…there are a number of other potential risks from offers like this (as I’ve pointed out before) … Paying for software that’s actually free and for services that aren’t worth the money … Paying for software that turns out to be malicious … Parting with credit card and other data that might be misused…

This is an item you may not have seen amid all the speculation about Stuxnet, Iran and Israel.

Spoof or SPOF? IT Security reportage veteran John Markoff reports in the New York Times that the attack on Google's intellectual property reported in January was even more interesting (and disquieting) than most of us realized. According to an unnamed source, some of the information stolen related to the company's password system, Gaia. Gaia is a

Further to Pierre-Marc's blog yesterday about in-the-wild exploitation of the Java Development Kit vulnerability publicised by Tavis Ormandy, David Kennedy has brought to our attention a comprehensive article on the same topic published yesterday by FireEye's Atif Mushtaq.  You may remember that Atif exchanged thoughts and info with us a while ago in relation to

I see that Bill Ray of the Register has also picked up on the iPad jailbreaking issue I blogged on yesterday.  (No, I don't suppose he read it there.) Interestingly, though, he talks much less about the security implications than about the slow take-up of  newspaper subscriptions among early adopters. Andy Greenberg, on the other hand,

This time last year I was on my way to Cambridge to deliver a presentation, having stayed up till the early hours of the morning to post a blog reporting that Conficker, although it had changed its behaviour, as we already knew it would, had not initiated the heat death of the Internet.  What's really

Looking into their crystal balls (no jokes, please) at the end of 2009, our colleagues in Latin America came up with a prophecy that was later incorporated into a white paper (2010: Cybercrime Coming of Age): In June 2010, one of the most popular regular sports events, the soccer World Cup, will take place in

Wearing my vendor-independent Apple/smartphone commentary hat, I've just posted a couple of blogs on the Mac Virus site that some of you might find of interest. OK, suit yourselves. ;-) "Touching (or Bumping) Base" addresses a mixed bag of issues: Charlie Miller's presentation on fuzzing for "20 zero-day holes … in closed source Apple products"

 Security researchers work together and share information in many ways and in many contexts that aren't constrained by company boundaries, but it's unusual for security researchers working for different vendors to join forces in a company blog. However, John Leyden of The Register contacted us both when he was writing an article on the controversy following

[Update: The Register's John Leyden has also commented on the issue at http://www.theregister.co.uk/2010/02/16/apple_bans_iphone_hackers/] There's been a burst of interest in the last day or so in the blocking of certain Apple IDs from the iTunes App Store. Some bloggers have suggested that this might be a precursor to a massive blocking of jailbroken phones from accessing