Sponsored White Papers, Webcasts, and Downloads
- ZDNet Author Biography
Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management...- more about Ryan Naraine »
ZDNet Resources
- Blue Pill hacker challenge update: It's a no-go
- A quick update to the challenge handed down to hacker Joanna Rutkowska to prove that her Blue Pill technology creates "100% undetectable malware."Rutkowska says she is "ready to accept" the challenge but wants her two-person team to be paid $384,000 ($200 a day each for two people working full-time for...
- Tags: Uncategorized
- Blog posts 2007-06-29
- Patch Tuesday: 7 bulletins, 18 flaws, all critical
- Its an all-critical Patch Tuesday.Microsoft has just released seven advisories -- all rated critical -- with patches for at least 18 vulnerabilities affecting the Windows operating system, the widely deployed Office productivity suite and the dominant Internet Explorer browser.Five of the 18 vulnerabilities affect Windows Vista.The batch of updates includes...
- Tags: Apple, Botnets, Browsers, Data theft, Exploit code, Hackers, Metasploit, Microsoft, Open source, Patch Watch, Pen testing, Responsible disclosure, Spam and Phishing, Spyware and Adware, Uncategorized, Viruses and Worms, Vulnerability research, Windows Vista, Zero-day attacks
- Blog posts 2007-05-08
- Botnet herders pounce on Windows DNS RPC flaw
- Online criminals have pounced on the unpatched Windows DNS Server service vulnerability, using the security hole to seed and replenish for-profit botnets.The latest twist in the ongoing attacks comes less than a week after Microsofts pre-patch advisory provided clues for hackers to write and release detailed exploit code.Anti-virus researchers have...
- Tags: Zero-day attacks, Vulnerability research, Viruses and Worms, Uncategorized, Symantec, Spyware and Adware, Spam and Phishing, Rootkits, Responsible disclosure, Pen testing, Patch Watch, Microsoft, Metasploit, Hackers, Exploit code, Data theft, Browsers, Botnets
- Blog posts 2007-04-17
- Oracle Patch Day: 37 flaws fixed
- Oracle has released its quarterly "critical patch update" with fixes for a total of 37 security holes in its database and application server products.The April 2007 CPU addresses a wide range of vulnerabilities affecting the following product lines:* Oracle Database (14 flaws, including one with a CVSS base score of...
- Tags: Vulnerability research, Pen testing, Uncategorized, Responsible disclosure, Patch Watch, Oracle, Metasploit, Hackers, Exploit code, Data theft
- Blog posts 2007-04-17
- How to turn off RPC management of DNS on a large scale
- In an advisory issued earlier today, Microsoft issued several workarounds/mitigations for the Windows DNS server service zero-day attacks, including a recommendation that network admins completely disable remote management of RPC capability for DNS Servers.The recommendation included instructions on registry key edits but if youre in charge of a large-scale Windows...
- Tags: Zero-day attacks, Uncategorized, Responsible disclosure, Pen testing, Patch Watch, Microsoft, Metasploit, Hackers, Exploit code, Data theft, Browsers
- Blog posts 2007-04-13
- Microsoft: Beware of .HLP files
- Microsoft is urging Windows users to be very careful when opening ".hlp" attachments.The warning follows the release of exploit code for possible new zero-day bug in the Microsoft Help subsystem, which is used to display files with the ".hlp" extension. The proof-of-concept code, posted at Milw0rm.com, provides instructions on how...
- Tags: Zero-day attacks, Viruses and Worms, Spam and Phishing, Rootkits, Pen testing, Patch Watch, Microsoft, Hackers, Exploit code, Data theft, Vulnerability research, Uncategorized, Spyware and Adware, Responsible disclosure, Browsers
- Blog posts 2007-04-11
- Microsoft knew of Windows .ANI flaw since December 2006
- A private security research outfit says it notified Microsoft about the animated cursor (.ani) code execution vulnerability since December 2006, a full four months ahead of yesterday's discovery of Internet Explorer drive-by attacks.According to Alexander Sotirov, chief reverse engineer at Determina, his research team discovered and reported the flaw to...
