Brian Prince

Microsoft researchers uncovered a flaw in the Google Chrome Frame plug-in for users of Internet Explorer. According to Google, which patched the problem Nov. 18 with an update, the vulnerability could be exploited to bypass cross-origin protections. The plug-in-which injects Google Chrome’s rendering engine into Internet Explorer-has been a source of controversy between Microsoft and […]

The cyber-underworld is highly specialized, with the malware authors and purveyors at one end, and the cash out fraudsters responsible for laundering loot from compromised accounts on the other end. RSA, EMC’s security division, recently took a long look at another side of the cyber-crime business. Researchers focused on a reshipping operation dubbed “Air Parcel […]

Google previewed Chrome OS Nov. 19 and opened up about how its security strategy deviates from the traditional model for securing today’s operating systems. In a presentation, Google painted a picture of a slim operating system that uses a combination of sandboxing, encryption of user data and a verified boot process to protect users. Google […]

Cyveillance said Nov. 16 it has uncovered a search engine optimization poisoning campaign that has impacted more than 260,000 sites. The scheme targets Google search by getting victims to click on links that are routed to sites that attempt to download malware onto their machines. According to Cyveillance, the common string albums/bsblog/category is found in […]

Authorities in the U.K.have reportedly arrested two people in connection with using a notorious Trojan in a scheme to steal online banking information. The man and the woman, both 20, were arrested by the Metropolitan Police Service in Manchesterfor violating the 1990 Computer Misuse Act and the 2006 Fraud Act, according to police. The duo […]

Mozilla has added an extra wall in Firefox 3.6 to block third-party add-ons from loading in the browser’s application components directory. The change prevents third-party applications from adding code to Firefox‘s components directory–which houses much of Firefox’s own code–and will thereby keep developers and software vendors from silently installing Firefox add-ons without the user’s permission. […]

Mobile devices and Web 2.0 technologies are forcing organizations to adapt to a new set of security needs, but many enterprises may be falling short, according to a study by the Ponemon Institute. Dubbed the “Worldwide State of the Endpoint Survey 2010,” the study was commissioned by Lumension Security to take a look at how […]

Fresh off its acquisition by Rapid7, the Metasploit Project has released an updated version of its penetration testing framework that includes more than 440 exploits and hundreds of payloads. Rapid7 acquired Metasploit last month to add to the company’s testing capabilities. Nick Selby, managing director at security firm and consultancy Trident Risk Management, said the […]

The ability of several countries to launch politically motivated cyber-attacks has increased and put critical infrastructure in the crosshairs, according to a sweeping report from McAfee. In its fifth annual Virtual Criminology Report (PDF), McAfee noted that not only have politically motivated cyber-attacks increased, but countries such as Russia, the United States and China are […]

The Pirate Bay shut down its BitTorrent tracker Nov. 17, announcing that it was adopting a more decentralized model. The site, which has been under pressure from authorities in Sweden due to its content, made a name for itself by indexing and tracking BitTorrent files. According to The Pirate Bay, enhancements such as DHT (distributed […]