readiness Team $242 million to boost its malware and intrusion detection capabilities. According to the proposed budget released on Monday, "a more robust US-CERT will increase the cyber security posture...

Source: http://blogs.zdnet.com/security/?p=851

Date: 02/04/08     Keywords: security

If we look at the investment in enterprise IT security infrastructure over the past decade, companies have invested heavily in their perimeters while ignoring the inside, says Sentrigo's Slavik Markovich. Commentary--We begin with a story: A wealthy man decides to protect...

Source: http://news.zdnet.com/2424-9595_22-186769.html

Date: 02/04/08     Keywords: no keywords

Federal regulations creating a uniform national ID card are looming. Read the the full text of the Real ID bill. Real ID became law not through the usual legislative process, but instead as part of a mammoth Iraq spending and Asian tsunami bill, the "Emergency Supplemental Appropriations Act...

Source: http://news.zdnet.com/2100-9588_22-6228910.html

Date: 02/04/08     Keywords: security

Security researcher Elazar Broad has found another vulnerability in Facebook's Aurigma ImageUploader control. And these vulnerabilities are stacking up. In an advisory on the Full Disclosure email list on Sunday, Broad wrote: The control is vulnerable to a stack-based buffer overflow in the ExtractExif and...

Source: http://blogs.zdnet.com/security/?p=846

Date: 02/01/08     Keywords: security

I spent the last ten days in London and Frankfurt in a morning-to-night whirlwind of business meetings. While the trip was great, it left me no literally time to blog, which was a drag. Nonetheless, walking through Frankfurt security, I looked up and saw beautiful blog material -- a public...

Source: http://blogs.zdnet.com/projectfailures/?p=578

Date: 01/31/08     Keywords: no keywords

Two Oxford dons have published a paper which claims that engineering and terrorism share a common mindset. (The lead author is Diego Gambetta, right.) Personally I can see a closer relationship between being being an Oxford sociology professor and having your head...but I digress. (Someone needs a lesson...

Source: http://blogs.zdnet.com/open-source/?p=1959

Date: 01/31/08     Keywords: linux

Developer of the Linux kernel says improvements in power-management, energy-diagnosis tools are in the offing. The infrastructure and tools required to make Linux a green operating system are now in place, according to Linux leader Linus Torvalds, who was in Melbourne this week attending Australia's largest Linux conference....

Source: http://news.zdnet.com/2100-3513_22-6228517.html

Date: 01/31/08     Keywords: security

Internet Attorney Sophia Cope says the new law will do more harm than good and the better idea is for Congress to revisit a fundamentally flawed law. The government claims that driver's license "reform" will help combat illegal immigration and generally protect national security, but it fails to...

Source: http://news.zdnet.com/2010-9588_22-6228491.html

Date: 01/31/08     Keywords: security

In the fight against security breaches, PGP Chief Executive Phil Dunkelberger cautions that encryption by itself is not the answer. One of the questions I'm frequently asked is, "If perimeter-based data security strategies are breaking down, why aren't more companies using encryption to protect their confidential information?" ...

Source: http://news.zdnet.com/2010-1009_22-6228252.html

Date: 01/30/08     Keywords: security, microsoft

A workable exploit attack for a TCP/IP vulnerability in Microsoft's Windows has been launched into the wild courtesy of security firm Immunity. On Jan. 17, it became clear that you shouldn't dawdle on deploying Microsoft's MS08-001 patch. That patch, issued Jan. 8, fixed a Transmission Control Protocol/Internet...

Source: http://blogs.zdnet.com/security/?p=840

Date: 01/29/08     Keywords: html

Here is a beautiful example of poking around inside an application to gather what otherwise would be proprietary data. John Graham-Cumming has hacked the social book marking application Digg to discover how many registered users they have. He noticed that inside the html code associated with each user was...

Source: http://blogs.zdnet.com/threatchaos/?p=518

Date: 01/28/08     Keywords: software, spam

A few items of note: There's a Western Union spam with Trojan payload; Beware Super Bowl hijinx this week; And if you really want to be a malicious hacker move to Japan. Among the notable: Western Union spam with Trojan Sunbelt Software reports...

Source: http://blogs.zdnet.com/security/?p=834

Date: 01/28/08     Keywords: technology

John Battelle thinks real-world payment processing would be an ideal business for local governments to get into. He notes that it's already in this business in the form of automatic toll-payment technology; in the Bay Area, it's called FasTrack. And apparently, commuters will now be able to use their FasTrack...

Source: http://government.zdnet.com/?p=3628