- Tags: Zero-day attacks, Windows Vista, Vulnerability research, Uncategorized, Spyware and Adware, Spam and Phishing, Rootkits, Responsible disclosure, Pen testing, Patch Watch, Mozilla, Microsoft, Hackers, Firefox, Exploit code, Data theft, Browsers, Botnets
- Blog posts 2007-03-30
- Black Hat RFID hacking demo threatened
- Another Black Hat conference, another vulnerability disclosure debate.IOActive's Chris Paget's plan to explain why RFID technology is "insecure and untrustworthy" has run into a legal stumbling block after secure card maker HID Corp. raised objections in a letter that claims possible patent infringement.InfoWorld's Paul Roberts is reporting that HID sent...
- Tags: Wi-Fi security, Pen testing, Black Hat, Exploit code, Responsible disclosure, Punditocracy, Cisco, Vulnerability research, Oracle, Hackers, Zero-day attacks, Uncategorized
- Blog posts 2007-02-27
- Symantec: Vista's UAC prompts can't always be trusted
- Microsofts implementation of the UAC user account control mechanism in Windows Vista continues to take a beating from security researchers. Less than a week after Polish hacker Joanna Rutkowska raised an alert for design -- and implementation -- bugs in the default no-admin component, a member of Symantecs Advanced...
- Tags: Black Hat, Data theft, Exploit code, Hackers, Microsoft, Pen testing, Punditocracy, Responsible disclosure, Uncategorized, Vulnerability research, Windows Vista
- Blog posts 2007-02-20
- Sun rushes out patch for Solaris Telnet exploit
- Sun Microsystems has rushed out patches to fix a code execution hole in the Solaris 10/11 telnet daemon (in.telnetd). The companys fix comes just days after a hacker known as "Kingcope" went public with details of the vulnerability, which allows a remote attacker to bypass the Sun Solaris telnet...
- Tags: Exploit code, Hackers, Patch Watch, Pen testing, Responsible disclosure, Uncategorized, Viruses and Worms, Vulnerability research
- Blog posts 2007-02-13
- MS Patch Tuesday: 12 bulletins, 6 critical, 20 vulnerabilities
- Microsoft's Patch Tuesday train rumbled into security central with a full load today: 12 bulletins with patches for at least 20 vulnerabilities in a wide range of widely used software products.Six of the 12 bulletins are rated "critical," Redmond's highest severity rating.As expected, there are fixes for gaping holes...
- Tags: Botnets, Browsers, Data theft, Exploit code, Hackers, Microsoft, Patch Watch, Uncategorized, Viruses and Worms, Vulnerability research, Zero-day attacks
- Blog posts 2007-02-13
Additional Resources
- Gaping holes in RealPlayer patched
- Digital media delivery firm RealNetworks has shipped a high-prority patch to cover four gaping holes in its flagship RealPlayer software, warning that the vulnerabilities could put users at risk of code execution attacks. The patch comes a few hours after Secunia released an advisory warning for one...
- Tags: Vulnerability, RealNetworks Inc., RealNetworks RealPlayer, Digital Music, Digital Media, Security, Personal Technology, Consumer Electronics, Ryan Naraine
- Blog posts 2008-07-25
- Microsoft joins 'patch DNS now' chant; Apple patch missing
- On the heels of the release of weaponized exploit code for the DNS cache poisoning vulnerability, Microsoft has joined the chorus of security pros pleading with DNS server providers to immediately apply patches to protect users from malicious attacks. The Redmond, Wash. security...
- Tags: Apple Macintosh, DNS, Vulnerability, Apple Inc., Exploit Code, Microsoft Corp., Attack, Dan Kaminsky, Domain Names, Apple Mac OS X, Networking, Security, Internet, Operating Systems, Software, Apple Mac OS, Ryan Naraine
- Blog posts 2008-07-25
- GMail adds "https:"-only connections but still not by default
- Google has added a new "Browser Connection" feature to GMail to allow users to force e-mail sessions to always use the more secure "https:" protocol but, strangely, this is not turned on by default. In the Settings tab, at the very bottom, GMail users can now select...
