ryan naraine Resources

Sponsored White Papers, Webcasts, and Downloads

ZDNet Author Biography: Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management...; more about Ryan Naraine »

ZDNet Resources

Guy Kawasaki's Twitter account hijacked, pushes Windows and Mac malware: The Twitter account belonging to venture capitalist and Mac evangelist Guy Kawasaki was hijacked yesterday and used to push malware to some 140,000 Twitter users. The attack screenshot above included a link to what purported to be a "sex tape video free download" linked to Gossip...; Tags: Web, Apple Macintosh, Malware, Microsoft Windows, Guy Kawasaki, Twitter, Spyware, Adware & Malware, Phishing, Cyberthreats, Spyware, Channel Management, Corporate Communications, Web Site Development, Domain Names, Desktops, Viruses And Worms, Security, Spam And Phishing, Marketing, Internet, Hardware, Ryan Naraine; Blog posts 2009-06-24
Critical Adobe Shockwave flaw affects millions: Adobe's Shockwave Player contains a critical vulnerability that could be exploited by remote hackers to take complete control of Windows computers, according to a warning from the software maker. The flaw affects Adobe Shockwave Player 11.5.0.596 and earlier versions. Details from Adobe's advisory: ...; Tags: Adobe Systems Inc., Shockwave, Flaw, Shockwave Player, Adobe Shockwave Player, Security, Ryan Naraine; Blog posts 2009-06-24
Mozilla tackles XSS vulnerabilities with new technology: Mozilla's security engineers are working on new technology that promises to mitigate a large class of Web application vulnerabilities, especially the cross-site scripting XSS plague against modern Web browsers. The project, called Content Security Policy, is designed to shut down XSS attacks by providing a mechanism for...; Tags: Vulnerability, XSS, Web Browser, Mozilla Corp., Web Browsers, Internet, Ryan Naraine; Blog posts 2009-06-22
Apple iPhone OS 3.0 update plugs 46 security holes: Apple's latest iPhone OS 3.0 software updates includes patches for multiple vulnerabilities, some with serious security implications. The update, which is only available for download via iTunes, covers a total of 46 documented vulnerabilities, including several that allows malicious code execution if a user simply visits a...; Tags: Apple iPhone, Malicious Code, Vulnerability, Apple Inc., Security, IPSec, Viruses And Worms, Networking, Ryan Naraine; Blog posts 2009-06-17
Apple finally patches musty old Java for Mac vulnerabilities: Apple has finally released a Java for Mac update to fix multiple security flaws that were patched upstream more than six months ago. The fix comes three weeks after developers released proof-of-concept code to demonstrate the severity of the flaw and to nudge embarrass Apple into shipping...; Tags: Apple Macintosh, Vulnerability, Patch Management, Apple Inc., Programming Languages, Java, Software Development, Software/Web Development, Ryan Naraine; Blog posts 2009-06-15

