Microsoft releases official VML patch!!

Tuesday, September 26th, 2006

The big news this afternoon is that Microsoft HAS gone out of the routine patch cycle to release a security fix for the VML vulnerability that’s been actively exploited in recent days for everything from sneak keylogger installs to massive spyware installs. Sans has a few links, if you de-registered the affected DLL you should [...]

Update on the Internet Explorer VML vulnerability

Friday, September 22nd, 2006

Just catching up on the days VML vulnerability news from today…. It looks as though… the exploit is now MUCH more widespread this blog has some video of an infection, what’s notable is that the first take was VERY UNEVENTFUL, it was used to stealthily install a keylogger. (So that they can harvest paypal/bank/etc. passwords…) [...]

Apple Macbook pro and other wireless fixes

Thursday, September 21st, 2006

Do you remember the big bruhaha a month or so back about the “apple wireless vulnerability” that everybody picked apart because in the video taped demonstration they used a third party card…. EVEN though the demonstrators stated that the same vulnerability existed in Apple’s own driver some on the internet tore one reporter up over [...]

Being cautious with web links

Friday, September 8th, 2006

Once upon a time the bad payload of a malicious email was it’s attachment, that still happens, but in many cases the links are the real lure – like a worm dangled in the water in front of a hungry fish…. the links though hide a danger on the other side…. the hook in our [...]

More Microsoft Patch problems MS06-042

Tuesday, August 22nd, 2006

This has been one of the “problem child” patches this time around and it looks as though it’s worse than initially thought. Apparently, instead of “just” crashing IE SP1 when viewing compressed http 1.1 web pages on WinXP SP1 or Windows 2000 SP4…. as stated in Microsoft’s bulletins, this could also lead to a buffer [...]

MS06-040 update

Monday, August 14th, 2006

MS06-040 is one of last weeks Windows updates and is the one that was probably the biggest target for “wormable” activity. There’s a good deal of news from over the weekend with regards to this. First: Snort signatures, the MS06-040 exploit was spotted actively “in the wild”, and of course, our perennial friends in the [...]

Phishing – so many flaws to exploit so little time

Wednesday, June 28th, 2006

In the last week there was a well documented writeup of a cross site scripting vulnerability which had allowed a phisher to pose as a paypal login with THE LEGIT PAYPAL SSL CERTIFICATE…. Brian Krebs at the Security Fix has some details on some of the new and interesting ways phishers are trying to exploit [...]

How embarrasing… Computer security firms database hacked

Tuesday, December 20th, 2005

The Washington Times, has a story from Brian Krebs of their Security Fix blog about … Guidance Software — the leading provider of software used to diagnose hacker break-ins — has itself been hacked, resulting in the exposure of financial and personal data connected to thousands of law enforcement officials and network-security professionals.    Send [...]

Free personal firewalls for windows will be a bit scarcer

Saturday, November 26th, 2005

It’s too bad that Symantec will be killing off a free personal firewall. I guess they didn’t like supporting competition for their (large) Internet Security with included firewall… About three months ago, Symantec bought Sygate who made a Sygate Pro and Sygate free personal firewall. Both the Pro and the free version will get the [...]

Brian Krebs talks to the FBI on cybercrime

Wednesday, August 10th, 2005

Just found this interesting post at the Security Fix. It seems Brian has had a chance to ask a question of the FBI director Robert Mueller and to speak with the assistant director in the Cyber Division. There are some interesting answers to his questions.    Send article as PDF   


Switch to our mobile site