Ryan Naraine

A German database security outfit on Tuesday went public with information on six unpatched vulnerabilities—some rated critical—in Oracle Forms and Oracle Reports, two widely deployed enterprise-facing products. Red-Database-Security GmbH, a company that specializes in Oracle security audits, warned that the most serious flaw could allow a malicious hacker to use a Web browser to overwrite […]

A gaping security hole in a popular Firefox browser extension could allow malicious hackers to hijack files from a users hard drive, developers warned Tuesday. The vulnerability was flagged in Greasemonkey, the Firefox add-on that allows users to load custom scripts that modify Web sites on the fly. The flaw is so serious that developers […]

Microsoft plans to integrate rootkit detection technology from its Strider Ghostbuster research project into future versions of the Windows AntiSpyware application, Ziff Davis Internet News has learned. Strider Ghostbuster, a prototype tool developed by Microsoft Corp.s Cybersecurity and Systems Management Research Group, provides a straightforward way to detect Windows rootkits by comparing scan results between […]

POSSIBLE IE BROWSER BUG A private security researcher has discovered a possible remote code execution bug in the way Microsoft Corp.s Internet Explorer browser renders certain images. Researcher Michal Zalewski warned in a mailing list entry that during a 30-minute experiment, he found a bug in the browsers image decompression and parsing routines. “This experiment […]

The Microsoft Security Response Center late Saturday released a security advisory to offer pre-patch workarounds for a denial-of-service flaw in Windows XP Service Pack 2. The companys advisory follows the public disclosure of the vulnerability in Remote Desktop Services, a feature that allows XP users to remotely control computers from another office, from home or […]

Microsoft has acknowledged that it is working on a patch for a potentially serious security hole in fully patched versions of Windows XP Service Pack 2. The software makers confirmation follows public disclosure of the vulnerability by a private security researcher who goes by the moniker “badpack3t.” In an advisory posted at SecurityProtocols.com, the researcher […]

Patch Tuesday this month was an IT administrators worse nightmare. Microsoft Corp. patched three “critical” flaws. Oracle Corp. plugged 49 database server holes. The Mozilla Org. fixed a dozen fairly serious Firefox and Thunderbird bugs. Apple Computer Inc. applied security stripes to Tiger. Cisco Systems Inc. corrected denial-of-service flaws in CallManager. And the list goes […]

Microsoft Corp. on Tuesday released a fix for the underlying code execution vulnerability affecting users of its flagship Internet Explorer browser. As part of its monthly patching cycle, Microsoft shipped three security bulletins, all rated critical, including patches for a bug in the JView Profiler (Javaprxy.dll) that was being exploited via the IE browser. The […]

Phrack, the infamous online magazine published by underground hackers, is shutting down. The e-zine, notorious for publishing controversial security-themed articles on phreaking, reverse engineering, cryptography spying and electronics, ends a 20-year run with a hardcover edition scheduled for release at the end of July. In a note posted on the Phrack Web site, the publishers […]

Microsoft has broken its silence over the decision to downgrade the default recommendations in its Windows AntiSpyware product, insisting that “absolutely no exceptions” were made for Claria Corp. Facing heavy criticisms for recommending that users “ignore” the existence of Clarias adware products, Microsoft Corp. issued a public statement to explain that the change stemmed from […]