Brian Prince

A security researcher has demonstrated how attackers could use a newly discovered vulnerability in the Secure Sockets Layer protocol to launch an attack on Twitter. The researcher, Anil Kurmus, posted details of the attack to his blog, The Secure Goose, Nov. 10. The exploit takes advantage of a vulnerability reported Nov. 5 by researchers from […]

Microsoft released a security advisory to help users mitigate a bug affecting Windows 7 and Windows Server 2008 Release 2. The security vulnerability was reported last week by researcher Laurent Gaffie and can be exploited to remotely trigger a denial-of-service condition in Windows 7 and Windows Server 2008 R2. Gaffie posted proof-of-concept code to the […]

A new survey painted a picture of domain name server security that was both troubling and hopeful. According to research released by Infoblox and The Measurement Factory, there has been a dramatic increase in the percentage of external name servers that are open to recursion. The study put the latest figure at 79.6 percent, a […]

iPhone security has been front and center the past two weeks, with much of the focus falling on jailbroken devices. Between the ikee worm and the discovery of a tool that allows attackers to steal data from jailbroken phones, some have wondered whether jailbroken iPhones are inherently insecure. But are they? The true answer to […]

IBM is talking up virtualization security with a new product aimed at protecting enterprise virtual infrastructures. According to IBM, the product – known as IBM Virtual Server Security for VMware vSphere – is designed to help protect every layer of the virtual infrastructure, from the hypervisor to server-based virtual desktops. By integrating it with VMware […]

New research from WhiteHat Security painted a bleak picture for Website security. In its latest iteration of its Website Security Statistics report, WhiteHat found 64 percent of the 1,364 sites the company analyzed have at least one serious vulnerability. But the news isn’t all bad-according to the company, 17 percent of the sites have never […]

The notorious Koobface botnet has pushed out a new component to help snag Facebook users. According to Trend Micro, the component automates the following routines: registering a Facebook account, confirming an e-mail address in Gmail to activate the registered account, joining random Facebook groups, adding “friends” and posting messages on their walls. The point of […]

Microsoft announced the availability of the November SQL Server 2008 R2 community technology preview today. The CTP can be downloaded here. Microsoft officials said the CTP is feature-complete. The new capabilities in the latest CTP include support for Windows Server 2008 R2 – including Hyper-V with Live Migration – as well as enhanced data compression […]

Security researchers have found a new tool targeting users of jailbroken iPhones. On the heels of the discovery of a worm targeting jailbroken iPhones in Australia, security researchers at Intego now say they have detected a program known as iPhone/Privacy.A that hackers can use to swipe personal data. The program does not get installed on […]

Less than 24 hours after Microsoft’s Patch Tuesday, a security researcher revealed a zero-day bug affecting Windows 7 and Windows Server 2008 Release 2. Researcher Laurent Gaffie posted proof-of-concept code as well as information about the flaw on his blog and the Full Disclosure mailing list Nov. 11. The exploit takes advantage of the implementation […]