buffer overflow

(get it in RSS or Atom)

Cisco warns of big remote management hole in tiny routers

cisco-250

Even little routers can have giant holes, as Cisco warns in a just-published security advisory.

SSCC 156 - Warbiking in Manhattan, hubris for Google, and how less can be more [PODCAST]

chet-chat-logo-featured-250

Sophos experts Chester Wisniewski and Paul Ducklin are back with this week's security podcast, turning plain old news into advice you can use.

LibreSSL ships first portable version, now up to 48% less huge!

LibreSSL, OpenBSD's drop-in replacement for OpenSSL started after the pain of Heartbleed, has just published its first "portable" version.

If you're a coder and you're interested in security, why not try it and see what you think?

Anatomy of a buffer overflow - Google's "KeyStore" security module for Android

ks-250

Here's a cautionary tale about a bug, courtesy of IBM.

Not that IBM had the bug, just to be clear: Google had the bug, and IBM researchers spotted it.

Move over Heartbleed - here comes another SSL/TLS bug

buff-250

Which widely used open source SSL/TLS cryptographic library just recently fixed a critical bug caused by a buffer overflow?

(Hint. The software isn't OpenSSL and the vulnerability isn't Heartbleed.)

Linux "got root" kernel bug patched after five years at large

bug-250

Here's a kernel bug in Linux that turned out to have been sitting there, Heartbleed style, awaiting discovery and exploitation for several years.

Paul Ducklin digs in...

Heartbleed, Google Play and XP - 60 Sec Security [VIDEO]

2014-04-12-thumb-250

How hard is Heartbleed recovery? How hard does Google Play try to keep the garbage out? And how hard are you trying to get over XP?

60 Second Security has the answers in a short, fun security video.

"Heartbleed heartache" - should you REALLY change all your passwords right away?

hb-250

There is one important reason why you might not want to rush out and change all your passwords on all your services right this minute, and it's a sort-of Catch-22.

Paul Ducklin explains...

Monday review - the hot 16 stories of the week

Monday review

Catch up with everything we've written in the last seven days - it's weekly roundup time.

Anatomy of a buffer overflow - learning from Apple's latest security update

qt-250

Apple has released its latest Security Update for OS X.

Update 2013-003 fixes a trifecta of buffer overflow vulnerabilities in QuickTime.

Paul Ducklin sees what we can learn from the bugs...

Anatomy of a vulnerability - cURL web download toolkit holed by authentication bug

You may not have heard of cURL, but you've probably used software that uses it.

Recent versions contain a buffer overflow bug that could lead to remote code execution on your computer.

Paul Ducklin investigates, explains and advises...

Vulnerability reported in Foxit PDF plugin for Firefox - how to mitigate it

Italian security researcher Andrea Micalizzi has recently reported a vulnerability in the latest Foxit PDF plugin for Firefox.

Paul Ducklin examines the situation and gives a simple workaround.

Intel to eliminate zero-day threats, pigs to fly

Intel to eliminate zero-day threats, pigs to fly

According to widespread media reports, technology from Intel will soon eliminate zero-day threats. (Quite how is still a secret, but the headlines aren't mincing their words.)

This sounds good. But is it likely?

Apple fanbuoys* - let's make anti-virus peace!

qt7-sav-cool

My colleague Chet has already warned you about Apple's latest critical update to QuickTime 7, issued this morning. Chet advises you to patch as soon as possible, whether you are on Mac or Windows.

But I suspect there may be some doubters in the Mac camp.