Lisa Vaas

After all the work Microsoft did leveraging the Security Development Lifecycle, why didn’t SDL catch the animated cursor vulnerability in Windows Vista? According to Adrian Stone at the MSRC (Microsoft Security Response Center), that is a question that he’s still getting regularly—and it’s a good one. “Honestly, that is a fair question and one I […]

Secure Computing is reporting that it has detected a new form of image spam that has taken an evolutionary leap over past image spam, using the popular photo-sharing site ImageShack to upload spam images. Spammers are sending e-mails containing a URL leading to the spam images. Once the spam is opened, the image is uploaded […]

A highly critical vulnerability that can allow attackers to hijack a user’s system has been reported in Adobe Photoshop. A Secunia advisory said the vulnerability is caused by an error in the handling of bit map files, such as .BMP, .DIB and .RLE. The handling error can be used to cause a stack-based overflow via […]

McAfee may have gotten in trouble with the Securities and Exchange Commission over securities fraud, and it may have had to cough up $50 million in fines, and it certainly has experienced rumbling and tumbling in its top ranks. Still, its raking in the bucks. The security company on April 26 reported its ninth consecutive […]

The QuickTime bug revealed at CanSecWest last week turns out to affect everything that’s Java-enabled and that has QuickTime installed, including IE 6 and IE 7 on Vista, browsers that were originally thought to be safe due to sandboxing techniques. Researchers are urging all users of QuickTime–and that means you, if you have iTunes installed–to […]

A blogger using the name “Infosecsellout” has stirred up the security community by claiming to be in possession of wireless packets sniffed from CanSecWest—the same wireless packets involved in the Pwn-2-Own contest that turned up a highly critical QuickTime vulnerability. Infosecsellout also claims to have reverse-engineered the vulnerability. If the claims are true, it would […]

Microsoft has unveiled what’s it’s calling its Malware Protection Center: a new think tank comprising security and threat experts that will provide global malware research, response and protection capabilities in order to help protect customers from new or existing threats. Microsoft General Manager Vinny Gullotto gave an overview of the center as part of his […]

It’s not quite another Y2K, but some computers’ failure to take into account the Washington-celebrated Emancipation Day 2007 may throw a monkey wrench into IRA contributions filed from those systems. SANS Director Marcus Sachs pointed out the mix up, which affects some mutual fund companies, banks and other financial institutions that provide IRAs (Individual Retirement […]

A zero-day vulnerability in Safari, the default browser for Apple’s Macintosh operating system, allowed two MacBooks to crumble before the onslaught of a CanSecWest security conference attendee’s hacking, aided as he was by a New York buddy with years of experience hacking Macs. Shane Macaulay, a developer of binary security analysis tools, is going home […]

Microsoft on Thursday night added to its Malicious Software Encyclopedia four new malicious programs attempting to exploit the unpatched Domain Name System flaw in a broad array of its software. The company also added a new port to the list of ports that should be blocked for its Firewall and IPSec workarounds. The MSRC’s Christopher […]