Ryan Naraine

Computer security analysts are raising the alarm for a critical vulnerability in the Broadcom wireless driver embedded in PCs from HP, Dell, Gateway and eMachines. The vulnerability, which exposed as part of the MoKB (Month of Kernel Bugs) project, is a stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver that could be exploited […]

The MoKB (Month of Kernel Bugs) project that launched Nov. 1 with an Apple Mac OS X Wi-Fi exploit continues to hum along, exposing serious kernel-level vulnerabilities in FreeBSD, Linux, Solaris and, of course, Windows.

Its a bumper patch day in Mozilla land. The open-source foundation released a batch of highly critical updates for the Firefox, Thunderbird and SeaMonkey brands and warned that unpatched users face the risk of PC takeover attacks. The Firefox update applies to Firefox 1.5x and does not affect the newer Firefox 2.0 version. Mozilla says […]

On the heels of its July 2006 acquisition of Mark Russinovichs Winternals Software, Microsoft has replaced the popular Regmon and Filemon utilities with a single tool offering advanced capabilities for real-time monitoring of registry and process thread activity. The release of the new utility, called Process Monitor coincides with the relaunch of the Sysinternals portal […]

Just days after announcing a $3 million settlement with the Federal Trade Commission, adware firm Zango is again facing scrutiny for shady installation practices. The Bellevue, Wash., company, born out of a merger between Hotbar and the heavily criticized 180 Solutions, is being linked to fake adult-themed YouTube videos floating around the MySpace social network. […]

Microsoft has released a security advisory with workarounds for a critical zero-day vulnerability affecting Windows users and warned that malicious hackers are already exploiting the flaw in live attacks. The advisory provides prepatch mitigation for a bug in Microsoft XML Core Services, formerly known as the Microsoft XML Parser, a service that lets users create […]

Among existing desktop security software, Symantecs Norton AntiVirus 2007 suite is the best at detecting and removing stealth rootkits, according to a study done by Thompson Cyber Security Labs. In the study, which was commissioned by Symantec and conducted by veteran anti-virus expert Roger Thompson, 20 randomly chosen pieces of rootkit-laden malware files were pitted […]

An “extremely critical” vulnerability in Microsoft Visual Studio 2005 could put users at risk of remote code execution attacks, the company confirmed Nov. 1. The Redmond, Wash., software maker issued a security advisory with pre-patch workarounds and warned that the flaw is already being used in zero-day attacks. “We are aware of proof of concept […]

Metasploit founder HD Moore has released an exploit for an unpatched vulnerability in the Apple Airport driver that ships with some PowerBook and iMac computers. The exploit kicks off a new project called Month of Kernel Bugs and follows a heated debate over the existence of 802.11 (Wi-Fi) flaws affecting Apple Computers Mac OS X […]

Detailed exploit code for a Windows XP security vulnerability has been published on the Internet, offering a roadmap for hackers to disable the firewall embedded in the operating system. Microsoft on Oct. 31 confirmed it is investigating the issue, which targets ICS (Internet Connection Sharing), a feature in Windows XP that lets users share a […]