Part Two of our examination of an IE exploit.
This is a great read if you want to get a feeling for how cybercrooks think. (Don't worry if you aren't technical: it's clear and jargon-free.)
The latest IE zero-day explained.
This is a great read if you want to get a feeling for how cybercrooks think.
(Don't worry if you aren't technical: we've kept the code and jargon to a minimum.)
Microsoft's Tenth Anniversary Patch Tuesday is out, and, yes, Redmond's security gurus did patch against the recent Internet Explorer zero-day that is being exploited in the wild!
There are seven other fixes as well - Paul Ducklin has the details.
A wild ride this week, with Patch Tuesday turning 10, Adobe "going open source" by losing 40GB of code, and Silk Road operator Dread Pirate Roberts getting locked in the brig.
Chet and Duck turn their amusing but insightful attention to the latest security stories...
This month's Patch Tuesday will be the tenth anniversary of Microsoft's regular security bulletins.
Paul Ducklin takes you through what's in store...
The biggie this month is a "spare no versions" Internet Explorer update.
From IE 6 on Windows XP to IE 10 on Windows 8, this one hits the Patch Trifecta: critical, remote code execution, requires reboot.
Which country came top of Facebook's new "Government Requests" report aimed at outing the countries that fish for Facebook user data the most? (I bet you're thinking it's the USA - but it isn't.)
Watch this week's 60 Second Security and find out!
It's that time of the month again, with Microsoft Patch Tuesday just 24 hours away.
Paul Ducklin presents this month's eight bulletins in seven handy bullet points...
So far, so good with the new program, says Microsoft security expert Katie Moussouris. They're getting more bugs earlier and hearing from researchers who've never rung them before.
Six out of Microsoft's seven pre-announced Patch Tuesday updates are deemed critical.
Even Server Core 2012 will need patching and rebooting...
Here's the first 60 Second Security video of July, looking into some of the intriguing and interesting security stories of the past week.
Neatly compressed into a minute of video, why not give it a whirl?
Patch Tuesday is coming on 11 June 2013.
Paul Ducklin gives you a quick preview of what we know so far, and who'll be affected by the updates...
(Mac users, that might include you.)
Microsoft has just released its monthly updates for May 2013. The zero-day IE flaw used on the Dept of Labor website was fixed, as well as an IE 10 hole used at PWN2OWN.
Critical fixes for Adobe Reader, Flash Player and ColdFusion also hit the streets today.
PWN2OWN 2013 finished off today.
A second scheduled attack on IE 10 didn't happen, so IE 10 didn't get owned again, but Flash and Reader fell once each, and Java was exploited for the fourth time in two days...
Of the Big Four browsers, only Apple's Safari has so far survived the onslaught of the browser-breakers at PWN2OWN 2013.
Java fell three times today; Adobe's Flash and Reader meet their attackers tomorrow...
Ironically, Microsoft is making sure that as soon as Internet Explorer 10 is ready on Windows 7, you're already ready to avoid it.
A sort-of "lesser of two evils" solution for change control conservatives.
Only six weeks to go until PWN2OWN 2013, where you can hack the Big Four browsers and the Big Three plugins, and win over half a million dollars.
But is it just about the money?
Paul Ducklin investigates...
Over the past five days, lots of you have used Naked Security to find out how to turn off Java in one of the five major browsers.
And that has given us browser statistics. There are too many variables to know what they tell us, but they do make a neat-looking graph!