Larry Seltzer

You read a lot about “limited, targeted attacks” in news about vulnerabilities. It means that attacks using the vulnerability have been observed in the wild very, very few times, like you could count them on one hand. These are usually very high-quality attacks, not the usual garbage you pick right up on. How good are […]

Adobe has announced in its Product Security Incident Response Team blog that it has confirmed reports of a new vulnerability in all currently supported versions of Reader on all supported platforms. It states that the vulnerability also affects Acrobat and that it will now develop fixes for all affected products. The vulnerability was reported on […]

Microsoft announced on Tuesday the release to manufacturing of Service Pack 2 for Windows Vista and Windows Server 2008. This is a unified service pack with a single installer for both platforms, simplifying deployment. General availability of this service pack is expected in Q2 of 2009. The notable changes in this release, described in more […]

Panda Security has released a beta of its Panda Cloud Antivirus. It’s a free download at www.cloudantivirus.com and there will be a free version of it even after it ships. The idea of a “cloud” product here is not really a gimmick, even if “cloud” is the buzzword of 2009. There are good reasons to […]

Microsoft April 28 released a series of service packs for Office 2007, the Office Server Products and Windows SharePoint Services 3.0. Office 2007 Service Pack 2 itself covers the client suite. The service packs, of course, consolidate the many security and lesser updates since the last service pack, but many feature upgrades and performance improvements […]

For business users who skipped Windows Vista, Windows 7’s newly announced Windows XP Mode (XPM) must be intriguing. Yes, you will have to cough up some serious money for new hardware and software, but the really scary and disruptive stuff-whether your old software will work-is far less of an issue than it used to be. […]

Adobe said it is investigating reports of a new vulnerability in its PDF Reader program. The Adobe report refers to a single vulnerability report on SecurityFocus, but in fact there are two similar reports there, both credited to “Arr1val.” Both include proof-of -concept Javascript code. Both vulnerabilities are reported as affecting Adobe Acrobat Reader 8.1.4 […]

Google has fixed a bug in its Chrome browser which could allow cross-site scripting and other dangerous policy violations under interesting circumstances: when Chrome is called from Internet Explorer because a link is executed in IE with the “chromehtml” protocol handler. Update Chrome to get to the new version 1.0.154.59, which they say fixes the […]

The early life of the Internet has, perhaps, suffered from an excess of libertarian impulse, even from those who don’t think of themselves as libertarians. Fear that the government would impede freedom of individuals on the Internet has led to opposition to just about any opening for law enforcement on it. Now the pendulum has […]

In response to a Freedom of Information Act request, the FBI has released some details and history of a spyware program it has used over the years to gather details on suspects’ computers, according to a recent article in Wired. Information on the CIPAV, or “Computer and Internet Protocol Address Verifier,” first came out in […]