Ryan Naraine

Ten Free Must-Have Security Tools by Ryan Naraine Ten Free Must-Have Security Tools – Secunia Personal Software Inspector Secunia Personal Software InspectorThe Secunia PSI examines .exe, .dll, and .ocx files on your computer and matches the data against a file signatures engine to determine whether you are running unpatched software programs. It then provides help […]

OpenOffice has issued a high-priority update to fix at least six vulnerabilities affecting users of its free desktop productivity suite. The open-source group said the critical vulnerabilities affect OpenOffice.org suite versions prior to 2.4. An alert from Symantec’s DeepSight TMS (Threat Management System) warns: “Attackers may exploit these vulnerabilities by enticing victims into opening maliciously […]

Over on Twitter, during a discussion on PayPal’s plan to ban “unsafe browsers,” I suggested there was no way the company would risk blocking Safari connections. Can’t afford to alienate iPhone and the mobile transaction market. Woke up this morning and found this statement from a PayPal spokesperson: ““PayPal is developing features to block customers […]

DNS security guru Dan Kaminsky says the practice by major ISPs to deploy advertising servers within trademarked domains (on error pages, for example) can expose the entire Web to malicious hacker attacks. Kaminsky (left), a well-known researcher who helped with the Sony rootkit investigation, says the advertising servers are impersonating, via DNS, hostnames within trademarked […]

[[ UPDATE: Here are the slides from Cerrudo’s HiTB talk (.pdf) that prompted Microsoft’s advisory. At the company’s request, Cerrudo has opted not to release exploit code. ]] Last month, when I wrote about hacker Cesar Cerrudo’s (left) plans to punch holes in the security model of Microsoft’s brand-new Windows Server 2008, Redmond officials pinged […]

A serious security flaw in the Cisco NAC (Network Admission Control) appliance can allow an attacker to obtain the shared secret that is used between the two internal components, according to a warning from the network and switching vendor. The vulnerability, which carries a CVSS base score of 10.0 (the highest possible severity rating), could […]

Apple has made a small but significant tweak to its Automatic Software Update utility to make a clear distinction between security patches and new products being pushed out to Windows users. The UI redesign, which adds a new box labeled New Software, follows intense criticism of Apple’s recent decision to bundle its new Safari for […]

Hackers have posted attack code for what appears to be a zero-day vulnerability in Microsoft Works, the productivity software suite aimed at small businesses and home offices. The basic details, via McAfee analyst Kevin Beets: “The flaw lies in an ActiveX component of Microsoft Works Image Server (WkImgSrv.dll). Yes, it appears successful exploitation would allow […]

PayPal, one of the brands most spoofed in phishing attacks, is working on a plan to block its users from making transactions from Web browsers that don’t provide anti-phishing protection. The eBay-owned company, which runs a Web-based payment system that allows the transfer of funds between bank accounts and credit cards, said browsers that do […]

It’s Patch Day in the land of Web browsers. In separate warnings, Apple and Mozilla confirmed — and fixed — critical vulnerabilities affecting users of the Safari and Mozilla browsers. The Apple Safari patch (available for Windows and Mac OS X), provides cover for at least four vulnerabilities (including Charlie Miller’s winning CanSecWest contest exploit). […]