Executives Claim Insider Threat Biggest Security Concern

Executives Claim Insider Threat Biggest Security Concern
According to a recent study commissioned by security software vendor CA, as the threat of attack from outside the corporate newtork perimeter declines, the threat posed by internal security breaches...

Symantec partners School Family Media on Internet security issues - Trading Markets (press release)

Multiple Vendors Vulnerable to DNS Cache Poisoning
Multiple vendor DNS protocol implementations could allow a remote attacker to poison the DNS cache.  Patches that resolve the vulnerability on the DNS may be rendered ineffective if the DNS is behind a NAT device that does not randomize ports. Public exploit code was made available on July 24, 2008.  At the time of this update, neither X-Force nor IBM MSS has witness any active exploitation nor the integration of this exploit into any exploit toolkits.

Microsoft ActiveX Snapshot Viewer for Microsoft Access RCE
Microsoft ActiveX Snapshot Viewer for Microsoft Access could allow a remote attacker to execute arbitrary code on the system.  Targeted exploitation was reported on July 7, but X-Force has been monitoring toolkit-related mass exploitation since July 10.  As of July 24, exploitation has continued to escalate.  See technical description for more details.

Is Security Over or Under-Estimated?
According to the results of an RSA survey, 54% of respondents have addressed a security incident but only 11% reported it. Based on what we see reported in the news,...

Microsoft Windows DirectX SAMI Code Execution
Microsoft Windows DirectX could allow a remote attacker to execute arbitrary code on the system.

Laptops and Airline Travel
When the TSA (Transportation Security Administration) banned laptops from being carried on to airplanes in the wake of an attempted terrorist attack, I wrote an article detailing steps to enable...

CA, Arcot Combine Solutions to Fight Internet ID Theft, Fraud - TMCnet

What is ASLR?
Windows Vista includes a variety of security features not found in previous operating systems such as Windows XP. One of these features is ASLR. ASLR is like a shell game...

Microsoft Windows MJPEG Codec Multiple Overflows
The Microsoft MJPEG codec is vulnerable to multiple stack-based buffer overflows when parsing specially crafted files. A remote attacker could overflow the buffer and execute arbitary code within the context of the user viewing the malicious file.

Microsoft Worldwide Partner Conference
This week Microsoft, and every company that is a partner of Microsoft, have descended upon Houston. Thankfully, I live here so I didn't have to travel far. I get to...