Larry Seltzer

Several high-profile distributors of the BSD version of the Telnet protocol have rolled out patches for a critical bug that could cause system-hijack attacks. The bug, which was reported by iDefense Inc., is a remotely exploitable buffer overflow that could allow the execution of arbitrary code with user privileges. A successful attacker would have to […]

The record for feedback in my security blog easily belongs to the entry on the brief problem I had with activation of Norton Antivirus 2005. I knew beforehand that other people had complaints about activation, but this thread has taken on a life of its own. It appears to have acquired significant Google karma. Google […]

Its been widely recognized for some time that defining software in the “spyware” and “adware” categories is tricky business, and that these types of programs are not the unambiguous threats that viruses are. For years the big security vendors dealt with the problem by ignoring it, or perhaps by making half-hearted attempts to combat it. […]

If youre exchanging sensitive data online and youre not worried about identity theft, you should be. Several new attacks are released every day to steal your data or co-opt your account. There are no shortage of products to protect you, even if the most important ingredient in personal security has, frighteningly, always been education. But […]

Even technically sophisticated users lose perspective on security at times. We all want breaches of security to be someone elses fault and we dont want to have to deal with the inconveniences of running a secure system. But there are certain security rules that apply to all computing platforms. These rules are expressed well in […]

In the middle of 2004 we saw the first real cell phone virus, named Cabir. It was newsworthy because it was the first, and since then there have been more. I dont think of myself as an expert on them, but I dont feel very threatened by them. In mid-March Cabir (pronounced “kay-burr”) made its […]

The first thing I need to do here is to correct some misstatements from a recent column titled, Should VeriSign Be the Name Police? For that piece, I spoke with VeriSign about a column by Spyware researcher Ben Edelman that enumerates examples of VeriSign certificate abuse. I was told by VeriSign that they had contacted […]

Ive been concerned with the problem of domain theft for some time now, and the more I look into it the more I get concerned. Everyone who owns a domain needs to be concerned. Domain theft is not like the threats that tend to get the headlines in spite of being largely theoretical and patchable. […]

A bug in ARJ file parsing in Trend Micro virus-scanning products could lead to a heap-based buffer overflow and potentially to the execution of attack code in the context of the scanner. Trend Micro has issued upgrades to version 7.510 of its virus scanning engine (VSAPI). ARJ is a format for compressed archive files, similar […]

Im glad that Im still shocked when I find something innovative in its dishonesty, even though it seems to happen every other week in the computer security business. Anti-spyware advocate and researcher Ben Edelman publicized one of these recently in the form of a company that distributed adware signed with a Thawte digital certificate using […]