Ryan Naraine

If you subscribe to the main security mailing lists like Full Disclosure or Funsec, chances are you’re familiar with the name Dude VanWinkle. According to confirmed reports, the man behind that moniker (Justin Marcus Polazzo), passed away suddenly at his home on February 4, 2008. He was 31. At the time of his death, Polazzo […]

Out of the box, the highly touted Asus Eee PC ships with a known code-execution vulnerability that allows a hacker to remotely gain root over a network. According to a warning from RISE Security, the Linux-powered machine uses an old–and vulnerable–version of the Samba daemon for Windows file and print sharing. Using the Metasploit point-and-click […]

Published reports of an information leakage vulnerability affecting fully patched versions of the open-source Firefox browser have been greatly exaggerated, according to Mozilla chief evangelist Mike Shaver.Shaver’s sharp retort follows the release of an advisory by hacker Ronald van den Heetkamp claiming that the most recent Firefox 2.0.0.12 is susceptible to a bug that allows […]

The Mac OS X security train pulled into the patching station Feb. 11 with fixes for a total of 10 vulnerabilities, including one that was first disclosed more than a year ago during the Month of Apple Bugs project.The megapatch-available for both Tiger and Leopard users-covers holes that put Mac users at risk of code […]

Mozilla’s fast-growing Firefox browser has undergone a major security makeover to fix at least a dozen security flaws that put users at risk of identity theft, cross-site scripting and remote code execution attacks. The update, released late Feb. 7, provides cover for four vulnerabilities rated “critical” and three that carry a “high risk” severity warning.The […]

After a relatively light Patch Tuesday load in January, Windows administrators are bracing for a barrage of security updates from Microsoft.According to the software maker’s advance notice mechanism, there are 12 bulletins slated for release Feb. 12. Seven of the 12 will be rated “critical,” Microsoft’s highest severity rating.Four of the seven critical bulletins will […]

Here’s a quick update on the Adobe Reader silent fix I wrote about earlier today. Adobe spokesperson John Cristofano sent me a statement confirming the severity of the vulnerability fixed with Adobe Reader 8.1.2 and promising that a detailed bulletin is on tap for release later. Here’s the full statement. “On Feb. 6, Adobe made […]

Two days ago, Apple released iPhoto 7.1.2 to patch a format string vulnerability that was found and reported by Ernst & Young researcher Nate McFeters. The language in the advisory from Apple sounds pretty scary: “A format string vulnerability exists in iPhoto. By enticing a user to subscribe to a maliciously crafted photocast, a remote […]

Apple has issued a patch for a high-profile vulnerability in its flagship QuickTime media player, acknowledging that the bug could lead to drive-by malware installations on Windows and Mac machines.With QuickTime 7.4.1, the company provides cover for a heap buffer overflow in QuickTime’s handling of HTTP responses when RTSP (Real Time Streaming Protocol) tunneling is […]

Adobe has released a software fix for what’s described simply as “security vulnerabilities” in its ubiquitous Adobe Reader program, but has not issued public documentation on the risk severity. The absence of a bulletin with details and severity ratings has raised eyebrows in the security research community.The patch, included in Adobe Reader 8.1.2, plugs at […]