Lisa Vaas

The scope of the Storm botnet, made up of zombie computers controlled remotely and used to blanket the world in spam, has been estimated to reach from 1 million to 50 million infected systems as of September. But has it really? Those numbers have reached epic and steadily growing proportions in the media, but they […]

Oracle on Oct. 16 released 51 security fixes, including 27 patches for the beating heart of so many enterprises: the Oracle database. In addition to that load of patches, Oracle administrators can also look forward to rolling out 11 patches to Oracles Application Server, seven to Oracle Collaboration Suite, eight to Oracle E-Business Suite and […]

Following the loss and possible theft of two laptops containing the personal data of 3,930 truckers who handle hazardous materials, the Transportation Security Administration has mandated that contractors must encrypt any and all data on top of any deletion policies they have in place. According to a letter the TSA sent to lawmakers on Oct. […]

The Storm Worm botnet is now using 40-byte encryption on traffic running with the Overnet peer-to-peer protocol—a weak encryption scheme but one that allows a malware author to segment the botnet into smaller networks that soon may show up as turnkey spam botnets for sale in malware forums. “It is [pretty weak encryption]. I dont […]

Independent-minded Internet users are trying to foil Chinas censors, who themselves seem to be increasing in sophistication. According to a report by an anonymous technician working for an Internet company in China, the worlds most populous country employs tens of thousands of cyber-censors and cyber-police whose mission is to purge the Internet of anything that […]

With a large majority of passengers opting for full-body imaging scans over a traditional pat-down in secondary airport screening, the Transportation Security Administration has announced it will roll out an installation of millimeter-wave imaging in Phoenix and will also test backscatter imaging in New Yorks John F. Kennedy International Airport and the Los Angeles International […]

H.D. Moore has released instructions on writing a critical exploit that leverages a bug in how Apples iPhone handles TIFF image files and, to enable the writing of exploits, has put out a new version of his Weasel debugger that can handle the peculiarities of the phones ARM processors. At this point, the exploit can […]

An exploit has been found in the wild for a Word vulnerability Microsoft patched on Oct. 9. Symantec said in a posting on Oct. 10 that it had gotten its hands on a Word for Mac document that contains shell code and three pieces of malware. The file kept crashing Symantecs Word programs—with the exception […]

A mere two days after Patch Tuesday brought a host of remote-code execution vulnerabilities to light, Microsoft issued a security advisory warning of yet another problem: a URL-handling vulnerability that could lead to systems getting hijacked if running Internet Explorer 7 on Windows XP or Windows 2003. Mark Miller, director of security response communication, said […]

Security people deal with the scenario all the time: An organizations internal IT people find a vulnerability, or a third-party security assessment firm finds a vulnerability, but theres no leverage to get upper management to approve a fix. The lack of legal obligation to fix known vulnerabilities is enough to get your blood boiling, particularly […]