buffer overflow

(get it in RSS or Atom)

Heartbleed, Google Play and XP - 60 Sec Security [VIDEO]


How hard is Heartbleed recovery? How hard does Google Play try to keep the garbage out? And how hard are you trying to get over XP?

60 Second Security has the answers in a short, fun security video.

"Heartbleed heartache" - should you REALLY change all your passwords right away?


There is one important reason why you might not want to rush out and change all your passwords on all your services right this minute, and it's a sort-of Catch-22.

Paul Ducklin explains...

Monday review - the hot 16 stories of the week

Monday review

Catch up with everything we've written in the last seven days - it's weekly roundup time.

Anatomy of a buffer overflow - learning from Apple's latest security update


Apple has released its latest Security Update for OS X.

Update 2013-003 fixes a trifecta of buffer overflow vulnerabilities in QuickTime.

Paul Ducklin sees what we can learn from the bugs...

Anatomy of a vulnerability - cURL web download toolkit holed by authentication bug

You may not have heard of cURL, but you've probably used software that uses it.

Recent versions contain a buffer overflow bug that could lead to remote code execution on your computer.

Paul Ducklin investigates, explains and advises...

Vulnerability reported in Foxit PDF plugin for Firefox - how to mitigate it

Italian security researcher Andrea Micalizzi has recently reported a vulnerability in the latest Foxit PDF plugin for Firefox.

Paul Ducklin examines the situation and gives a simple workaround.

Intel to eliminate zero-day threats, pigs to fly

Intel to eliminate zero-day threats, pigs to fly

According to widespread media reports, technology from Intel will soon eliminate zero-day threats. (Quite how is still a secret, but the headlines aren't mincing their words.)

This sounds good. But is it likely?

Apple fanbuoys* - let's make anti-virus peace!


My colleague Chet has already warned you about Apple's latest critical update to QuickTime 7, issued this morning. Chet advises you to patch as soon as possible, whether you are on Mac or Windows.

But I suspect there may be some doubters in the Mac camp.