ZDNet Must Read:
Microsoft confirms 'detailed' Windows 7 exploit
Microsoft has issued a security advisory to acknowledge a crippling denial-of-service flaw affecting its newest operating systems -- Windows 7 and Windows Server 2008 R2.... Continued »
Category: Hirings and firings
May 26th, 2009
Twitter API ripe for abuse by web worms
A security researcher is warning that the Twitter API can be trivially abused by hackers to launch worm attacks.
The red-hot social networking/microblogging service has been scrambling to plug cross-site scripting and other Web site vulnerabilities to thwart worm attacks but, as researcher Aviv Raff points out, it’s much easier to misuse the Twitter API as a “weak link” to send worms squirming through Twitter.
May 13th, 2009
Apple snags ex-OLPC security chief
Former director of security architecture at One Laptop per Child (OLPC) Ivan Krstic has joined Apple to help thwart hacker attacks against the Mac operating system.
Krstic, a well-respected innovator who designed the Bitfrost security specification for the OLPC initiative, joined Cupertino this week and will work on core OS security. His hiring comes at a crucial time for a company that ties security to its marketing campaigns despite public knowledge that it’s rather trivial to launch exploits against the Mac.
May 7th, 2009
Patch Tuesday: Fix coming for PowerPoint zero-day
Exactly one month after malicious hackers started using rigged PowerPoint files to launch targeted attacks, Microsoft announced plans to ship a “critical” bulletin affecting its flagship presentation program.
The PowerPoint update is the only bulletin scheduled for this month’s Patch Tuesday on May 12, 2009 . It is rated “critical” (remote code execution) for all supported versions of Microsoft Powerpoint 2000 through 2007.
May 6th, 2009
Layoffs hit Microsoft security unit
The latest round of layoffs at Microsoft has taken a toll on Redmond’s security unit.
Steve Riley (left), a senior security strategist who served as one of the public faces of Microsoft’s security efforts, had his position eliminated during the second round of cuts that happened this week.
Riley is best known for his presentations at security conferences and his work on the Protecting Your Windows Network book.
April 29th, 2009
Survey: 37% of employees would become insiders given the right incentive
Would you sell sensitive company data if you’re offered the right incentive? Using the current economic situation, or pure greed as an excuse, 37% of employees surveyed at this year’s Infosecurity Europe event said that they are keeping their options open.
What type of information are they willing to sell, and what kind of incentives are the potential insiders interested in?
April 27th, 2009
Is Twitter finally taking security seriously?
Now that Oprah’s all a twitter, it looks like everyone’s favorite micro-blogging tool is finally taking a hard look at security.
According to a job listing posted online, Twitter is searching for software engineers to focus specifically on application and infrastructure security.
March 25th, 2009
Microsoft adds 'Skywing' to Windows defense team
Ken ‘Skywing’ Johnson, a well-known hacker famous for his work on bypassing several Windows anti-exploitation mechanisms, has joined the software maker to help make it harder to compromise the operating system.
Johnson, who teamed up with another recent Microsoft hire — Matt ‘Skape’ Miller — on several Uninformed Journal articles on breaking into the Windows OS, will be working on “everything related to vulnerabilities, exploits, defenses [and] bypassing defenses,” according to Microsoft’s Michael Howard.
March 18th, 2009
Pwn2Own 2009: Safari/MacBook falls in seconds
[ UPDATE: IE 8 and Safari also fall ]
VANCOUVER, BC — Charlie Miller has done it again. For the second consecutive year, the security researcher hacked into a fully patched MacBook computer by exploiting a security vulnerability in Apple’s Safari browser.
“It took a couple of seconds. They clicked on the link and I took control of the machine,” Miller said moments after his accomplishment.
March 16th, 2009
BBC botnet buy: What were they thinking?
Guest editorial by Roel Schouwenberg
As Dancho Danchev pointed out, the BBC leased itself a botnet. I couldn’t quite believe it when I read it. The BBC, arguably one of the very best TV producers in the world, surely should have known better? There are so many things wrong about this that I hardly know where to start.
Firstly, given their figures, they seem to have spent quite an amount of money purchasing the botnet. Regardless of how much the total sum was, they sponsored the underground economy. Paying money to criminals (for illegal goods) is not only unethical but also considered illegal in most countries. The BBC broke the law right there and then already, not when they actively started using the botnet.
