Ryan Naraine

A rogue Web browser that was removed from the Internet after security researchers found it was serving up child porn advertising has suddenly reappeared, with a peculiar twist. The YapBrowser, also known as YapSearch or YapCash, now comes with an odd claim that users can expect protection from harmful exploits and viruses. The site hosting […]

A security feature used in the open-source world is now helping to harden Windows Vista against buffer overrun exploits. Microsoft has quietly fitted the feature, called ASLR (Address Space Layout Randomization) in Windows Vista Beta 2 as part of a larger plan to make it more difficult to automate attacks against the operating system. “Not […]

Internet security vendor McAfee has fired general counsel Kent Roberts for “improper” conduct relating to the granting of employee stock options. McAfee, of Santa Clara, Calif., said an internal review of employee stock option grants turned up one episode involving Roberts in 2000 that was improper. No additional details were offered. The company said an […]

In lieu of a patch for a dangerous code execution hole in Microsoft Word, security experts are recommending that Windows users implement software restriction policies to blunt the effects of ongoing zero-day attacks. Anti-virus researchers in mid-May first warned that a zero-day flaw in the ubiquitous Word program was being used in an active exploit […]

Working feverishly through the holiday weekend, Symantecs security response team has completed patches for a “high-risk” worm hole in two enterprise-facing product lines. The flaw, which could allow malicious hackers to take complete control of a system without any user action, was discovered and reported by eEye Digital Security 48 hours ago. In an advisory […]

A gaping security flaw in the latest versions of Symantecs anti-virus software suite could put millions of users at risk of a debilitating worm attack, Internet security experts warned May 25. Researchers at eEye Digital Security, the company that discovered the flaw, said it could be exploited by remote hackers to take complete control of […]

Apple Computer has shipped an update to its WebObjects Xcode plug-in to correct a flaw that could allow remote attackers to bypass certain security restrictions. In an alert posted online, Apple, based in Cupertino, Calif., said the vulnerability is due to missing access restrictions on the WebObjects Xcode plug-in network service. It can be exploited […]

Use Microsoft Word in safe mode to protect against targeted zero-day attacks. Thats the advice from Microsofts security response team to counter known attacks against a serious code execution vulnerability in the widely used word processing program. In a pre-patch security advisory, Microsoft said the flaw can be exploited when a user opens a specially […]

OAKLAND, Calif.—Internet security researchers at two U.S. universities have created a prototype system for the automatic generation of vulnerability signatures, promising a new technique to block exploits from attacking unpatched software vulnerabilities. In a paper, here in PDF form, presented at the 2006 IEEE (Institute of Electrical and Electronics Engineers) Symposium on Security and Privacy […]

Fortify software announced May 15 it is joining the open-source FindBugs project as a sponsor and is offering its static code analysis technology to help open-source developers find dangerous security vulnerabilities and other software bugs in Java programs. Fortify, of Palo Alto, Calif., will integrate its namesake Source Code Analysis Suite with the FindBugs static […]