Lisa Vaas

Security researcher Thor Larholm has discovered a zero-day vulnerability that could lead to remote attackers hijacking systems running both Internet Explorer and Firefox. Larholm is calling this an IE zero day, blaming the vulnerability on an input validation flaw in Internet Explorer that allows users to specify arbitrary arguments to the process responsible for handling […]

Microsoft is issuing six patches on Patch Tuesday on July 10, one of which addresses a critical .Net Framework vulnerability that has the potential to affect a wide array of applications on all of Microsofts actively supported platforms. Microsofts .Net Framework, a component thats included with the companys operating systems or which can be added […]

Google is all about information. Its become the No. 1 tool people use to find information on the Internet. More troubling to privacy experts, though, is the amount of information Google has accumulated about us. The Mountain View, Calif., company is continually raked over the coals regarding the massive amounts of PII (personally identifiable information) […]

Lately Dave Aitels been thinking: whats the difference between organized online crime groups and commercial companies that do penetration testing? “A company has a rather large budget, dedicated infrastructure and an experienced and skilled staff. So why do so many of them fight like flabby novices? The fact is, giving someone a lot of money […]

During the 2004 presidential campaign, Jeremy Poteet watched as the candidates site he had worked to secure went up. Just 16 minutes later, the site was attacked. But this high-profile site deftly deflected these attacks and the others that followed because Poteet had anticipated—and then protected against—the kinds of exploits he knew would be coming. […]

Security appliance makers are shrugging off CSRF (cross-site request forgery) vulnerabilities in their products—products that sit at the crossroads of enterprise protection. The vulnerable appliances, unified threat management products, “certainly are an important part of an enterprises security,” said Billy Hoffman, lead researcher for SPI Dynamics SPI Labs, in Atlanta. “Im kind of surprised [that […]

Even as the iPhone drew its first breath, security researchers were squeezing it to make it cough up its first bugs. In a nutshell, the security quibbles, theoretical or otherwise, are that at least one Safari browser bug that was known prior to device launch is still on the phone, and that anyone can listen […]

With the CIAs June 26 release of documents detailing 25 years of illegal exploits, data privacy advocates now have a book-length record of misdeeds—including examples of data abuse such as wiretapping—to back up their arguments that personal data is better off when kept out of the hands of an unsupervised government or law enforcement agency. […]

Joanna Rutkowska, the security researcher who one year ago built a working prototype, code-named Blue Pill, of a rootkit capable of creating malware that remains “100 percent undetectable,” has tacitly conceded to a group of security researchers that the detector code they cooked up in the past month will in fact ferret out Blue Pill—at […]

Money is the motivation for scam-spam. The motivation for clicking on it is far less straightforward, and none of us is immune. “Its not like certain people are going to be nailed by spam all the time. Or that there are certain motivations that will just [always] trigger people [who respond] to spam scams. Its […]