Blogs | Page 64
Goatse Teaches Microsoft a Lesson
By Ryan Naraine | Posted: 2006-12-04
UPDATE: Microsoft's official RSS blog was temporarily defaced today with a semi-edited image of Goatse, a well-known Internet shock meme.
Podcast: Immunity's Dave Aitel
By Ryan Naraine | Posted: 2006-12-04
The OnSecurity podcast this week is an interview I did with hackmeister Dave Aitel of @stake/Immunity/DailyDave fame. We talk about Halvar Flake's claim that Windows Vista is the death knell for
... Read More
... Read More
Apple Bug Dispute; How Google Handles Hacked Sites
By Ryan Naraine | Posted: 2006-12-04
Links du jour: An assortment of security stories floating around blogland that you should be reading...
EveryDNS Under Botnet DDoS Attack
By Ryan Naraine | Posted: 2006-12-02
UPDATED: EveryDNS, a company that offers free domain name management services, has been hit by a massive DDoS (distributed denial-of-service attack) that affected thousands of sites, including OpenDNS (a sibling startup that runs the PhishTank anti-phishing initiative).
Anti-Virus Is Dead, D-E-A-D, Dead!
By Ryan Naraine | Posted: 2006-12-01
Outgoing Gartner analyst Amrit Williams is leaving with a bang, boldly declaring that stand-alone, signature-based anti-virus is dead.
Cracking the BlackBerry with a $100 Key
By Ryan Naraine | Posted: 2006-11-30
The security model of that BlackBerry on your hip isn't holding up very well to third-party scrutiny.
According to a white paper by John O'Connor, a researcher on Symantec's security response team, hackers can pay $100 for an API developer key that can open doors to the theft of data
Podcast: Symantec's Doug Bowers
By Ryan Naraine | Posted: 2006-11-29
The latest installment of the eWEEK OnSecurity podcast is a sharp discussion between my colleague Matt Hines and Symantec's anti-spam guru Doug Bowers about the rising tide of unwanted e-mail and the range of Internet and computer security threats. Download audio.
Oracle Zero-Day Project Cancelled
By Ryan Naraine | Posted: 2006-11-29
UPDATED: Cesar Cerrudo has suddenly cancelled plans to release daily zero-day flaws in Oracle databases during the first week in December. Just days before the project was due to start, Cerrudo announced that "due to many problems," the WoODB (Week of Oracle Database Bugs) has been scrapped.
Psiphon Project to Fight Net Censorship
By Ryan Naraine | Posted: 2006-11-29
UPDATED: Researchers at the University of Toronto are working on a free tool to allow Web surfers to bypass government censorship of the Web. The tool, called psiphon, is part of a human rights software project developed by the Citizen Lab at the Munk Centre for International Studies and
Coming in December: Oracle Zero-Day Flaws
By Ryan Naraine | Posted: 2006-11-20
On the heels of HD Moore's Month of Browser Bugs and LMH's Month of Kernel Bugs, a database security research expert plans to start a new project dedicated to releasing zero-day flaws in Oracle database server and application products...
Rootkits on a PCI Card?
By Ryan Naraine | Posted: 2006-11-17
A well-respected British security researcher has found a way to use a PCI device to plant an offensive rootkit on Windows machines. John Heasman, principal security consultant at NGSS (Next-Generation
... Read More
... Read More
The Exploits Are A-Comin'
By Ryan Naraine | Posted: 2006-11-16Interview: Inside the Mind of a Kernel Hacker
By Ryan Naraine | Posted: 2006-11-15
You might be surprised to learn that the mysterious hacker behind the MoKB (Month of Kernel Bugs) project actually believes in responsible disclosure. For the entire month of November, the man known
... Read More
... Read More
Unpatch Day: Pay Attention to MS06-070
By Ryan Naraine | Posted: 2006-11-14
Microsoft's Patch Tuesday express has dropped off six security bulletins covering at least nine vulnerabilities (not counting those silently fixed thingies). The IE and XML Core Services bugs
... Read More
... Read More
eEye Spies High-Risk Adobe Flaw
By Ryan Naraine | Posted: 2006-11-13
eEye Digital Security has flagged a high-severity flaw in an unnamed Adobe product and warned that millions of Windows users are at risk of remote code execution attacks. A bland notice on the company's upcoming advisories page said the flaw was reported and confirmed by Adobe. I pinged eEye's
