Ken Dunham, you could say, spends his life peeking at the bowels of the Internet. As director of the Rapid Response Team at VeriSign-owned iDefense, of Dulles, Va., Dunham and his team of malware hunters infiltrate black hat hacker forums, chat rooms and newsgroups, posing as online criminals to gather intelligence on the dramatic rise […]
Digital media delivery firm RealNetworks Inc. late Thursday shipped a major security update for its RealPlayer software to patch a pair of remote code execution vulnerabilities. The security holes, which were reported to RealNetworks more than four months ago, could be exploited by malicious hackers to take complete control over a vulnerable machine. According to […]
Yahoo has silently pushed out a patch for a critical vulnerability affecting users of its Yahoo Assistant browser add-on. According to an alert from “Sowhat,” a researcher at Nevis Labs, the vulnerability “allows attackers to execute arbitrary code on vulnerable installations.” Yahoo Assistant is marketed to Chinese users as a security product featuring tools to […]
Some of the biggest names in the IT software business still are very lax when it comes to fixing security holes reported by third-party brokers. According to a list maintained by TippingPoint’s Zero Day Initiative, Microsoft, Novell, Oracle, Computer Associates and Hewlett-Packard are among the vendors most tardy about shipping fixes for known flaws that […]
Researchers at TippingPoint Technologies’ Digital Vaccine Laboratories have found a way to infiltrate and seize control of one of the world’s largest spam-spewing botnets, a breakthrough that has ignited an intense debate over the ethics of “cleaning” infected computers. Cody Pierce and Pedram Amini, two high-profile software security researchers, cracked into the Trojan powering Kraken-a […]
Hewlett-Packard’s ongoing struggle to keep its software updater free of serious ActiveX control vulnerabilities is showing no signs of letting up. According to a “highly critical” alert issued by Secunia, the HP Software Update package pre-installed on notebooks contains multiple security holes that can be exploited to disclose certain information or compromise a vulnerable system. […]
The latest refresh of Opera’s flagship Web browser comes with several crucial security features. With Opera 9.5 Beta 2 (code-named Kestrel), the Norwegian company has added fraud-protection capabilities and support for EV SSL (Extended Validation Secure Sockets Layer) Certificates to help protect users from identity-theft attacks. Opera has improved the back end for Fraud Protection, […]
Software engineers at Microsoft will get a front-row seat to hear about an unpatched Windows security hole that was once pooh-poohed as a “design issue” that shouldn’t be seen as a security vulnerability. At the Spring edition of Redmond’s Blue Hat hacker conference, the software giant has invited Argeniss researcher Cesar Cerrudo to present his […]
Network security vendor Secure Computing has announced a major leadership shake-up that sees CEO John McNulty (left) leaving the company. No reasons were provided for McNulty’s sudden departure. Daniel Ryan, who currently serves as the company’s president and chief operating officer, will move into the CEO office in the interim. “The board of directors has […]
LendingTree, an IAC subsidiary that connects online borrowers with mortgage, credit card and auto loans, has suffered a major insider breach that exposed sensitive user files to lenders. The company sent out e-mails to customers affected by the breach, warning that “several former employees may have taken Company passwords and given them to a handful […]