Do you use Google? These days the question sounds almost absurd. If you use the Internet, or an iPhone, or an Android phone, or a Kindle or an iPad, then of course you use Google in some shape or form. And if you take a keen interest in how your personal information is used, you

Although the “Ready to Ride” group originated in Russia it distributes Win32/Cycbot outside the borders of the Russian Federation. Going by the prices per installation the primary target of the group is the US.

What’s wrong with this picture? Yes, that’s right, I am using Google’s incognito mode and Clicker knows exactly who I am! I have previously blogged here and here about Facebook’s instant personalization, but let me spell it out for you. Facebook “Instant Personalization” destroys Google Chrome’s “Incognito mode”. There is nothing incognito about opening a

In the first two parts (Part 1, Part 2) of this series I discussed some of the privacy issues associated with Flash and also explained the configuration options that Adobe offers. If you are willing to go through the hassle of creating an mms.cfg file and maintaining it then you really do have the ability

Inevitably, CanSecWest  2010 kicked off with the promised and eagerly-awaited Pwn2Own hacking contest, in which a number of effective protection strategies (DEP, code signing, ASLR [1]) failed to prevent determined vulnerability researchers making loadsamoney by circumventing them with attacks on Firefox and IE8 on Windows 7, Safari, and the iPhone. For details and extensive comment see: http://macviruscom.wordpress.com/2010/03/25/and-the-firewalls-came-tumbling-down/ http://kevtownsend.wordpress.com/2010/03/25/sacred-cows-fall-at-pwn2own/

Perhaps you read the Mozilla blog at http://blog.mozilla.com/addons/2010/02/04/please-read-security-issue-on-amo/ where it was revealed that two add-ons for Firefox were infected with Trojans. In this case the distribution was very small, so not many users were infected, but this type of attack is likely to grow. A large part of the time I worked at Microsoft I

There's an interesting post by Lee Graves about fake Firefox updates that actually push adware. It's pretty comprehensive, and lots of other blogs have picked up on it, so I won't rehash the issue here. However, I notice that The Register have credited us with the story (though they may have changed it by the

Hard on the heels of the translated blog by Sebastián Bortnik that I posted at the weekend comes news from the Register (http://www.theregister.co.uk/2009/10/05/fraudulent_paypay_certificate_published/) of a bogus Paypal SSL certificate released yesterday exploiting a bug in Microsoft’s crypto API that has remained unpatched for more than two months, when Moxie Marlinspike (can I have a handle

Update, 19th October. I was recently contacted indirectly by Eddy Nigg of StartCom, who points out, quite rightly, that this issue is not specific to StartCom, nor a problem created by StartCom. He commented further in a comment to Dan Raywood’s article for SC Magazine arising from this blog entry, and I think it’s only

Perhaps I imagined it, but a few days ago when I allowed Firefox to update to fix security vulnerabilities my privacy settings were reset to less private settings. I had Firefox set to clear the history on exit, and prompt me. I also had it set not to accept third party cookies. After the upgrade