If you didn’t already know that plain HTTP sessions are utterly insecure, here’s proof: A new Firefox addin named Firesheep captures sessions on open Wi-Fi networks and goes one step more sinister. It finds users logged into Facebook, Twitter, Google, Amazon, Dropbox, Evernote, WordPress, Flickr, bit.ly and more, and lets you take over their...
Read More »

The new version Java 6 Update 22 (updates are also available for the 5.0 version of Java) fixes 29 vulnerabilities, 15 of which have a severity rating of 10.0 on the CVSSv2 scale, the highest possible score. This means that it doesn’t get any more severe than these 15. Beware the usual default selection...
Read More »

I have long urged readers who have no need for Java to remove the program, because failing to keep this software updated with the latest security patches exposes users to dangerous, ubiquitous attacks. In this blog post, I’ll show readers how attacks against Java vulnerabilities have fast emerged as the top moneymaker for authors...
Read More »

Adobe has announced plans to bring the release of a patch to close the critical security hole in the current versions of Reader and Acrobat forward to Tuesday, October 5th. As a result, no further patches will be released on the scheduled patch day which was due on October 12th. The hole has been...
Read More »

Comcast Corporation announced it has expanded its online security program for subscribers to the company’s high speed Internet service to include “bot” alerts if suspicious activity has been detected on a customer’s computer. Malicious bots are small programs designed to send spam, host a phishing site, or steal a user’s identity by recording each...
Read More »