- Tags: Google Inc., Google Gmail, HTTP, E-mail Providers, Cloud Computing, Internet, Ryan Naraine
- Blog posts 2008-07-25
- News to know: 'Spam king' dead; Microsoft's cloud; Dell;
- Notable headlines: Ryan Naraine: Escapee 'Spam King' dead in apparent murder-suicide CBS Denver Video: 'Spam King' Inmate Dies Along With Wife, Daughter Mary Jo Foley: Ozzie foreshadows 'Zurich,' Microsoft's elastic cloud Microsoft to get more 'Apple-like' in PC,...
- Tags: Larry Dignan
- Blog posts 2008-07-25
- Escapee 'Spam King' dead in apparent murder-suicide
- Convicted spammer Eddie Davidson, who escaped from federal prison over the weekend, killed his wife and 3-year-old daughter before killing himself in what is being described as a murder-suicide. Colorado's 9News.com said the tragic end of the man known as the "Spam King" was confirmed by the...
- Tags: Prison, Sheriff, Internal Revenue Service, Attorney, Healthcare, Ryan Naraine
- Blog posts 2008-07-24
- AT&T iPhones exposed to DNS cache poisioning? Or not?
- Here's a photo of my iPhone after running Dan Kaminsky's Doxpara DNS Checker tool a few minutes ago: I ran the same test at the DNS-OARC's DNS checker and got this: 209.183.33.23 (schinetdns.mycingular.net) appears to have GREAT source port randomness and GREAT transcation...
- Tags: DNS, AT&T Corp., Domain Names, Networking, Internet, Ryan Naraine
- Blog posts 2008-07-24
- Speculation over possible Skype backdoor
- There's growing speculation coming out of Europe that there's a backdoor in Skype that allows remote eavesdropping of telephone conversations. A report in the reputable Heise Online says the issue was discussed at a meeting with ISPs last month where high-ranking officials at the Austrian interior...
- Tags: Skype Technologies S.A., Telecom & Utilities, Internet Service Providers (ISPs), Internet, Ryan Naraine
- Blog posts 2008-07-24
- Apple looking to hire iPhone hacker
- Apple is in the market for someone capable of hacking into the iPhone. According to this job listing, the company is looking for an iPhone Security Engineer capable of, among other things, developing "proof of concept" attacks on the device's current security mechanisms. ...
- Tags: Apple iPhone, Apple Inc., Hacker, Security Mechanism, Security, Ryan Naraine
- Blog posts 2008-07-24
- News to know: DNS flaw; Amazon; Microsoft shakeup; Facebook
- Notable headlines: Ryan Naraine: Researchers borrow from Google PageRank for network defense service Attack code published for DNS flaw Nate McFeters: |)ruid and HD Moore release part 2 of DNS exploit 'Spam King' escapes from federal prison iPhone vulnerable to phishing,...
- Tags: Apple iPhone, Facebook, DNS, Amazon.com Inc., Microsoft Corp., Microsoft Xbox, Flaw, Game Players, Domain Names, Networking, Security, Consumer Electronics, Personal Technology, Internet, Larry Dignan
- Blog posts 2008-07-24
- << Previous
- page 1 of 1
- Next >>
White Papers and Webcasts
At the Cleantech Forum in San Francisco, Todd Glass of Heller Ehrman moderates a discussion, among tech execs, on the various solar technologies making a difference in the green movement.
Intel is working with Microsoft to deliver an integrated, validated solution for notebook and desktop systems that gives users the performance they need for Windows Vista.
According to a new study from the Economist, future success belongs to those who collaborate effectively. Learn how successful collaboration can improve profits, problem-solving, and competitive differentiation.
