Ryan Naraine

A portable hacking device equipped with hundreds of exploits and an automated exploitation system will go on sale in the United States in October. The wireless handheld, called Silica, is the latest product to be developed by Immunity, a Miami-based security company that sells penetration testing products and services. An early version of Silica, which […]

Ben Fathi slipped into the darkened, packed conference room and took a seat on the carpeted floor. On the Black Hat stage, malware researcher Joanna Rutkowska, of Coseinc, was discussing a new technique that could plant an offensive rootkit in Windows Vista, Microsofts “most secure ever” operating system. As corporate vice president for Microsofts Security […]

Remember the last stage of Delirium hacking group? In 2003, the group of four Polish security researchers discovered the vulnerability that would later be used by others to unleash the Blaster worm, but because of distrust over Microsofts willingness to address software flaws at the time, members had to be coaxed into sharing their findings. […]

What started as an amusing eBay listing of an Excel vulnerability for sale has developed into an all-out hacker assault on Microsoft Office applications. Security researchers and malicious hackers have zeroed in on the desktop productivity suite, using specialized “fuzzing” tools to find a wide range of critical vulnerabilities in Word, Excel and PowerPoint file […]

What started as an amusing eBay listing of an Excel vulnerability for sale has developed into an all-out hacker assault on Microsoft Office applications. Security researchers and malicious hackers have zeroed in on the desktop productivity suite, using specialized “fuzzing” tools to find a wide range of critical vulnerabilities in Word, Excel and PowerPoint file […]

The first wave of malicious attacks against the MS06-040 vulnerability is underway, using malware that hijacks unpatched Windows machines for use in IRC-controlled botnets. The attacks, which started late Aug. 12, use a variant of a backdoor Trojan that installs itself on a system, modifies security settings, connects to a remote IRC (Internet Relay Chat) […]

A network worm attack exploiting a critical Microsoft Windows vulnerability appears inevitable, security experts warned Aug. 10. Just days after the Redmond, Wash., software maker issued the MS06-040 bulletin with patches for a “critical” Server Service flaw, Microsofts security response unit is bracing for the worst after exploit code that offers a blueprint for attacks […]

Less than 24 hours after Microsoft shipped a dozen bulletins with security fixes for 23 serious software vulnerabilities, the U.S. governments Department of Homeland Security issued a firm notice to Windows users: immediately apply the patches in the MS06-040 bulletin. In a somewhat unusual move, the DHS warned that the patches cover a remote code […]

AOL on Aug. 7 blamed an internal “screw-up” for the embarrassing release of detailed keyword search data for roughly 658,000 anonymized users. Dulles, Va.-based AOLs mea culpa comes in the midst of a firestorm of criticism from privacy advocates that the information—which amounts to about 20 million search queries—could be traced back to AOL users. […]

LAS VEGAS—Remember the LSD—or Last Stage of Delirium—hacking group? Back in 2003, the group of four Polish security researchers discovered the RPC (Remote Procedure Call) interface vulnerability that would later be used to unleash the Blaster worm, but because of distrust over Microsofts willingness to address software flaws at the time, LSD members had to […]