Ryan Naraine

Microsofts use of code-scrambling diversity to secure Windows Vista is getting crucial support from major OEM partners. The Redmond, Wash., software maker has persuaded major U.S. computer makers—including Dell, Gateway and Hewlett-Packard—to make default changes at the BIOS level to allow a new Vista security feature called ASLR (Address Space Layout Randomization) to work properly. […]

Links du jour: A sampling of useful security stories that may have slipped through the cracks …

Underground hackers are hawking zero-day exploits for Microsofts new Windows Vista operating system at $50,000 a pop, according to computer security researchers at Trend Micro. The Windows Vista exploit—which has not been independently verified—was just one of many zero-days available for sale at an auction-style marketplace infiltrated by the Tokyo-based anti-virus vendor. In an interview […]

German researcher Stefan Esser has quit the PHP Security Response Team in disgust, accusing the open-source group of hiding the slow response time to fixing vulnerabilities and, even worse, refusing to fix known flaws for months.

Exploit code for a third, unpatched vulnerability in Microsoft Word has been posted on the Internet, adding to the software makers struggles to keep up with gaping holes in its popular word processing program. The attack code, available at Milw0rm.com, contains sample Word documents that have been rigged to launch code execution exploits when the […]

A “sophisticated computer hacker” has broken into a restricted UCLA campus database containing personal information about current and some former students, faculty, and staff, the university confirmed in an e-mail to those affected.

Microsofts use of code-scrambling diversity to secure Windows Vista is getting crucial support from OEM partners. The Redmond, Wash. software giant has convinced major U.S. computer makers—including Dell, Gateway and Hewlett-Packard—to make default changes at the BIOS level to allow a new Vista security feature called ASLR (Address Space Layout Randomization) to work properly. ASLR, […]

Microsofts security response center has confirmed that a second zero-day vulnerability in its Word software program is being targeted by unknown attackers. The latest flaw comes just days after the software maker issued a security advisory to warn customers against opening Word documents from untrusted sources. The two vulnerabilities are entirely unrelated. The flaws were […]

UPDATE: More than 48 hours after the confirmation of active exploits of a zero-day vulnerability in Microsoft Word, anti-virus protection remains largely nonexistent — even through Microsoft’s own Windows Live OneCare security product.

Microsoft on Dec. 5 warned that an unpatched vulnerability in its Word software program is being used in targeted, zero-day attacks. A security advisory from the Redmond, Wash., company said the flaw can be exploited if a user simply opens a rigged Word document. Affected software versions include Microsoft Word 2000, Microsoft Word 2002, Microsoft […]