September 22nd, 2008
McAfee buys CipherTr-- err, Secure Computing
Like every other red-blooded American I take a quick peak at my collapsing retirement and savings portfolios in the morning just to give me that extra kick to head into the office. So I pull up Google Finance to see Secure Computing (SCUR) is, up some 23%, one of the big movers for the day. There are very few things that could cause a tech company to jump so much in such a short period of time.
Read the rest of this entry »
Adam J. O'Donnell, Ph.D. is an R&D engineer who has focused on computer security since 2000. He currently is the Director of Emerging Technologies at Cloudmark, a messaging security company located in San Francisco. See his full profile and disclosure of his industry affiliations.
Subscribe to Zero Day via Email alerts or RSS.
SponsoredWhite Papers, Webcasts, and Downloads
- Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
- Five Steps to Determine When to Virtualize YourServers VMware Server virtualization isn't just for big companies. Entry-level ... Download Now
- Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now
Recent Entries
- Opera patches ‘extremely severe’ security hole
- Exploit published for critical IE 7 zero-day flaw
- Inside the Google Chrome OS security model
- Microsoft finds security hole in Google Chrome Frame
- Mozilla locks out rogue Firefox add-ons
Blogs From Our Sponsors
Most Popular Posts
- Microsoft confirms 'detailed' Windows 7 exploit
- Thousands of web sites compromised, redirect to scareware
- Windows 7's default UAC bypassed by 8 out of 10 malware samples
- Mac OS X mega patch covers 58 security vulnerabilities
- Which antivirus is best at removing malware?
- Microsoft patches Windows worm holes, drive-by download flaws
Top Rated
- Facebook password-reset spam is Bredolab botnet attack+46 votes
- Microsoft confirms 'detailed' Windows 7 exploit+43 votes
- Thousands of web sites compromised, redirect to scareware+43 votes
- Firefox hit by multiple drive-by download flaws+41 votes
- Which antivirus is best at removing malware?+40 votes
- iHacked: jailbroken iPhones compromised, $5 ransom demanded+32 votes
- New LoroBot ransomware encrypts files, demands $100 for decryption+28 votes
- Mac OS X mega patch covers 58 security vulnerabilities+26 votes
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- New Online Dashboard for IT Leaders
-
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
- Learn more >>
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
- Learn more about the free, six-month trial offer>>
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
Archives
Favorite Links
ZDNet Blogs
- All About Microsoft
- The Apple Core
- Between the Lines
- BriefingsDirect
- Collaboration 2.0
- Dev Connection
- Digital Cameras & Camcorders
- Ed Bott's Microsoft Report
- Emerging Tech
- Enterprise Web 2.0
- Forrester Research
- Googling Google
- GreenTech Pastures
- Hardware 2.0
- Home Theater
- iGeneration
- Irregular Enterprise
- IT Project Failures
- Laptops & Desktops
- Lawgarithms
- Linux and Open Source
- Managing L'unix
- The Mobile Gadgeteer
- On Sustainability
- Rational Rants
- The Semantic Web
- Service Oriented
- Smartphones and Cell Phones
- Social Business
- Social CRM: The Conversation
- Software & Services Safari
- Software as Services
- Storage Bits
- Team Think
- Tech Broiler
- Technology and the Global Supply Chain
- Tom Foremski: IMHO
- The ToyBox
- Virtually Speaking
- The Web Life
- ZDNet Education
- ZDNet Government
- ZDNet Healthcare
- Zero Day
White Papers, Webcasts, and Downloads
- The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now
- Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now
- VMware Infrastructure: A Guide to Bottom-Line Benefits VMware Frustrated by the costs of maintain ever larger data centers?or building ... Download Now
Meet Doc
-
-
Here to help you with your Document Management Needs
- Doc is an enigma. Born to a Russian ballerina and a German electrical engineer, he grew up in various locations in the United States. He’s seen the insides of more brands, versions, and generations of printer and printer-related hardware than almost anyone.
- To learn more about this mysterious figure check out his blog on ZDNet and his Workspace on TechRepublic. You’ll be glad you did.
-
Produced by
ZDNet and -
