Larry Loeb

The Trusted Computing Group announced its plans on Tuesday to “enable trust and security in mobile phones and their applications.” The organization has created a set of use cases for mobile phone security and intends to have a publicly available specification based on these cases ready for dissemination in the first half of 2006. TCGs […]

Check Point Software makes firewalls. But their new “SecurePlatform NGX R60 Build 244” seems to have a problem. (The company says that it also applies to the VPN-1/FireWall-1, VPN-1 VSX, Provider-1 products running the NGX, NG AI, 4.1, NG software.) You see, the firewall contains a set of predefined service groups that are designed to […]

It is Tom Ferris turn to receive the BigDiscovery Award for this week. He was the one that found out that Firefox (and Netscape and Mozilla) have a small problem with the handling of IDN URLs that contain the 0xAD character in the domain name. This can be exploited to cause a heap-based buffer overflow. […]

When the fire alarms are not sounding and calling us to immediate reactive action, security pros need to be kicking back a bit and taking a look at how a serious security problem unfolds. Thats why we should take a look at a Massachusetts teenage who pled guilty of, among other things, hacking—to see what, […]

This has been a fairly slow week for security issues, probably because all the l33t hax0rs took off to go to the beach for one last chance to ogle underdressed girls. I can just imagine the pickup lines: “Hey n00b, Id like to escalate my privileges with you!” What this means for this here column […]

Cisco has had a summer just chock-full of security problems in many of its products. Keeping up the tradition of the “annus horribilis,” the company just this week had to reveal a problem in one of its core products that the French Security Incidence Response Team has labeled as “critical.” The problem is with Ciscos […]

Julio Cesar Fort of Recife, PE, Brazil, found an undocumented feature in QNX (that Real Time Operating System for the PC platform that is so beloved of the embedded systems folk it was even used by NASA to safeguard the shuttle Discovery on its return to space) that he wants to share it with all […]

In the aftermath of Hurricane Katrina, T-Mobile USA Inc. said it will offer its Wi-Fi services without charge to the general public of the tri-state area, including Louisiana, Mississippi and Alabama. T-Mobile said that the services will be free until the end of the week, and possibly beyond that if the situation warrants it. T-Mobile […]

The Hardened-PHP Project of Germany is at it again. They found a bug in XML-RPC for PHP and PEAR XML_RPC. The project was looking for these kinds of problems in the libraries in a security audit they conducted because of previous flaws that had been found in these same PHP libraries earlier in the year. […]

Acrobat Stumbles Adobe announced that the core application plug-in for Acrobat and Acrobat Reader had this teensy, tiny, small problem in that if a “specially crafted” PDF file is read, arbitrary code could be executed due to a buffer overflow caused by an unspecified boundary error. So, just by reading a PDF file, a Windows, […]