Microsoft has taken the unusual step of announcing a patch for an Internet Explorer vulnerability just a week after its traditional patch Tuesday announcements.

Although the “Ready to Ride” group originated in Russia it distributes Win32/Cycbot outside the borders of the Russian Federation. Going by the prices per installation the primary target of the group is the US.

There is a new vulnerability that affects all supported versions of Windows and some unsupported versions. For you techies the “Vulnerability in MHTML Could Allow Information Disclosure” advisory is at https://www.microsoft.com/technet/security/advisory/2501696.mspx. If you are not a techie you might want to take a look and see how much you can understand. By reading the security

In the first two parts (Part 1, Part 2) of this series I discussed some of the privacy issues associated with Flash and also explained the configuration options that Adobe offers. If you are willing to go through the hassle of creating an mms.cfg file and maintaining it then you really do have the ability

Every layer of protection you add will harden the target against cybercrime. SmartScreen technology found in Internet Explorer 8 has recently clocked over 1 billion blocked potential malware downloads from malicious sites. By way of Terry Zink’s blog: 1 billion malware blocks is an amazing milestone and an example of two things. First socially engineered

Hard on the heels of the translated blog by Sebastián Bortnik that I posted at the weekend comes news from the Register (http://www.theregister.co.uk/2009/10/05/fraudulent_paypay_certificate_published/) of a bogus Paypal SSL certificate released yesterday exploiting a bug in Microsoft’s crypto API that has remained unpatched for more than two months, when Moxie Marlinspike (can I have a handle

Adobe has issued an important announcement, much of it relating to the impact of vulnerabilities in the Microsoft Active Template Library (ATL)  flagged as CVE-2009-0901, CVE-2009-2395, CVE-2009-2493 and described in Microsoft Security Advisory (973882) on Adobe products used as Internet Explorer plug-ins.  It appears that Flash Player and Shockwave Player "leverage" vulnerable versions of ATL. According to

I’m still getting the occasional request to follow on my most obscure Twitter account, which is protected (meaning that I have to approve requests to follow me on there). Sorry, but if I don’t know who you are, you won’t get approved on that one. Even if I do know who you are, you won’t