Coming in July: Month of Twitter Bugs: A well-known security researcher plans to use the month of July to expose serious vulnerabilities in the Twitter ecosystem. The Month of Twitter Bugs, a project which launches on July 1, is the handiwork of Aviv Raff left, a researcher known for his work on Web-based security...; Tags: Vulnerability, Twitter, Aviv Raff, Web 2.0, Security, Internet, Ryan Naraine; Blog posts 2009-06-15
Mozilla slaps band-aid on 11 Firefox flaws: Mozilla has joined this week's patchapalooza with the release of a Firefox update to fix 11 documented security vulnerabilities. Six of the 11 issues are in advisories rated "critical" because of the risk of code execution attacks that could allow hackers to take complete control of a...; Tags: Mozilla Firefox, Attacker, Flaw, JavaScript, Web Browser, Mozilla Corp., Firefox 3.0.11, Web Browsers, Security, Internet, Ryan Naraine; Blog posts 2009-06-12
Google plugs 'high risk' WebKit holes in Chrome: Google has shipped a Chrome browser update to fix two serious security issues in WebKit. According to Google Chrome program manager Mark Larson, the most serious of the two flaws could allow hackers to execute harmful code in the browser's sandbox.Â It is rated "high severity."...; Tags: Google Inc., Attacker, Web Browser, Google Chrome, Sandbox, Web Browsers, Security, Internet, Ryan Naraine; Blog posts 2009-06-11
Adobe patches 13 critical Reader, Acrobat vulnerabilities: Adobe has issued its first ever scheduled quarterly update for its Reader/Acrobat product line, a mega-patch covering 13 documented security vulnerabilities. The patches address "critical vulnerabilities" in Adobe Reader 9.1.1 and Acrobat 9.1.1 and earlier versions.Â "These vulnerabilities would cause the application to crash and could potentially...; Tags: Adobe Systems Inc., Adobe Acrobat, Vulnerability, Update, Arbitrary Code Execution, Memory Corruption Vulnerability, Security, Ryan Naraine; Blog posts 2009-06-09
Microsoft patches 31 Windows, IE, Office security holes: Microsoft's batch of patches this month is a big one: 10 bulletins covering a total of 31 documented vulnerabilities affecting the Windows OS, the Internet Explorer browser and the Microsoft Office productivity suite (Word, Works and Excel). Five of the 10 bulletins are rated "critical," Microsoft's highest...; Tags: Microsoft Word, Microsoft Windows Server, Window, Vulnerability, Microsoft Internet Explorer, Microsoft Corp., Microsoft Windows Server 2003, Microsoft Windows, Security, Microsoft Office, Operating Systems, Software, Office Suites, Ryan Naraine; Blog posts 2009-06-09
Apple Safari jumbo patch: 50+ vulnerabilities fixed: Apple has shipped a whopper of a Safari browser update to fix more than 50 vulnerabilities, some rated extremely critical. The latest fixes, available in the new Safari 4.0, corrects a wide range of code execution and denial-of-service vulnerabilities and even comes with a fix for the...; Tags: Apple Safari, Vulnerability, Apple Inc., Web Site, Web Site Development, Web Technology, Security, Internet, Ryan Naraine; Blog posts 2009-06-08
Adobe piggybacks on Microsoft Patch Tuesday: Adobe's first ever quarterly patch for the Reader and Acrobat product lines is set for June 9, the same day Microsoft is scheduled to deliver its batch of security updates. As previously announced, Adobe plans to deliver security updates for Adobe Reader and Acrobat versions 7.x, 8.x,...; Tags: Adobe Systems Inc., Microsoft Corp., Security Administration, Patches, Security, Ryan Naraine; Blog posts 2009-06-05
StrongWebmail CEO's mail account hacked via XSS: A Webmail service that touts itself as hack-proof and offered $10,000 to anyone who could break into the CEO's e-mail has lost the challenge. A trio of hackers successfully compromised the e-mail using persistent cross-site scripting XSS vulnerability and are now claiming the bounty. ...; Tags: XSS, CEO, E-mail, Online Communications, Ryan Naraine; Blog posts 2009-06-04
FTC shuts down notorious botnet ISP: The Federal Trade Commission FTC has shut down a U.S.-based Internet Service Provider for recruiting, hosting and actively participating in the distribution of spam, child pornography, and other harmful electronic content. Pricewert LLC (also known as 3FN and APS Telecom) was shut down by a district court...; Tags: Internet Service Provider, Server, Bot, FTC, Internet Service Providers (ISPs), Viruses And Worms, Internet, Security, Ryan Naraine; Blog posts 2009-06-04
Patch Tuesday heads-up: Critical Windows, IE fixes coming: Microsoft plans to ship 10 security bulletins next Tuesday (June 9, 2009) with fixes for a wide range of code execution vulnerabilities affecting Windows, Microsoft Office and Internet Explorer. Six of the ten bulletins will be rated "critical," Microsoft's highest severity rating. ...; Tags: Vulnerability, Patch Management, Microsoft Internet Explorer, Microsoft Corp., Attack, Microsoft Windows, Patches, Operating Systems, Security, Software, Ryan Naraine; Blog posts 2009-06-04
Typo'd Google domains in Top 10 malware exploit sites: Misspelled versions of two popular Google services are among the Top 10 sites hosting exploits for use in drive-by malware download attacks. On the heels of two massive drive-by attacks -- ten of thousands of hijacked sites launching attacks via the browser -- Google released a list...; Tags: Google Inc., Domain, Malware, Site, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Ryan Naraine; Blog posts 2009-06-04
Apple plugs gaping QuickTime security holes: Apple today released QuickTime 7.6.2 with fixes for a variety of security vulnerabilities, some of which could lead to arbitrary code execution attacks. The update, available for Mac OS X, Windows XP and Windows Vista, covers a total of 10 documented vulnerabilities that could be exploited via...; Tags: Security, Apple QuickTime, Movie, Apple Inc., Arbitrary Code Execution, Buffer-overflow, Application Termination, Digital Music, Digital Media, Personal Technology, Consumer Electronics, Ryan Naraine; Blog posts 2009-06-01
20,000 sites hit with drive-by attack code: Hackers have broken into more than 20,000 legitimate Web sites to plant malicious code to be used in drive-by malware attacks. According to a warning from Websense Security Labs, the sites have been discovered to be injected with malicious JavaScript, obfuscated code that leads to an active...; Tags: Malware, Attack, Exploit Site, Spyware, Adware & Malware, Cyberthreats, Security, Viruses And Worms, Ryan Naraine; Blog posts 2009-06-01
Dangerous Microsoft DirectX vulnerability under attack: Microsoft today warned that hackers are using rigged QuickTime media files to exploit an unpatched vulnerability in DirectShow, the APIs used by Windows programs for multimedia support. The company has activated its security response process to deal with the zero-day attacks has issued a pre-patch advisory with...; Tags: Apple QuickTime, Vulnerability, Microsoft Corp., Web Browser, Attack, Microsoft Windows, Operating Systems, Security, Software, Ryan Naraine; Blog posts 2009-05-28
Twitter API ripe for abuse by web worms: A security researcher is warning that the Twitter API can be trivially abused by hackers to launch worm attacks. The red-hot social networking/microblogging service has been scrambling to plug cross-site scripting and other Web site vulnerabilities to thwart worm attacks but, as researcher Aviv Raff points out,...; Tags: Web, API, Worm, Twitter, Twitpic, Cyberthreats, Viruses And Worms, Security, Ryan Naraine; Blog posts 2009-05-26