Lisa Vaas

Security researcher Robert Swiecki has found yet another hole in WinSafari—this time in the newly patched 3.0.1 version that Apple hurried out in response to holes Swiecki and others found in the browser beta earlier last week. This vulnerability can be exploited with a malicious Web site, where an attacker can fill in a victim’s […]

Googles continuously raked over the coals regarding the massive amounts of PII (personally identifiable information) it collects, what it does with it, how long it retains that data and what the company might do with it if its merger with DoubleClick goes ahead. Thats all been ratcheted up to fever pitch over the past few […]

Yet another security hole has been found in the newly released Apple Safari for Windows beta, not even a day before Apple released patches for a host of vulnerabilities found within hours of launching the beta. This one, posted by security researcher Robert Swiecki, lets attackers steal a cookie or fill the browser window with […]

Symantec is drawing all the disparate security technologies that protect enterprise endpoints—network access control, application control, anti-virus, anti-spyware, desktop firewall, host and network intrusion prevention, and device control—into one integrated agent managed from one console, resulting in a product it says is matched by none on the market today when it comes to functionality. The […]

A U.K. privacy group has issued a scathing report on large Internet players privacy records, going so far as to flunk Google altogether. Privacy International, a privacy NGO, spent six months working on the report (PDF), titled “Race to the Bottom? 2007.” The group says it based its rankings on data derived from public sources […]

Apple’s Safari browser for Windows beta, introduced on June 11 at the Apple Worldwide Developers Conference and touted as being “designed … to be secure from day one,” has a minimum of three DoS (denial of service) flaws, two memory corruption bugs, one command execution vulnerability and two remote code execution bugs—one of which has […]

Internet Explorer is suffering from six vulnerabilities, five privately reported and one publicly disclosed, all of which are addressed in security bulletin MS07-033. Microsoft officials said June 12 that all but one of the IE flaws could allow system hijacking if a user were to visit a malicious Web page. One of the flaws allows […]

A high-risk Yahoo Messenger vulnerability is being exploited in the wild, jacking up the criticality of applying a fix to avoid system hijacking. At issue is a buffer-overflow vulnerability in Yahoo Messengers Webcam ActiveX control. Attackers can exploit the issue to execute arbitrary code within the context of an application that uses the control—typically Internet […]

Exploit code is out for critical Yahoo Messenger flaws found by eEye Digital Security earlier this week. (eEyes original security advisory is here.) Both of the flaws, which allow for system hijacking, are boundary errors in two ActiveX controls in Yahoo Messengers Webcam Upload and Webcam Viewer. Security researchers say that they expect attacks using […]

In the upcoming Firefox 3.0 browser, the Mozilla Foundation is going beyond Firefox 2.0’s protection of users’ personal information to actually blocking Web sites that it thinks are planning to plant malware. Alex Faaborg blogged on Mozilla’s site on June 1 that the open-source project is coordinating with Google on this feature. According to the […]