Ryan Naraine

In the security year that was 2006, zero-day attacks and exploits dominated the headlines. However, the year will be best remembered for the work of members of the hacking—er, security research—community who discovered and disclosed serious vulnerabilities in the technologies we take for granted, forced software vendors to react faster to flaw warnings and pushed […]

An easy-to-exploit security vulnerability in Apple Computers QuickTime media player could put millions of Macintosh and Windows users at risk of code execution attacks. The QuickTime flaw kicked off the Month of Apple Bugs project, which promises to expose unpatched Mac OS X and Apple application vulnerabilities on a daily basis throughout the month of […]

Who will find the first major security flaw in Windows Vista? Will it be released as zero-day? Is there an end in sight to the botnet menace? Is spam close to being canned? Just who are these criminals phishing for your credit card data? Those are just a handful of the hot-button topics that will […]

TGIF Links du jour: Inside the Vista proof-of-concept; Month of Apple Bugs reaction; Google makes money from phishing attacks; Is Intel indirectly sponsoring an anti-OLPC Web site?

Proof-of-concept exploit code for a privilege escalation vulnerability affecting all versions of Windows—including Vista—has been posted on a Russian hacker forum, forcing Microsoft to activate its emergency response process. Mike Reavey, operations manager of the Microsoft Security Response Center, confirmed that the company is “closely monitoring” the public posting, which first appeared on a Russian […]

Mozilla has shipped a “highly critical” Firefox update to correct multiple security bugs that could cause cross-site scripting, information disclosure, denial-of-service and system access attacks.

The hacker behind the MoKB (Month of Kernel Bugs) plans to take a big bite out of Apple Computer’s insecurities.

MOSCOW—Clickety, clack. Clickety, clack. The rhythmic sounds of fingers tapping away at keyboards are coming from Eugene Kasperskys “woodpeckers,” who make up a virus-hunting crew responsible for tracking computer threats in real time and who work around the clock to write and ship virus definition updates to millions of computer users. This is Kaspersky Labs […]

Microsoft’s security response team is trying to verify the accuracy of reports that underground hackers are selling zero-day exploits for Windows Vista.

After five-and-a-half years of maintaining IP addresses of verified open SMTP relays, ORDB.org is calling it quits, citing irrelevance as the main reason.