Brian Prince

Adobe Systems is planning to patch a zero-day security vulnerability affecting its Adobe Illustrator software by January. The announcement comes a week after proof-of-concept exploit code began circulating the Web. According to Adobe, the buffer overflow vulnerability in Adobe Illustrator CS4 and CS3 can be exploited via a malicious Encapsulated PostScript (.eps) file in Illustrator […]

Security service provider SecureWorks has acquired U.K.-based DNS Ltd. to expand its footprint in Europe. The acquisition, made for an undisclosed sum, expands SecureWorks global operations and service offerings to include a U.K.-based Security Operations Center; offices in London and Edinburgh; an Identity and Access Management Practice; and additional sales, security and management staff dedicated […]

Google filed a lawsuit Dec. 7 in U.S. federal court in Utah accusing a company of using its brand name in a work-from-home scam and slamming people with suspect credit card charges. According to Google, Salt Lake City-based Pacific WebWorks and several unnamed defendants offered a tool kit for stay-at-home online workers. The tool kit […]

Microsoft issued patches for 12 security vulnerabilities Dec. 8 for its final Patch Tuesday of 2009, including a fix for a zero-day bug plaguing older versions of Internet Explorer. All told Microsoft issued six security bulletins, three rated critical. The most serious of those is the Internet Explorer bulletin, which actually covers five security issues. […]

Ever wonder what percentage of people are clicking on those e-mails leading to fraudulent bank log-in pages? The answer is a very small percentage-but more than enough for phishers to still make a killing. New research from security firm (PDF) Trusteer shows that once users had been lured to a phishing site, some 45 percent […]

The 451 Group has released a survey that doesn’t bode well for MySQL. According to a survey of 347 users of open-source software, 82.1 percent of the respondents using open-source databases use MySQL today, while 78.7 percent expect to be using it in 2011. That number is expected to fall to 72.3 percent by 2014. […]

Adobe Systems is investigating reports of a new security vulnerability affecting its Illustrator software. Proof-of-concept code for an attack was publicized this week and is circulating the Web. According to Adobe, the vulnerability can be exploited via a malicious Encapsulated PostScript (.eps) file in Illustrator. “Adobe is aware of a report of a potential vulnerability […]

Much has been made about how Google Public DNS will improve the speed of the Web. But what about security? According to some, Google is on the right track-though others say the company is not exactly breaking new ground. “DNS as a protocol is pretty terrible in terms of security, but from a cursory glance […]

Microsoft is planning to release six security bulletins for December’s Patch Tuesday, including one to cover the recently disclosed zero-day vulnerability affecting Internet Explorer. According to the prerelease advisory, three of the bulletins are rated critical. The remaining bulletins are rated important. All told, Microsoft will address 12 vulnerabilities in Windows, Internet Explorer and Microsoft […]

US-CERT has issued a warning about impacting dozens of clientless SSL VPN products it says can be exploited to break Web browser security. The issue is not a bug per se, but actually a security hole opened by the way the products operate. Web browsers enforce same origin policy to prevent active content from one […]