On deck from MS: Four 'important' patches but nothing for IE   03 Jul 2008 19:57 GMT
Next Tuesday, Microsoft plans to ship four security updates for multiple flaws affecting Windows, Microsoft SQL Server and Microsoft Exchange Server but the absence of fixes for publicly known Internet Explorer issues is causing raised eyebrows among security professionals. According to the company's advance notice for July's...
Source: ZDNet

Apple caught neglecting iPhone security   03 Jul 2008 18:37 GMT
If you're waiting on iPhone 2 to standardize your business on the awesome new device (yeah, I'll be on line to buy one), you might want to pay attention to the conspicuous absence of iPhone security patches over the last four months. As WaPo's Brian Krebs reports,...
Source: ZDNet

Opera patches serious code exection flaw   03 Jul 2008 18:11 GMT
Opera Software has joined the list of browser vendors shipping fixes for serious remote code execution vulnerabilities. The company's new Opera 9.5.1 patches at least four security issues, the most serious being a flaw reported by Microsoft's Billy Rios that could be used to execute arbitrary code....
Source: ZDNet

Airport security part 4: Attack of the body scanners!   03 Jul 2008 17:52 GMT
If you read my blog postings semi-often, you know that I'm very, very critical of problems with airport security.  Nicole Wong of the Boston Globe reported that Boston's Logan International Airport will become the next airport to implement full-body scanners (thanks for the link from the LiquidMatrix guys!) that can see...
Source: ZDNet

Can Mozilla's security metrics project end the patch-counting nonsense?   03 Jul 2008 17:08 GMT
In partnership with indie security consultant Rich Mogull left Mozilla has launched a valuable Security Metrics Project that could help to -- we can only hope -- put an end to the silly notion that patch-counting helps to determine a product's security posture. The idea is...
Source: ZDNet

News to know: Searching Silverlight; IE 8; Dell; Google vs. YouTube   03 Jul 2008 09:49 GMT
Notable headlines: Mary Jo Foley: Microsoft: Silverlight content searchable, too Ryan Stewart: Brian Goldfarb talks about Silverlight 2 and Deep Zoom with Michael Cot LineRider releases a Silverlight 2 version Microsoft steps up self-policing of its OSI-approved source licenses ...
Source: ZDNet

Q&A: E-voting activist more optimistic about this year's voting systems   03 Jul 2008 04:49 GMT
E-voting activist Avi Rubin says voting systems around the U.S. have improved since the 2000 and 2004 presidential elections, noting that more states are using paper records as a backup to electronic voting systems.

Source: Computerworld

Matasano ships Web-based firewall manager   02 Jul 2008 22:47 GMT
The firewall is one of the few security tools that has been proven to be very effective at improving a company's security posture.  However, staying on top of policies  -- and responding to change requests -- while trying to manage multiple firewalls from different vendors can be a never-ending nightmare...
Source: ZDNet

300 Lithuanian sites hacked by Russian hackers   02 Jul 2008 21:02 GMT
A recently accepted legislation in Lithuania banning communist symbols across Lithuania, has prompted Pro-Russian hackers to start defacing Lithuanian sites, an indication of the upcoming attack was detected last week with active discussions around Russian forums greatly reminding us of the Russia vs Estonia cyberattack sparkled due to the removal...
Source: ZDNet

Remote code execution flaw in VLC Media Player   02 Jul 2008 18:03 GMT
Researchers at Secunia have found a "highly critical" vulnerability that puts users of the cross-platform VLC Media Player at risk of remote code execution attacks. The vulnerability is confirmed in version 0.8.6h on Windows. Prior versions may also be affected.    A patch is expected soon from...
Source: ZDNet