Ryan Naraine

Apple has slapped a Band-Aid on its Safari for Windows browser to cover four vulnerabilities that could lead to code execution, cross-site scripting and URL spoofing attacks.The Safari 3.1.1 update includes a patch for the flaw the allowed the hijack of a MacBook Air laptop at this year’s CanSecWest “PWN to OWN” security contest.According to […]

OpenDNS has added a new filtering option to its free DNS service to help protect against poisonous DNS rebinding attacks. The new feature, which is turned “OFF” by default, is available to OpenDNS account holders to help filter out suspicious responses that contain data that might be malicious or otherwise unwanted. When enabled, the new […]

Less than a week after the release of patches for a pair of code execution flaws in Microsoft’s Windows graphics device interface, malicious hackers are firing in-the-wild exploits against those vulnerabilities.According to virus hunters tracking malicious Internet activity, a booby-trapped file named TOP.JPG is in circulation, exploiting one of the vulnerabilities described in Microsoft’s MS08-001 […]

Database server giant Oracle plans to ship a major security update on Tuesday, April 15 to cover more than 40 vulnerabilities in a wide range of products.The fixes are part of the company’s quarterly CPU (critical patch update) and will cover severe vulnerabilities across hundreds of Oracle products. According to Oracle’s advance notice, 17 of […]

Adobe Systems has released a major Flash Player update to fix at least seven cross-platform vulnerabilities that put users at risk of PC takeover attacks. One of the vulnerabilities covered in the APSB08-11 update was used to hijack a Windows Vista laptop at the CanSecWest “Pwn to own” hacking contest March 26-28. The update is […]

SAN FRANCISCO-Microsoft plans to make a key Internet Explorer default change to thwart attackers trying to hack into its Web browser. The software maker will enable DEP/NX (Data Execution Prevention/No Execute) by default in IE 8 when the browser is running on Windows Vista and Windows Server 2008, a major tweak aimed at mitigating browser-based […]

SAN FRANCISCO-Secretary of Homeland Security Michael Chertoff says the U.S. government is working on the equivalent of the “Manhattan Project” to defend federal networks and national security interests from large-scale cyber-attacks.During a keynote presentation at RSA Conference, Chertoff painted a gloomy picture of the government’s readiness for a determined attack on critical communication networks and […]

Two of Microsoft’s newest operating systems-Windows Vista and Windows Server 2008-are vulnerable to serious remote code execution attacks, according to a warning from the software giant. The “critical” warning comes April 8 as part of Microsoft’s April batch of Patch Tuesday updates, which include eight security bulletins covering at least 10 documented software vulnerabilities. The […]

SAN FRANCISCO-Buoyed by the success of Trustworthy Computing at Microsoft-a five-year initiative that saw the company move from security pariah to industry trendsetter-the software giant is proposing a vendor-neutral push to build an ecosystem of trust on the Internet. Microsoft used the spotlight of the RSA Conference 2008 here April 8 to start the dialogue […]

Apple is quietly adding several key anti-hacker security features into its flagship QuickTime media player as part of a deliberate plan to reduce the effectiveness of malicious exploits.The XPMs (exploit prevention mechanisms) have been fitted into the WIndows and Mac OS X versions of QuickTime 7.4.5, a new update that also patches 11 high-risk security […]