Ryan Naraine

Anti-virus vendor Symantec Corp. has publicly acknowledged that a high-risk buffer overflow vulnerability in its AntiVirus Library could lead to code execution attacks when RAR archive files are scanned. One day after private security researcher Alex Wheeler flagged the issue as a serious risk, Symantec issued an advisory of its own, confirming the vulnerability exists […]

A heap overflow vulnerability in Apple Computer Inc.s iTunes and QuickTime media players could put millions of PC and Mac users at risk of malicious hacker attacks, security experts warned Wednesday. In an advisory posted on Security-Protocols.com, researcher Tom Ferris warned that attackers can rig QuickTime movie files to trigger a denial-of-service crash that may […]

A new Christmas-themed worm attack is underway, delivering an offensive rootkit payload over the AOL, MSN, Windows Messenger, ICQ and Yahoo instant messaging networks. The worm, identified as IM.GiftCom.All, was discovered by researchers at IMLogic Inc.s Threat Center spreading via IM and attempting to trick users into clicking on a malicious URL. The link lures […]

An independent security researcher on Tuesday flagged an unpatched flaw in the Symantec AntiVirus Library and warned that attackers could exploit the bug to execute arbitrary code when a malicious RAR archive is scanned. In a published advisory, here in PDF form, researcher Alex Wheeler said the vulnerability is the result of unchecked 16-bit length […]

Microsoft has announced plans to make several key default changes to Internet Explorer 7s security zones to further harden the browser against attacks. The built-in zones, used in IE to enforce security rules for Web sites by grouping them into categories, will be changed to scrap the use of the “Intranet” zone unless the computer […]

Researchers at Microsoft Corp. have blown the lid off a large-scale, typo-squatting scheme that uses multi-layer URL redirection to game Googles AdSense for domains program. The scheme was uncovered when Redmond lab rats decided to extend its HoneyMonkey exploit detection system, a project that runs automatic and systematic Web scans to investigate the seedier side […]

White Wolf Publishing Inc., a company responsible for some of the most popular role-playing game brands, has shut down operations after international hackers exploited a software flaw and stole user data that included user names, e-mail addresses and encrypted passwords. Following the breach, the company, based in Stone Mountain, Ga., said the hackers attempted to […]

More than two months after Microsoft Corp. issued a critical patch for a Windows 2000 worm hole, malicious hackers are successfully exploiting the vulnerability, confirming fears that patch deployment rates remain frighteningly low. The latest network worm attack, identified by anti-virus vendors as W32/Dasher, enters through a flaw in the Microsoft Windows Distributed Transaction Coordinator […]

WASHINGTON, D.C.—More than a year after Microsoft Corp. shipped Windows XP Service Pack 2 as a massive security-centric OS makeover, customer adoption internationally continues to lag at disappointing levels, according to a senior Redmond executive. Stuart McKee, Microsofts U.S. National Technology Officer, said the overall install rate of XP SP2 was just shy of 70 […]

WASHINGTON, DC—Microsoft Corp. on Wednesday clinched Common Criteria security certification from the U.S. governments National Information Assurance Partnership for six versions of its flagship Windows OS. At the Security Summit East here, Microsoft announced that all the products earned the EAL 4 + (Evaluation Assurance Level), which is the highest level granted to a commercial […]