Ryan Naraine | November 14, 2006 4:11 PM
Microsoft's Patch Tuesday express has dropped off six security bulletins covering at least nine vulnerabilities (not counting those silently fixed thingies). The IE and XML Core Services bugs are getting all the attention but security experts are most nervous about MS06-070, which covers a nasty, wormable flaw in Workstation Service.
Ryan Naraine | November 13, 2006 8:11 PM
eEye Digital Security has flagged a high-severity flaw in an unnamed Adobe product and warned that millions of Windows users are at risk of remote code execution attacks. A bland notice on the company's upcoming advisories page said the flaw was reported and confirmed by Adobe. I pinged eEye's
Ryan Naraine | November 13, 2006 1:11 PM
In response to my Q&A with Joanna Rutkowska, the stealth malware researcher who used AMD's SVM/Pacifica virtualization technology to create malware (Blue Pill) that's "100 percent undetectable," AMD's PR team wrote in to challenge those claims, arguing that the addition of AMD Virtualization to AMD processors does not increase the
Ryan Naraine | November 13, 2006 12:11 PM
My latest OnSecurity podcast is a fun interview with Dave Goldsmith, the former @Stake co-founder who runs the Matasano Security pen testing team. We gab about the state of vulnerability research, the never-ending flaw disclosure controversity, the buzz around fuzz testing tools and, naturally, whether Windows Vista will significantly
Ryan Naraine | November 09, 2006 2:11 PM
The MoKB (Month of Kernel Bugs) project that launched Nov. 1 with an Apple Mac OS X Wi-Fi exploit continues to hum along, exposing serious kernel-level vulnerabilities in FreeBSD, Linux, Solaris and, of course, Windows.