no-image

Here Come the Tax Spammers!

It’s that time of year again, time to fill out your taxes and pay your part. We’ve seen more than a few examples of Tax and IRS related spam. Yesterday I received mail with an interesting approach that ended up taking me to the BlackHole Exploit Kit. Read Full Article

no-image

Patch Tuesday February 2012

Microsoft is releasing 9 Security Bulletins this month (MS12-008 through MS12-016), patching a total 21 vulnerabilities. Some of these vulnerabilities may enable remote code execution (RCE) in limited circumstances, and some researchers have claimed that certain “bugs” should be exploitable, but after months of public circulation, there have been no known working exploits. Read Full Article

no-image

Will the PIN hacks be the end of Google Wallet?

Last week researchers found vulnerabilities in the Google Wallet payment system. The vulnerability was leveraged to display the current PIN number but required root access to the device. The very next day a new vulnerability was discovered in how application data is handled in the Wallet app requiring no root access. I expect these to be just the beginning of a scavenger hunt for Google Wallet vulnerabilities in the future. Read Full Article

no-image

When Certificate Authority Business Models and Vendor Certificate Policies Clash

A very important “internet trust” discussion is underway that has been hidden behind closed doors for years and in part, still is. While the Comodo , Diginotar, and Verisign Certificate Authority breaches forced discussion and action into the open, this time, this “dissolution of trust” discussion trigger seems to have been volunteered by Trustwave’s policy clarification , and followup discussions on Mozilla’s bugzilla tracking and mozilla.dev.security.policy .

Read Full Article