I am kind of a car nut. Have been since I was little when my dad took me to my first auto race at the age of four (It was at Laguna Seca, a Can-Am race. Amazing!). I tend to get emotionally attached to my vehicles. I buy them based upon how they perform, how they look, and how they drive. I am fascinated by the technology of everything from tires to turbos. I am a tinkerer, and I do weird things like change bushings that don’t need to be changed, rebuild a perfectly good motor or tweak engine…
While Microsoft releases patches for various vulnerabilities, including the two active zero day attacks, Firefox is being actively exploited.
According to the Mozilla Security Blog, there is a flaw in how Firefox handles JavaScript. We suggest you follow the instructions in that post to mitigate the flaw until they release a patch (which should be soon).
Encrypting data within a database doesn’t always present a clear-cut value proposition. Many of the features/functions of database encryption are also available through external tools, creating confusion as to why (or even whether) database encryption is needed. In many cases, past implementations have left DBAs and IT staff with fears of degraded performance and broken applications – creating legitimate wariness the moment some security manager mentions encryption. Finally, there is often a…
Microsoft released an advisory today that an unpatched vulnerability in the Office Web Components ActiveX control allows an attacker to run arbitrary code as the logged-in user. Worse yet, this is being actively exploited in the wild. Fortunately it is easy to protect against.
hold
We have a few Securosis news items that hopefully you will find useful. We get a lot of feedback and ideas from readers about how they want to use our site, or when and how they view the posts. It’s an amazingly diverse group of preferences, scattered like a shotgun blast across the spectrum of options. We hear you, so in our quest to deliver the blog content through every new media medium we think you might like, we have implemented a couple new ways to read the blog and the research library.
Threatpost has an interesting article up on the latest disclosure slime-fest (originally from Educated Guesswork). It seems VoIPShield decided vendors should pay them for vulnerabilities – or else.
Hi folks,
Sorry if I’m getting all corporate on you, but I wanted to highlight one of the new thingamajigs over here. We decided to create an email list for people who are interested in the Friday Summary. We know we pump out a ton of junk compelling content every week, but it might be a bit overwhelming in these constrained times. We try to focus on the week’s highlights every Friday and point out some of the more interesting content out there (as well as our own stuff, of course).
Sure, the RSA Recovery Breakfast was a huge hit, but let’s be honest – if there’s any conference that really needs a recovery breakfast it has to be Black Hat.
I’ve been a bit erratic with my Dark Reading posts, but finally have a new one up. This one is dedicated to the topic du jour – cloud computing security. The article is The Only Two Reliable Cloud Security Controls and here’s an excerpt: