Ryan Naraine

Microsoft has blocked the attack vector used to slip unsigned drivers past new security policies being implemented in Windows Vista, according to Joanna Rutkowska, the stealth malware researcher who created the exploit. Rutkowska, who demonstrated the exploit at the Black Hat conference in August, said she tested the attack against Windows Vista RC2 x64 and […]

Veteran malware researcher Joe Stewart was fairly sure hed seen it all until he started poking at the SpamThru Trojan—a piece of malware designed to send spam from an infected computer. The Trojan, which uses peer-to-peer technology to send commands to hijacked computers, has been fitted with its own anti-virus scanner—a level of complexity and […]

Oracle has shipped a monster critical patch update with fixes for more than 100 security vulnerabilities in a wide range of database and server products. The new-look bulletin, which includes CVSS (Common Vulnerability Scoring System) severity scores, patches about 120 bugs in the Oracle Database Server, Oracle Application Server, Oracle Application Express, Oracle Collaboration Suite, […]

David Maynor and Jon “Johnny Cache” Ellch, the two hackers at the center of a Apple MacBook Wi-Fi flaw disclosure controversy, have been credited with helping to fix a “high risk” vulnerability in the Toshiba Bluetooth wireless device driver used by several PC vendors. The duo, who blew the whistle on wireless driver vulnerabilities at […]

Microsofts twice-yearly BlueHat hacker summit, running Oct. 19-20, will kick off later this week with a demo of a virtual machine rootkit that can potentially be used to defeat the controversial PatchGuard technology. Dino Dai Zovi, a principal at penetration-testing outfit Matasano Security, has been invited to Microsofts Redmond, Wash., campus to showcase a hardware […]

The dramatic rise in phishing and identity theft attacks includes a well-organized offline component—the not-so-innocent “money mule” recruited by fraudsters to launder stolen money across the globe. The ads appear innocently on all the major employment listing sites, offering stay-at-home positions titled “shipping manager,” “private financial receiver” or “sales representative.” These, however, are active attempts […]

Its dress-down Friday at Sunbelt Softwares Clearwater, Fla., headquarters. In a bland cubicle on the 12th floor, Eric Sites stares at the screen of a “dirty box,” a Microsoft Windows machine infected with the self-replicating Wootbot network worm. Within seconds, there is a significant spike in CPU usage as the infected computer starts scanning the […]

If the plan is perfectly executed, Nicholas Negropontes One Laptop Per Child project will deploy 100 million laptops in the first year. In one fell swoop, the nonprofit organization will create the largest computing monoculture in history. Wary of the security risks associated with a computing monoculture—millions of machines with hardware and software of identical […]

Multiple security flaws in Bugzilla could put users of the software defect tracking software at risk of cross-site scripting, data manipulation and data exposure attacks. According to a warning from the open-source Bugzilla project, users should immediately upgrade to versions 2.18.6, 2.20.3, 2.22.1 or 2.23.3 to minimize the risk of malicious attacks. Security alerts aggregator […]

Oracle plans to make a significant change to the way product flaws are described in its security bulletins, an admission of sorts that the quarterly alerts were almost impossible to understand. Beginning with the Oct. 17 release of the scheduled CPU (Critical Patch Update), the Redwood Shores, Calif., database vendor will start adding severity scores […]