Ryan Naraine

Security researchers have found a serious security vulnerability that could result in PC hijack attacks against users of the wildly popular Skype voice chat tool. The issue, described by Aviv Raff as a cross-zone scripting vulnerability, could allow hackers to use rigged video files to launch full code execution (PC takeover) attacks. Earlier today, Raff […]

Blogging software provider Six Apart has released a mandatory security update for its flagship Movable Type product, warning that unpatched installations are vulnerable to data leakage. According to an alert from the company, there are certain circumstances in which a vulnerable MT blog template may be rendered dynamically via CGI in an otherwise static publishing […]

If you haven’t applied Microsoft’s MS08-001 patch yet, now might be a good time to hit that ‘Download and Apply’ button. According to computer security experts, the TCP/IP/IGMPv3 vulnerability fixed with this patch is theoretically ripe for an exploit that could turn into a nasty, Blaster-type worm attack. Dave Aitel’s Immunity, a penetration testing/exploit creation […]

Switching and routing giant Cisco has shipped a high-priority update to fix a critical flaw affecting its CallManager software product. The bug, discovered and reported by researchers at TippingPoint’s DVLabs, could allow remote attackers to execute arbitrary code on vulnerable installations of Cisco CallManager. Authentication is not required to exploit this vulnerability, TippingPoint warned in […]

As I wrote in this piece over at eWEEK.com, rigged Microsoft Excel files are being used to exploit a zero-day (previously unknown/unpatched) vulnerability and plant keystroke loggers on select (.gov?) networks. As Rob Lemos points out, bugs in Microsoft Office applications emerged over the last year as standard weapons for criminals conducting corporate espionage and […]

A new, undocumented vulnerability in Microsoft’s Excel spreadsheet program is being used to launch computer attacks against specific targets, according to a warning from the software maker.The vulnerability, rated “extremely critical” by Secunia, is being exploited to load a keylogger Trojan on select targets, according to an anti-virus analyst tracking the latest attack.The attackers are […]

Here’s something that may be buried in the crazy Macworld news cycle: Apple has shipped two high-priority (critical) security patches for the QuickTime, iPhone and iPod Touch products. The QuickTime update covers at least four serious vulnerabilities that put Windows and Mac machines at risk of code execution holes but, inexplicably, there are no fixes […]

A private company has placed a $20,000 bounty on exploitable vulnerabilities in Microsoft’s Windows operating system, a move that significantly raises the value of software flaw research. Billed as a Hacker Challenge, the $20,000 “special prize” is being offered by Digital Armaments, one of several companies that pay hackers who agree to give them exclusive […]

We’ve seen these kinds of fake security applications floating around Windows-land, using clever social engineering lures to trick computer users into buying malware to clean malware that never existed in the first place. Now, the “scareware” authors have set eyes on Mac OS X users, confirming fears that Apple’s platform has reached the market-share tipping […]

Tomorrow, Tuesday January 15th, I’ll be joining a bunch of security folks for the monthly NYSEC meet-up in New York City. This is an informal gathering where we meet in a bar downtown (Pound and Pence) for networking and chit-chat about vulnerability research, hacking techniques and other random IT security issues. I encourage all security […]