Here in the UK we’ve seen quite a lot of media attention (TV movies and documentaries and so on) relating to the 9/11 attacks, so I’m sure there’s a lot more happening in the US, today of all days. Sky News (http://news.sky.com/skynews/Home/World-News/September-11-Terror-Attacks-New-Video-Of-Plane-Crashing-Into-South-Tower-9-11-Memorial-And-Museum/Article/200909215379149) has published an article that includes a link to a video clip of the

You may have seen some news today about a new vulnerability that can potentially affect Windows Vista. Microsoft will have a patch for the flaw, hopefully before it is exploited. Of course, Microsoft had a patch for the flaw that Conficker exploited, but too many people are not patching anything.  It’s a good idea to

I’m often exasperated by blinkered mindsets in the Mac community, of the security-related kind that Randy highlighted in a recent blog. You might have picked up a certain irritation in some of my blogs around the end of last month relating to Snow Leopard and malware detection, too. So it was refreshing to come across a light

As reported at http://www.eweek.com/c/a/Security/Twitter-XSS-Vulnerability-Still-Wide-Open-Developer-Says-433005/, a researcher has found a cross site scripting vulnerability that affects Twitter. The researcher claims that by exploiting this he could gain access to the Twitter accounts of anyone who views his specially crafted tweets. The explanation of the problem is a bit techie, but there is a very key point

 PC World has reported that Janakan Arulkumarasan, the creator of Fan Check says it’s non-viral, safe and legitimate, in an interview with IDG News Service.  The article quotes him as saying: "FanCheck is NOT a malicious app. Unfortunately, some malicious developers have been spreading a lie that it is — and encouraging people to download fake

Microsoft’s advisory on the SMB driver issue is now available. As expected, it includes some comments on mitigation, but they’re rather fluffy. It advocates "Firewall best practices and standard default firewall configurations", which "can help protect networks from attacks that originate outside the enterprise perimeter,"  and suggests exposing a "minimal number of ports". Well, duh… I’d expect any firewall

Some traffic has crossed my radar concerning a 0-day exploit that apparently enables a remote attacker to crash a Vista or Windows 7 system with SMB enabled (and according to subsequent reports, Server 2008). The original post and exploit are claimed to demonstrate the possibility of a Blue Screen Of Death (BSOD) and (normally) an automatic reboot when

There is an interesting and humorous work of fiction at http://www.appleinsider.com/articles/09/09/07/inside_mac_os_x_snow_leopard_malware_protection.html. Humorous as long as you don’t believe it! The article starts out saying “Safari, like other modern browsers, already flags certain websites that are known to be used to distribute malicious software”. That’s a nice layer of defense, but there are sites many sites

I was speaking with our friend David Perry at Trend Micro about the insecurity of social networking services and what steps users could take to strengthen their security online. In the course of our conversation, we came up with a list of simple steps you could take to better protect yourselves. Be careful about whom you

Somewhere back in the Dark Ages, I wrote some articles for Computer Weekly in the UK, as part of a series of articles called Security Zone. This is a regular series where the contributors are all members of (ISC)2, the International Information Systems Security Certification Consortium*. Some of those articles are accessible from the Computer