Lisa Vaas

Even as Microsoft prepared to release critical updates for flaws in multimedia frameworks and APIs, proof-of-concept exploit code came out over the weekend that shows how an attacker can target the Winamp multiformat media player, a media player from Nullsoft that runs on Windows and is second only to Windows Media Player in worldwide popularity. […]

Security researchers have spotted Trojans that are using RSS feeds to communicate instead of their traditional method of “phoning home” to get marching orders from command-and-control centers that security researchers have learned to track down and blacklist. Yuval Ben-Itzhak, chief technology officer for Finjan, told eWEEK that the security firm recently detected three separate Trojans […]

Microsoft will put out seven security bulletins on Patch Tuesday, with three critical updates that could lead to systems getting hijacked via Windows, Internet Explorer, and/or Microsoft’s multimedia frameworks and APIs. Vista is vulnerable to all three of the critical flaws, although Microsoft noted in a table of affected software included in its monthly advance […]

Oak Ridge National Laboratory has been bombarded by a coordinated phishing attack aimed at multiple national labs and may have unwittingly handed over to attackers the personal information of anybody who visited the lab over a 14-year span, including Social Security numbers. On Dec. 3, Laboratory Director Thom Mason sent a letter to staff telling […]

Canada’s government was in an uproar after a citizen found that when applying online for a passport he could easily access other people’s passport applications. Jamie Laning, an IT worker at a Algonquin Automotive in Huntsville, Ontario, told eWEEK that on Nov. 29 he was applying online for a passport to travel to the United […]

Thieves stole a laptop from the home of a Forrester Research employee during the week of Nov. 26, potentially exposing the names, addresses and Social Security numbers of an undisclosed number of current and former employees and directors, the company said in a letter mailed to those affected on Dec. 3. Forrester “Chief People Officer” […]

The unsavory types have done exactly as security researchers warned they would, releasing into the wild exploit code for a vulnerability in how Apple’s QuickTime Player 7.3 handles RTSP (Real Time Streaming Protocol) responses from a video/audio streaming server. Symantec on Dec. 1 spotted an attack that uses iFrame code to force a browser to […]

Riddle: What do the city of Plainville, Kan., and the Transportation Authority of Marin County, Calif., have in common?Answer: a Web hosting provider that can’t seem to keep its DNS servers clean. Both .gov domains in the past few months have seen their sites seeded with redirects to malicious servers in other countries that have […]

The Marin County Transportation Authority sites that appeared to be serving up pornography and malware yet again Nov. 29-30 were in fact a sloppy residue from the same Web site hosting company that the California government agency thought it heard the last of once it ceased using the provider in September. The hosting company in […]

Microsoft has issued a report on Internet Explorer in which it pats itself on the back for having fewer vulnerabilities in its browser than are in the No. 1 competitor, Mozillas Firefox—a stance that the Mozilla Foundation finds, to put it diplomatically, puzzling. “Just because dentists fix more teeth in America doesnt mean our teeth […]