It's nice to see that the security researchers are taking notice of FireFox's increased share of the market and responding appropriately: http://blogs.zdnet.com/security/?p=1288 This is interesting on many levels . . . here we have a free, open source...

http://www.usatoday.com/tech/news/computersecurity/2008-06-17-mozilla-window-snyder_N.htm Boy why bother with facts when it's so easy to make stuff up and to throw out randomly generated numbers like these: " Organized cybercrime gangs are more...

"Windows Embedded NavReady 2009"!?! Really people? I think we totally missed an opportunity to add a few more words to describe this fascinating new OS variant thereby ensuring that it will in no way easily fit on any product stickers and will have to...

So I was chatting with a Microsoft friend of mine today. He's a Firephox fanboi. He's always trying to convert me. He was talking to me about FF 3.0's pending release and talking about how amazingly fast it is on his XP SP3 rig. So I started admonishing...

Seems the miscreants behind the GPCode.ak (<-- picture of message user sees, poor English wording and all) malware finally picked up a copy of 'Applied Cryptography' or the ' Handbook of Applied Cryptography ' and coded up a version of their malware...

Larry Seltzer is IMHO one of the few technology journalists who has actually written code - and thus he is more likely to actually understand that which he chooses to write about than the average technology journalist that is trying to cover the exciting...

I give you "Pointer fun with Binky" http://www.youtube.com/watch?v=6pmWojisM_E

Boy there's a mouth full . . . I think my head will hurt after reading this - but I will read it nonetheless: http://code.msdn.microsoft.com/xdsecuritywp/Release/ProjectReleases.aspx?ReleaseId=1157

MikeHow just wrote a brief write-up of some of the things our new heap manager on Vista is capable of detecting at runtime over at the SDL blog: http://blogs.msdn.com/sdl/archive/2008/06/06/corrupted-heap-termination-redux.aspx As with the Low Fragmentation...

So last night a pipe carrying water in building 27 in the ceiling over the first floor burst causing water to pour out of the ceiling and onto the floor. This is interesting to me because building 27 is the building where most of the MSRC and SWI folks...

Sometimes . . . we fail (shocking - I know, but bare with me please). :) So a seceurity researcher who goes by the name Liu Die Yu seems to have unraveled the mystery of the recent Apple Safari carpet bomb fail that we released an advisory on and how...

Ugh . . . stupid Apple . . . releasing a freaking $199 iPhone that has both 3G and GPS which finally brings it to feature parity with my Moto Q9 . . . but the real coupe de grace is the fact that it will also natively support Exchange Direct Push thereby...

Now with Haute Secure technology: http://www.vnunet.com/vnunet/news/2218502/opera-sings-praises-security http://hautesecure.com/index.aspx

On XP or Vista from any network with HTTP outbound access go to start->run and paste this in: \\live.sysinternals.com\tools After a few seconds of negotiation the WebDAV redirector should kick in and let you browse the site and download the latest...

Anyone with any amount of technical clue who has used Vista has invariably figured out that the 'Windows Search" (wsearch) service is responsible for a lot of the CPU and disk suckage that seems to start at random times from out of nowhere and last for...

This has to be one of the funniest / saddest things I've read all year . . . http://www.f-secure.com/weblog/archives/00001450.html Oh and make sure you read the previous post as well - very insightful: http://www.f-secure.com/weblog/archives...

Okay - so last month I discovered that Adobe PDFs can contain Java freaking script in them AND that Acrobat has that feature turned ON by default (Edit menu -> Preferrences -> Enable Acrobat Java freaking Script). How could I NOT have known about...

My friend Chris wrote an interesting paper on inferring things from static analysis based on the calling of known functions to re-construct program flow and even find bugs: http://chris.rohlf.googlepages.com/Static_DS_REC.pdf Yeah he's an Ubuntu /...

So Revision3 seems to be using BitTorrent to distribute legitimate / legal content that they either own or properly license. They found some folks using their Torrents without permission and blocked them . . . then they came under attack from a fairly...

Nice blog from Adobe laying some authoritative smack down: http://blogs.adobe.com/psirt/2008/05/more_information_on_recent_fla.html Yeah I know this is old news - I'm on the road . . . I was pretty sure the day that this released that this was Dowd...

Interesting read: http://www.nationaljournal.com/njmagazine/cs_20080531_6948.php Some interesting parts: A second information-security expert independently corroborated Bennett’s account of the Florida blackout. According to this individual, who...

Fascinating blog over @ SensePost about a Juniper AX control that allowed arbitrary file downloads to a predictable location ala Apple/Safari: http://www.sensepost.com/blog/2237.html Haroon makes some excellent points about the inability of standard...

So last week Nitesh and Billy Rios found a vuln in Safari that lets a remote attacker / malicious web site drop any file(s) they want on a users desktop if you're using Safari on Windows. Apple doesn't see this as a security vulnerability and thus isn...

So I admit I'm a bit out of date on the 'incident response' scene since I don't really do it for a living anymore. Well fortunately Harlan Carvey isn't and he has a blog post up with a mini-review of some bad-ass new software that could be *really* interesting...

Whoa - check this out: http://search.live.com/video/results.aspx?q=ferrari&form=QBVR Use Live.com to search videos . . . hover the mouse over a video and see what happens. Wow. I'm so easily amused. :)