Lisa Vaas

It was bad enough that federal officials essentially deleted the ca.gov domain in the process of shutting down a hackers redirect to porn pages on Oct. 2. Whats worse: There are still fully hacked ca.gov sites up and serving redirects to drug purveyors. California state officials were caught off-guard on Tuesday when the federal GSA […]

Microsoft will be putting out seven security advisories on Patch Tuesday, Oct. 9, with four critical bulletins out for Windows, Outlook Express, Windows Mail, Internet Explorer and Word. Three bulletins are also on tap that target “important” flaws in Windows, SharePoint Services and Office SharePoint Server, according to a bulletin sent out on Symantecs DeepSite […]

The Department of Homeland Security self-inflicted what one observer called a mini distributed denial of service, with a reported mass of more than 2.2 million messages stuffing the inboxes of the nations security experts. All this is simply due to the fact that the agency allowed a newsletters recipients to reply to all subscribers. Marcus […]

The iPhone has been turned into a “pocket-sized … network-enabled root shell,” said H.D. Moore, thanks to the well-known security researcher having published shell code for the smart phone and instructions on how to use it as a portable hacking platform. Because of his work, Moores highly popular Metasploit Framework penetration-testing tool can now be […]

Jason Harbert was a terrible spammer. The research scientist for Cloudmark recently spent weeks monitoring the phishing communitys chat rooms and forums, learned the lingo, earned some trust, and even received kits from the fraudsters who set up scam pages that steal victims personal data. Then he went and hurt the criminals feelings after not […]

Citgroup has confirmed that its investigating a data breach involving the names, Social Security numbers and credit information of 5,208 customers leaked by an employee of its ABN Amro Mortgage Group unit onto the LimeWire peer-to-peer file-sharing network. Tiversa, a company that monitors P2P networks on behalf of clients, told eWEEK that it found Excel […]

A zero-day PDF vulnerability in Adobes Acrobat Reader has come to light that can lead to Windows boxes getting taken over completely and invisibly, according to a security researcher. “All it takes is to open a [maliciously rigged] PDF document or stumble across a page which embeds one,” said researcher Petko D. Petkov, aka pdp, […]

A researcher has published details of how he and a colleague broke into a MacBook via a flaw in its wireless drivers at Black Hat last year. Errata Security Chief Technology Officer David Maynor published the details in an article in the September issue of Uninformed, an online security research magazine. The situation got weird […]

After Finjan came out with a report saying that widgets and gadgets are all plagued with lousy security and stand ready to unleash the next wave of malware onto users’ systems, at least one security watcher blamed the lack of sandboxing. ““The secure design model for this type of application should be sandboxed by zone. […]

Running Firefox or Opera as a default browser wont save you from unpatched Internet Explorer vulnerabilities—a fact made explicit when a researcher showed how easy it is to put HTML inside files supported by Windows Media Player. Researcher Petko D. Petkov said in a Sept. 18 blog posting that hes found that a fully patched […]