Ryan Naraine

An unpatched security flaw in Microsoft’s Jet Database Engine is being used to launch targeted attacks against Windows users, according to an advisory from the software vendor.The attacks, described by Microsoft as “very limited,” are exploiting a buffer overrun vulnerability in the lightweight database that provides data access to applications such as Microsoft Access, Microsoft […]

(See update note below) Sony sells a configure-to-order laptop. Sony preinstalls crapware (trial software, games, etc.) on that computer. Sony wants you to pay $49.99 to remove the crapware. Taking consumer abuse to new levels. UPDATE: In the face of widespread condemnation on blogs and news sites, Sony has removed the $49.99 fee.

Silicon Valley entrepreneur Rod Beckstrom, best known for founding Twiki.net and for his book on the power of decentralized organizations, has been tapped by the Bush administration to manage a new National Cyber Security Center.The White House announced March 21 that Beckstrom will take up an office at the Department of Homeland Security and report […]

I’m hearing some murmurs that Microsoft’s acquisition of anti-rootkit startup Komoku could hit a patent hurdle. My sources point to Patent #7,181,560, which was granted to Joe Grand (aka Kingpin from L0pht) and Brian Carrier of digital-evidence.org and covers a “Method and Apparatus for Preserving Computer Memory Using Expansion Card.” The concept covered in the […]

Looking to beef up the anti-malware protection capabilities in its enterprise and consumer security products, Microsoft has inked a deal to acquire Komoku, a U.S. government-funded startup that specializes in finding malicious rootkits. Financial terms of the deal were not released.Komoku took in about $2.5 million in funding from DARPA (the Defense Advanced Research Projects […]

Whenever a news story breaks about a major data breach, PR folks representing security vendors trip over themselves to clog my inbox with “our-solution-could-have-prevented-that” notes. For Rapid7, a company that hawks vulnerability assessment, PCI compliance and Web application scanning software, this week’s Hannaford breach flipped the script and showed how security vendors scramble to deal […]

Hackers have posted proof-of-concept code that could be used to launch code execution attacks against businesses using the CA BrightStor ARCserve Backup software product.eWEEK has confirmed that the code, posted at Milw0rm.com, exploits an unpatched ActiveX vulnerability in CA BrightStor ARCserve Backup to launch client-side attacks on laptop and desktop computers.The attack code was successfully […]

It’s officially Patch Day in the land of the Mac.On the heels of the release of Safari 3.1, with patches for more than a dozen browser vulnerabilities, Apple has shipped a mega update for its flagship Mac operating system, fixing at least 80 documented vulnerabilities in a wide range of core components.The Security Update 2008-002, […]

Apple has shipped a new version of its flagship Safari Web browser to fix more than a dozen security vulnerabilities affecting both Windows and Mac users.The new Safari 3.1 includes patches for at least 13 documented flaws, including one that puts Mac OS X users at risk of drive-by code execution attacks.According to an advisory […]

The United States Computer Emergency Readiness Team has issued a warning for multiple ActiveX buffer overflow vulnerabilities affecting Adobe’s Form Designer and Advanced Form Client software products.The flaws, rated “highly critical” by Secunia, could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.A malicious attacker could use specially rigged HTML documents […]