Ryan Naraine

Geeks.com, a Web site that displays ScanAlert’s Hacker Safe logo, has been hacked and sensitive customer information may have been stolen. According to a letter from Genica, the company that runs Geeks.com, the problem was discovered on Dec. 5, 2007 and affected customers’ Visa credit card information. The letter, republished at The Consumerist, reads in […]

Looking to push the research envelope around malicious worm propagation, Web application security specialist Robert Hansen (left) is running a contest encouraging hackers to create cross-site scripting (XSS) worms. Hansen, who uses the hacker moniker RSnake, is looking to find the smallest amount of code necessary for XSS worm propagation: “I’m not interested in payloads […]

Boeing’s new 787-8 Dreamliner airplane contains several “novel or unusual design features” that are exposed to in-flight hacking attacks, according to a caution from the Federal Aviation Authority. The warning, contained in a document posted to Cryptome.org, centers around the proposed architecture of the 787, which allows “new kinds of passenger connectivity to previously isolated […]

The open-source PHP Group has updated the popular PHP 4 scripting language for the last time. With PHP 4.4.8, the group provides patches for multiple security flaws that could allow attackers to bypass certain restrictions and announced that this “wraps up all the outstanding patches for the PHP 4.4 series.” “[This is] the last normal […]

Spyware has landed on Facebook. According to researchers at Fortinet, a malicious Facebook Widget actively spreading on the popular social networking site is serving as a lure to trick users into installing the notorious Zango adware/spyware program. According to a detailed advisory from Fortinet (complete with screenshots), the so-called “Secret Crush” widget powers a software […]

Israeli security researcher Aviv Raff has issued a warning for a fairly serious browser vulnerability that exposes Firefox users to identity theft attacks. Raff, a well-respected hacker who regularly reports security problems in software products, discovered a way to use a browser bug to lure Firefox users into entering login credentials into a maliciously rigged […]

Microsofts first Patch Tuesday for 2008 will be unusually quiet. The Redmond, Wash. software maker plans to ship just two security bulletins on Jan. 8 to patch code execution vulnerabilities in the Windows operating system. One of the two bulletins will be rated “critical,” Microsofts highest severity rating. The second is rated “important.” According to […]

If you use RealNetworks’ RealPlayer software, you might want to pay close attention to this demo from the folks at Gleg Ltd., a Russian vulnerability research and exploit creation outfit. According to Gleg founder Evgeny Legerov, there is a zero-day vulnerability that allows code execution in RealPlayer 11, the most up-to-date version of the cross-platform […]

America Online’s decision to put Netscape to sleep has triggered sadness and nostalgia. I have a one-word reaction: Yay! Everyone loves an underdog and for many years, most of us rooted for Netscape during the first browser war but, truth be told, the current Netscape had become a security liability—a browser with a fundamental design […]

If you turn to Google to find information on the assassination of former Pakistan Prime Minister Benazir Bhutto, chances are you will land on a Web site rigged with malicious exploits. Within hours of Bhutto’s death, researchers at Websense Security Labs discovered several Web sites capitalizing on the breaking news surrounding Bhutto’s death, including one […]