Ryan Naraine

Looking to jumpstart widespread adoption of the OpenID online identity system, a dozen software vendors are backing a $50,000 bounty program to open-source developers. The OpenID Code Bounty, which is supported by a slew of companies including VeriSign and Six Apart, offers $5,000 directly to 10 open-source projects that successfully implement OpenID 2.0 support. Others […]

The ongoing Digg versus Netscape spat has apparently escalated into a hacking attack against America Onlines Netscape.com social media Web site. Virus researchers at Finnish security vendor F-Secure discovered the Netscape.com hack during research work around cross-site scripting vulnerabilities on social networking sites and said the attack was obviously the work of Digg fans. Netscape.com, […]

British database security vendor NGSSoftware has tapped former McAfee chief security officer Ted Barlow to head up its North American operations. NGSSoftware, based in London, said Barlow will handle its expansion into major U.S. markets. Barlow previously served for four years as vice president and CSO at McAfee, a Santa Clara, Calif., provider of anti-virus […]

The worlds most popular search engine can be used to pinpoint software security bugs in source code available on the Internet, according to a new research project launched by a U.K.-based researcher. The project, called Bugle, is a collection of Google search queries that can be used to identify some of the most common vulnerabilities […]

HD Moore, creator of the metasploit hacking tool and the security researcher behind the Month of Browser Bugs, or MOBB, project, has released a search engine that finds live malware samples through Google queries. The new Malware Search engine provides a Web interface that allows anyone to enter the name of a known virus or […]

In the midst of back-to-back zero-day attacks against select businesses in the Far East, Microsoft on July 17 released a security advisory with a terse message: Do not open or save unexpected Microsoft Office files, even if they come unexpectedly from a trusted source. The companys advisory comes less than a week after virus hunters […]

Detailed exploit code for a critical Windows worm hole has been published on the Internet, putting millions of users at risk of PC takeover attacks. The code, which was posted to the Milw0rm Web site, attempts to exploit a known—and already patched—vulnerability in the DHCP (Dynamic Host Configuration Protocol) Client service. Microsoft released the MS06-036 […]

A second Trojan used in the latest zero-day attack against Microsoft Office contains characteristics that pinpoint corporate espionage as the main motive, according to virus hunters tracking the threat. According to an alert from Symantec, a backdoor called Trojan.Riler.F is installing itself as a layered service provider, or LSP, allowing it access to every piece […]

Database and server giant Oracle on July 17 shipped a quarterly critical patch update with fixes for a whopping 65 security vulnerabilities. The July CPU addresses flaws in several products and components, including the widely used Oracle Database, Oracle Application Server, Oracle Collaboration Suite and Oracle E-Business Suite. A total of 23 patches apply to […]

Security researchers have a brand-new tool to use to go digging for malicious executables on the Web: the Google SOAP Search API. Malware hunters at Websense Security Labs have figured out a way to use the freely available Google API to find dangerous .exe files sitting on thousands of Web servers around the world. The […]