Ryan Naraine

UPDATE: Microsoft’s official RSS blog was temporarily defaced today with a semi-edited image of Goatse, a well-known Internet shock meme.

The OnSecurity podcast this week is an interview I did with hackmeister Dave Aitel of @stake/Immunity/DailyDave fame. We talk about Halvar Flake’s claim that Windows Vista is the death knell for client-side vulnerabilities; new penetration testing tools and techniques; his unique take on the vulnerability disclosure debate; and Silica, a handheld PDA that doubles as […]

Links du jour: An assortment of security stories floating around blogland that you should be reading…

Identity thieves are manipulating a feature in Apple Computers embedded QuickTime player to launch phishing attacks on the popular MySpace.com social networking portal. According to a warning by San Diego-based Websense Security Labs, a fast-spreading worm is exploiting the JavaScript support in QuickTime and targeting a MySpace vulnerability to lure users to phishing sites. The […]

UPDATED: EveryDNS, a company that offers free domain name management services, has been hit by a massive DDoS (distributed denial-of-service attack) that affected thousands of sites, including OpenDNS (a sibling startup that runs the PhishTank anti-phishing initiative).

Outgoing Gartner analyst Amrit Williams is leaving with a bang, boldly declaring that stand-alone, signature-based anti-virus is dead.

The security model of that BlackBerry on your hip isn’t holding up very well to third-party scrutiny. According to a white paper by John O’Connor, a researcher on Symantec’s security response team, hackers can pay $100 for an API developer key that can open doors to the theft of data from Research in Motion’s BlackBerry […]

A critical security vulnerability in an ActiveX control used by Internet Explorer could allow malicious hackers to use Adobes Reader and Acrobat software to launch PC hijack attacks, according to a warning from Adobe Systems. The San Jose, Calif., company released an advisory with pre-patch workarounds and warned that multiple unpatched flaws could cause software […]

The latest installment of the eWEEK OnSecurity podcast is a sharp discussion between my colleague Matt Hines and Symantec’s anti-spam guru Doug Bowers about the rising tide of unwanted e-mail and the range of Internet and computer security threats. Download audio.

UPDATED: Cesar Cerrudo has suddenly cancelled plans to release daily zero-day flaws in Oracle databases during the first week in December. Just days before the project was due to start, Cerrudo announced that “due to many problems,” the WoODB (Week of Oracle Database Bugs) is being scrapped.