Security and the Net

News and opinions about security, the internet and more

Entries for March, 2009

Chrome the only browser to survive Pwn2Own

Of the four browsers that were targeted in this year’s Pwn2Own contest at CanSecWest, only Google Chrome wasn’t¬†successfully¬†hacked despite the $5000 reward offered: The contest uncovered 4 new and unique critical vulnerabilities affecting the latest and greatest versions of IE, Safari and FireFox. The Chrome browser gets a small nod for being impacted by one [...]

Leave a Comment

Adobe finally patches flaw in Reader, needs to update blog platform

Almost a month after admitting there was an easily exploitable buffer overflow in its Reader product, Adobe has finally managed to produce patches for Adobe Reader versions 7 and 8.

Leave a Comment

Microsoft’s Silverlight used on YouTube

If the rumors about IBM buying Sun weren’t enough, this news should prove once and for we live in interesting times: Silverlight has made its way to YouTube. It’s used on the CBS March Madness channel, and the feeds themselves are not served by Google, but it is an interesting development nonetheless.

Leave a Comment

Internet Explorer 8 released; is it really safer than other browsers?

Along with the release of Microsoft’s Internet Explorer 8, a report by research firm NSS was presented that shows the new version of Internet Explorer is better at protecting users from malware. The (Microsoft-sponsored) study looked at the blacklist features of all modern browsers, using real malware URL’s, over a period of several days. The [...]

Comments (2)

MS09-08: When is a patch not a patch?

… when it doesn’t patch! That was an easy question, but Microsoft has a different opinion on this. In this blog post at 360 Security, Tyler Reguly explains why he thinks MS09-08 is not really a patch; it doesn’t actually fix the vulnerability that it is supposed to fix.

Leave a Comment

DSBL blacklist gone

As most of you know the dsbl.org blacklist shut down almost a year ago. While they have officially been down for almost a year, many people were still had this RBL configured in their mailservers or anti-spam software, causing lots of queries on their nameservers. As of today, they have prevented this by changing their [...]

Leave a Comment

Security issue in djbdns confirmed

Last week, Matthew Dempsky posted an attack against Dan Bernstein’s djbdns software. Djbdns is one of several alternatives for the popular BIND nameserver, and is backed by a unique security guarantee that offers $1000 to the first person to publicly report a verifiable security hole in djbdns. The problem found by Dempsky allows an attacker [...]

Comments (2)