Lisa Vaas

Bowing to privacy concerns, Google has changed its policy on cookie expiration. The companys previous stance was that all cookies would expire in 2038. Now, cookies on the PCs of inactive users will be tossed after two years. According to Peter Fleischer, global privacy counsel for Google, based in Mountain View, Calif., cookie privacy is […]

A security firm is warning iPhone users not to use the Safari browser to dial telephone numbers because of a bug that could allow attackers to stick victims with a phone bill full of pricey 900-number calls. The bug likely isnt unique to Apples iPhone, but the most popular device of the moment is the […]

iPhone hackers are on the cusp of not only being able to write programs for the phone but also finding a way to cut the devices tether to Cingulars service plans. According to one of the group of hackers who are working collaboratively via wiki and #iphone IRC channel, one of the last major hurdles […]

Microsoft has updated its critical security advisory on Excel, put out on its July 10 Patch Tuesday, to include Office 2004 for Mac. Microsoft’s MS07-036 advisory covers three critical Excel bugs, all remotely exploitable. This isn’t a patch to ignore, security analysts say, given that vulnerable systems can be taken with a Trojan. “Vulnerabilities in […]

The Bush administration is itching to update a snooping law to encompass new technologies, even as a DOJ report shows the FBI is using data mining on a dizzying array of U.S. citizens non-terrorist activities: Think auto insurance fraud and Medicare claims abuse. “Today, cellular phones are the size of credit cards, you would be […]

Tainted QuickTime movies can get a system hijacked or lead to sensitive information being stolen due to eight security vulnerabilities in Apples movie-viewing software. According to Apple, the first problem is caused by a memory corruption error when processing a malformed H.264 movie. H.264—also known as MPEG-4 Part 10 or AVC (Advanced Video Coding—is a […]

Microsoft is spending another $50 million to pump up sales, marketing, training and other support for its Forefront line of security products, the company announced July 11 at its Worldwide Partner Conference in Denver. Its also expanding eligibility so that more partners can take advantage of the up to 30 percent additional fees that they […]

Theres still no consensus regarding whether the zero-day vulnerability that security researcher Thor Larholm found is on Internet Explorer or on Firefox. But more to the point, there is a way to block the exploit, which otherwise could lead to remote system hijacking. According to Microsoft Security Program Manager Jesper Johansson, blocking the exploit boils […]

Microsoft has issued patches for seven critical flaws in Excel, Windows Active Directory and the .Net Framework. Those seven vulnerabilities cover the worst-hit applications. The July 10 Patch Tuesday saw a total of 11 vulnerabilities fixed in six security bulletins. Analysts were warning about the critical .Net flaw ahead of the bulletin release, given the […]

Claiming that security researchers are dissatisfied with current remuneration—white-hat chump change or the potential of black-hat broken kneecaps—a Swiss company has launched the first non-black-market auction site for zero-day vulnerabilities. The eBay-like bug market, called Wabisabilabi, launched July 3. Security researchers and vulnerability brokers like the concept of selling vulnerabilities for fair market price just […]