Storm Worm's Independence Day campaign   04 Jul 2008 15:44 GMT
A Storm Worm's Independence Day campaign is circulating online using email as propagation vector, attempting to trick users into visiting a Storm Worm infected host, where a multitude of what looks like over five different exploits attempt to automatically infect the visitors next to the malware binary fireworks.exe. Historically, Storm...
Source: ZDNet

Say it ain't so AVG, say it ain't so: AVG LinkScanner = Badware?   03 Jul 2008 21:11 GMT
The Register covered a very interesting story about AVG.  Apparently AVG is spamming the Internet with traffic that looks to be coming from Internet Explorer.  AVG software pre-crawls search results to try to protect users, but uses a user agent that makes the software appear to be Internet Explorer.  This pre-crawling is flooding websites with...
Source: ZDNet

On deck from MS: Four 'important' patches but nothing for IE   03 Jul 2008 19:57 GMT
Next Tuesday, Microsoft plans to ship four security updates for multiple flaws affecting Windows, Microsoft SQL Server and Microsoft Exchange Server but the absence of fixes for publicly known Internet Explorer issues is causing raised eyebrows among security professionals. According to the company's advance notice for July's...
Source: ZDNet

Apple caught neglecting iPhone security   03 Jul 2008 18:37 GMT
If you're waiting on iPhone 2 to standardize your business on the awesome new device (yeah, I'll be on line to buy one), you might want to pay attention to the conspicuous absence of iPhone security patches over the last four months. As WaPo's Brian Krebs reports,...
Source: ZDNet

Opera patches serious code exection flaw   03 Jul 2008 18:11 GMT
Opera Software has joined the list of browser vendors shipping fixes for serious remote code execution vulnerabilities. The company's new Opera 9.5.1 patches at least four security issues, the most serious being a flaw reported by Microsoft's Billy Rios that could be used to execute arbitrary code....
Source: ZDNet

Airport security part 4: Attack of the body scanners!   03 Jul 2008 17:52 GMT
If you read my blog postings semi-often, you know that I'm very, very critical of problems with airport security.  Nicole Wong of the Boston Globe reported that Boston's Logan International Airport will become the next airport to implement full-body scanners (thanks for the link from the LiquidMatrix guys!) that can see...
Source: ZDNet

Can Mozilla's security metrics project end the patch-counting nonsense?   03 Jul 2008 17:08 GMT
In partnership with indie security consultant Rich Mogull left Mozilla has launched a valuable Security Metrics Project that could help to -- we can only hope -- put an end to the silly notion that patch-counting helps to determine a product's security posture. The idea is...
Source: ZDNet

News to know: Searching Silverlight; IE 8; Dell; Google vs. YouTube   03 Jul 2008 09:49 GMT
Notable headlines: Mary Jo Foley: Microsoft: Silverlight content searchable, too Ryan Stewart: Brian Goldfarb talks about Silverlight 2 and Deep Zoom with Michael Cot LineRider releases a Silverlight 2 version Microsoft steps up self-policing of its OSI-approved source licenses ...
Source: ZDNet

Q&A: E-voting activist more optimistic about this year's voting systems   03 Jul 2008 04:49 GMT
E-voting activist Avi Rubin says voting systems around the U.S. have improved since the 2000 and 2004 presidential elections, noting that more states are using paper records as a backup to electronic voting systems.

Source: Computerworld

Matasano ships Web-based firewall manager   02 Jul 2008 22:47 GMT
The firewall is one of the few security tools that has been proven to be very effective at improving a company's security posture.  However, staying on top of policies  -- and responding to change requests -- while trying to manage multiple firewalls from different vendors can be a never-ending nightmare...
Source: ZDNet