Adobe's Product Security Incident Response Team (PSIRT) reports  that malicious emails are circulating claiming to be Adobe security updates, many of them signed by "James Kitchin" of "Adobe Risk Management", or a similar (presumably mythical) team. Adobe says that the messages include links to download instructions for a security update that addresses "CVE-2010-0193 Denial of Service

I’d like to call your attention (again) to a major Adobe bulletin that was released yesterday (actually, still today, if you’re far enough behind GMT, but I’m sitting just a train ride away from Greenwich, UK). In brief, the bulletin concerns the following CVE (Common Vulnerabilities and Exposures) issues: CVE-2009-1862 CVE-2009-0901 CVE-2009-2395 CVE-2009-2493 CVE-2009-1863 CVE-2009-1864 CVE-2009-1865

Some of us are currently enjoying some excellent presentations at a CARO workshop in Budapest on exploits and vulnerabilities. Hopefully, some of them will eventually be made public, so that we’ll be able to include pointers to specific resources. While there’s been a great deal of technical detail made available that has passed me by

A few days ago, I promised (threatened) to make some general points about biasing test results, but travel and other obligations have been getting in the way. I’ll get back to that very shortly, but in the meantime, I want to look at an issue with the latest round of Microsoft patches that I was