Lisa Vaas

A Storm worm variant using both e-mail and Web sites to infect Windows-based PCs is injecting itself into the responses people are leaving on blogs. Dmitri Alperovitch, principal research scientist at Secure Computing, told eWEEK that the worm is injecting itself into the operating system as a rootkit and is capable of intercepting Web traffic. […]

Rohm and Haas makes things stick. The glue that holds the first sheet of tissue paper to the roll, the stuff that keeps your candy bar wrapper snug on your chocolate, the chemicals in paint that keep it stuck to the wall. There are good sticky things, and then there are the stickies stuck onto […]

After a flurry of “yes it’s fixed” and “oh no it’s not” between bug researchers over the weekend, the verdict is that Firefox 2.0.0.2 did indeed fix the memory corruption flaw found by Polish hacker Michal Zalewski on Feb. 23. Zalewski posted his version of the story that took place behind the fix—a story that […]

Microsofts UAC in its Vista operating system release was meant to signify that finally, the company has gotten serious about securing Windows by limiting a users rights during day-to-day computer usage. Its come to signify something much less than security or trust in the minds of some security experts, though. Security expert Joanna Rutkowska kicked […]

Oracles up for being a whipping-boy at Black Hat 2007 Washington, Feb. 28-March 1, with two briefings dedicated to Oracle security and/or insecurity. Cesar Cerrudo, founder of information security service firm Argeniss, is expected to release at least one zero-day vulnerability and exploit code for an Oracle product during his presentation, called “Practical 10-Minute Security […]

The most critical flaw in Firefox hasn’t been addressed in the update released today. Mozilla’s out with Firefox updates and is urging that customers upgrade immediately to fix critical security holes and stability issues. Issued today were Firefox 1.5.0.10, Firefox 2.0.0.2, and Thunderbird 1.5.0.10, available for Windows, Mac and Linux at getfirefox.com and getthunderbird.com. Mike […]

And so it begins anew: Microsoft’s security problems. In what looks to be the first remotely exploitable bug in an Office 2007 application, Microsoft is now working with eEye Digital Security to dissect a high-severity flaw in Publisher 2007 that could let an attacker hijack a PC. “This would be the first publicly reported vulnerability […]

Security analysts have been predicting that kernel rootkits, which cloak their activity by replacing a portion of a programs software kernel with modified code, are expected to continue to grow in frequency in 2007. While rootkit-fighting technologies such as the PatchGuard kernel protection system built into 64-bit versions of Microsofts new Windows Vista operating system […]

Polish hacker Michal Zalewski has found yet another flaw in Mozilla’s Firefox browser, this one having to do with memory corruption and possible system takeover. While he was at it, he also found an IE flaw that sets up malicious pages that won’t let visitors leave. And that taunt the trapped user while they’re at […]

Why is it the only one there? It sure isn’t because of its track record of popping up in US-CERT for vulnerability warnings, at least as of today! My former colleague and security blogger hero, Ryan Naraine, pointed out today that Microsoft’s just-released list of Vista-compatible apps lacks the anti-virus heavyweights: CA, Symantec, eTrust, McAfee. […]