On GameSpot: Live video of the E3 press conferences!
BNET Business Network:
BNET
TechRepublic
ZDNet
Opera uses Mozilla fuzzer to find, fix severe browser flawPosted by Ryan Naraine in Zero Day on Aug 15, 2007 8:01 AM
zdsecurity_ image
Using a JavaScript fuzzer released by Mozilla at Black Hat, Opera's security team has found and fix a "highly severe" browser flaw that could be used in code execution attacks.[Read the rest]

More Black Hat on ZDNet

IBM security strategist: Stop crediting vulnerability brokers
Gunter Ollman, director of security strategy at IBM Internet Security Systems (ISS), believes there's no real accountability attached to the trading of vulnerability information by third party companies like iDefense... [Read the rest]
Posted by Ryan Naraine in Zero Day on: Aug 8, 2007 1:40 PM
Greasemonkey script blocks Gmail cookie-theft attacks
By now, you're probably read about Robert Graham's Black Hat presentation (.pdf) on hijacking Gmail accounts by wirelessly sniffing non-SSL session cookies. The attack technique, called SideJacking, uses two... [Read the rest]
Posted by Ryan Naraine in Zero Day on: Aug 7, 2007 5:28 AM
Patches in ten f***ing days? Not really, says Mozilla
Mozilla has moved swiftly to put the kibosh on late-night chatter that it can turn around patches for security flaws within ten f***ing days. [Read the rest]
Posted by Ryan Naraine in Zero Day on: Aug 6, 2007 11:37 AM
Something uncomfortable about DEFCON's treatment of Dateline NBC reporter
I don't know about you but after watching the video and reading the reports about DefCon's outing of Dateline NBC producer Michelle Madigan, I came away with an uncomfortable feeling... [Read the rest]
Posted by Ryan Naraine in Zero Day on: Aug 6, 2007 8:12 AM
Hamster plus Hotspot equals Web 2.0 meltdown!
Robert Graham (CEO Errata Security) gave his Web 2.0 hijacking presentation to a packed audience at Black Hat 2007 today. The audience erupted with applause and laughter when Graham used... [Read the rest]
Posted by George Ou in Real World IT on: Aug 2, 2007 2:03 PM
Blue Pill Project extends VM rootkit cat-and-mouse tussle
The intellectual cat-and-mouse tussle over hiding and finding virtual machine rootkits has hit a new gear with a team of researchers dismissing the notion of "100 percent undetectable" malware and... [Read the rest]
Posted by Ryan Naraine in Zero Day on: Aug 2, 2007 11:11 AM
OpenBSD team mocked at first ever 'Pwnie' awards
At the first ever Pwnie Awards announced at the Black Hat Briefings here, a team of well-known researchers picked the OpenBSD team from a list of four software vendors --... [Read the rest]
Posted by Ryan Naraine in Zero Day on: Aug 2, 2007 10:19 AM
Hacker movements: Murphy joins Apple; Caceres to Matasano
Matthew Murphy, an outspoken hacker who is credited with several major flaw discoveries, has confirmed he is joining Apple as a product security engineer. [Read the rest]
Posted by Ryan Naraine in Zero Day on: Aug 1, 2007 11:37 AM
Remembering five years of vulnerability markets
GUEST EDITORIAL: David Endler looks back at five years of buying and selling software vulnerabilities and the legal and moral complications that have threatened the marketplace. [Read the rest]
Posted by Ryan Naraine in Zero Day on: Aug 1, 2007 10:09 AM
Hardware-based rootkit detection proven unreliable
For years, weve been convinced by companies like Komoku and BBN Technologies that hardware-based RAM acquisition is the most reliable and secure way to sniff out the presence of a... [Read the rest]
Posted by Ryan Naraine in Zero Day on: Mar 2, 2007 8:10 AM
Maynor demos MacBook Wi-Fi hijack, admits mistakes
Looking to put to rest one of the most bizarre vulnerability disclosure disputes in recent memory, hacker David Maynor offered an apology for mistakes made, provided a live demo of... [Read the rest]
Posted by Ryan Naraine in Zero Day on: Mar 1, 2007 9:02 AM
Black Hat RFID talk back on, with deletions
Chris Paget from IOActive is on stage here at Black Hat DC 2007, going ahead with his talk on RFID security issues. He has promised "not to mention a certain... [Read the rest]
Posted by Ryan Naraine in Zero Day on: Feb 28, 2007 11:11 AM
Vista's ASLR not so random, but does it matter?
Symantec is using the spotlight of the Black Hat DC 2007 conference to pick apart the security technologies built into Windows Vista. On the heels of its exposé of weaknesses... [Read the rest]
Posted by Ryan Naraine in Zero Day on: Feb 28, 2007 9:21 AM
HID denies RFID demo threat, hackers worry
Black Hat Diary: IOActives decision to cancel its RFID hacking demo is the main topic of conversation here as white hat hackers ponder the ramifications of a vendor using patent... [Read the rest]
Posted by Ryan Naraine in Zero Day on: Feb 28, 2007 8:10 AM
RFID security: Black Hat muzzle prevents real discussion
Ryan Naraine gives details on why a talk about RFID security was canceled at Black Hat. In short, IOActive’s Chris Paget’s plan to explain why RFID technology is “insecure and... [Read the rest]
Posted by Larry Dignan in Between the Lines on: Feb 27, 2007 9:52 AM
Legal threat forces cancellation of Black Hat RFID hacking demo
Another Black Hat conference, another vulnerability disclosure brouhaha. IOActive's Chris Paget's plan to explain why RFID technology is "insecure and untrustworthy" has run into a legal brick wall. [Read the rest]
Posted by Ryan Naraine in Zero Day on: Feb 27, 2007 6:50 AM
Researcher issues Oracle DB 'cursor injection' warning
David Litchfields ongoing assault on Oracle databases has unearthed a new method of exploiting PL/SQL injection vulnerabilities. Litchfield, co-founder and managing director at NGSS (Next Generation Security Software), plans to... [Read the rest]
Posted by Ryan Naraine in Zero Day on: Feb 26, 2007 11:42 AM
advertisement
Click Here.

Top Rated

Subscribe

Use the feeds below to subscribe using your RSS feed aggregator.

ZDNet Government

ZDNet Education

advertisement

In Focus

ZDNet Blogs