Drupalit weekly
Microsoft: No plans to pay for security vulnerabilities
A Microsoft security official dismissed any suggestion that the company would start buying rights to security flaws, arguing that its current system of crediting hackers in security bulletins is working very well. read more »
Microsoft: No plans to pay for security vulnerabilities
A Microsoft security official dismissed any suggestion that the company would start buying rights to security flaws, arguing that its current system of crediting hackers in security bulletins is working very well. read more »
Adobe plugs security holes in PDF Reader, Acrobat
Adobe today shipped a critical Reader/Acrobat patch to cover a total of 17 documented vulnerabilities that expose Windows, Mac and UNIX users to malicious hacker attacks. read more »
Adobe plugs security holes in PDF Reader, Acrobat
Adobe today shipped a critical Reader/Acrobat patch to cover a total of 17 documented vulnerabilities that expose Windows, Mac and UNIX users to malicious hacker attacks. read more »
Adobe plugs security holes in PDF Reader, Acrobat
Adobe today shipped a critical Reader/Acrobat patch to cover a total of 17 documented vulnerabilities that expose Windows, Mac and UNIX users to malicious hacker attacks. read more »
The Pirate Bay hacked through multiple SQL injections
By using multiple SQL injections, Argentinian group of security researchers managed to obtain access to the Pirate Bay’s administration panel, leading to the exposure of sensitive data belonging to the 4+ million users of the tracker. read more »
Malware Watch: Skype exploit, Skype-themed malicious spam campaigns detected
Researchers from M86 Security Labs are reporting on a currently active malware campaign, using for the first time a working exploit targeting the (fixed) EasyBits Extras Manager Unspecified Vulnerability, reported in October, 2009. read more »
Go Solar Sys
Defenders of the faith (Tavis acted responsibly)
Lurene Grenier: Tavis Ormandy has protected high-value targets by refusing to allow Microsoft an unreasonable timeline for patching. read more »
A sign of Mac growth: growing scareware tactics
The folks over at Trend Micro and Symantec have learned of a second software program dubbed scareware targeting Mac users with a system scan. The program called iMunizator finds potential problems and goads Mac users to buy a full license of the product to fully remove the issues. Symantec pointed out that the program’s coding [...] read more »
Malware Watch: Adobe zero day attack, malicious FIFA-themed spam, exploit serving Virus Alerts
Researchers from WebSense are reporting on three currently active malware campaigns, attempting to trick end users into opening malicious HTML files, or automatically exploiting vulnerable PCs relying on the recent Adobe zero day flaw (CVE-2010-1297).
Defenders of the faith (Tavis acted responsibly)
Lurene Grenier: Tavis Ormandy has protected high-value targets by refusing to allow Microsoft an unreasonable timeline for patching. read more »
The Pirate Bay hacked through multiple SQL injections
By using multiple SQL injections, Argentinian group of security researchers managed to obtain access to the Pirate Bay’s administration panel, leading to the exposure of sensitive data belonging to the 4+ million users of the tracker. read more »
Hi! I'm a security researcher, and here's your invoice
Michal Zalewski: Security researchers don’t have to give any information away for free; but if you need to resort to arm-twisting tactics to sell a service, you have some serious soul searching to do. read more »
PayPal XSS Again.
Nemessis found another XSS in PayPal, and I must say this is a very clever one! Take a peek with Firefox and see what I mean. Good stuff, because it shows how hard it really is to protect yourself from. Logically this is a spot they forgot.http://rstzone.org/forum/
Facebook Problems.
As everyone probably knows, Facebooks sourcecode has leaked. Facebook is sending out letters to everyone to stop publishing it's source code. I guess it's a little late for that. Everyone who knows Google can find it back. But I guess the problems doesn't stop there. It seems that they run a very old thttpd server, namely version 1.0. While it is a cool and tiny server, I would not run it. Just ask Google. Now, there is a tiny unnoticed lesson in this because the same happened to del.icio.us once. Imagine your server spits out PHP files as plain text. read more »
Researchers develop lightweight Cisco IOS rootkit
Black Hat: Building on previous research against IOS, Core Security researchers have theoretically shown the plausibility of an IOS rootkit attack.
MetaScanner v1.1 released
BBC hacks into thousands of PCs
I was reading this story
from the article:
"The BBC has deliberately hacked into 22,000 PCs to prove the power of botnets, and the damage that can be done with a network of compromised computers.
Click – BBC News’ technology programme – with the help of anti-virus company Prevx, took over thousands of computers in order to demonstrate a growing problem in the modern world. read more »
Apple patches Pwn2Own flaw used to hack Safari
- aapl
- adobe partner
- adobe pdf reader
- anti spam law
- antivirus software
- antivirus software
- antivirus software
- antivirus software
- antivirus software
- antivirus software
- antivirus software
- antivirus software
- antivirus solution
- apache org
- apache software foundation
- bad guys
- batten down
- canadian hacker
- china search engine
- coalmine
- code execution
- command line parameters
- computer operating system
- computer security researcher
- continual challenge
- cross compilers
- cyber attacks
- cyber attacks
- cyber attacks
- cyber attacks
- cyber attacks
- cyber attacks
- cyber commander
- cyber threat
- cyber training
- digital war
- flu cases
- foreign correspondents club
- ftc staff
- hack
- hacker
- hackings
- health care organization
- initial reviews
- ipad
- java flaw
- java plugin
- law enforcement officials
- longtime provider
- mac antivirus
- macworld
- malware
- malware
- malware
- malware
- malware
- malware
- malware
- malware
- malware
- massive headache
- michelle obama
- microsoft employ
- mid 80s
- ms patch
- national science foundation
- national security agency
- network administrators
- network solutions
- new ground
- new york times
- nonplussed
- novel approach
- passwords hackers
- pc users
- pc world
- phisher
- pilot fish
- political opponents
- preventing spam
- privacy in the workplace
- ransomware
- s computer networks
- safari browser
- security weaknesses
- social networking sites
- social networking sites
- social networking sites
- software bugs
- spammer
- swine flu
- target reports
- vulnerability
- vulnerability
- vulnerability
- vulnerability
- vulnerability
- vulnerability
- vulnerability
- vulnerability
- vulnerability
- vulnerability
- windows server 2003 r2
- yahoo email accounts
- youtube
- zero day
- zero day
- zero day
- zero day
- zero day
- zero day
- zero day
- zero day
- zero day
- zero day
- zero day
- zero day
- zero day
- zero day
- zero day
- zero day
- zero day
- zero day
- zero day
- zero day
- zero day
- zero day
- zero day
According to Apple's advisory accompanying the patch, the actual vulnerability was not in the Safari browser but in the way ATS (Apple Type Services) handles certain fonts.




Recent comments
6 weeks 4 days ago
49 weeks 2 days ago
50 weeks 3 days ago
1 year 3 days ago
1 year 3 days ago
1 year 3 days ago
1 year 3 days ago
1 year 6 weeks ago
1 year 14 weeks ago
1 year 16 weeks ago