After a busy February with 13 security bulletins, Microsoft is easing off the patching throttle a bit this month. 

Microsoft released two new security bulletins addressing 8 vulnerabilities, all not publically known at this time. 

Guest editorial by Roel Schouwenberg

Over the last few months, there's been quite a lot of news chatter around Banker Trojans emptying out online bank accounts of small businesses in the U.S. Today, I was reading one of such stories on Brian Krebs' site.  After reading that story I came across another news item that described booting from an alternative media to experience safe internet banking.

Guest editorial by Aviv Raff

We all know what happens when a software vendor downplays the severity of a security vulnerability. It usually comes back to haunt them, when the vulnerability is eventually discovered by the bad guys and used to exploit innocent computer users.

Microsoft, Apple and even Mozilla have all been guilty of this in the past. Lately (and sadly), Adobe has joined this train.

By Jeremiah Grossman

There are several security issues affecting all major Web browsers that have remained unaddressed for years (probably because the bad guys haven’t leveraged them aggressively enough, but the potential is there). The problem is that the only known ways to fix these issues (adequately) is to “break the Web” -- i.e. negatively impact the usability of a significant and unacceptable percentage of websites. Doing so is a non-starter for any browser vendor looking to grow market share. The choice is clear for most vendors: Be less secure and adopted, rather than secure and obscure. This is what the choice comes down to. This is a topic deserving of further exploration.

By Joshua Wright

Recently, I picked up a Verizon MiFi device for $50 and the extension of my service contract for another 2 years. The fun that I've had with the device so far has well made up for both costs.

By Magnus Kalkuhl

Have you ever found a false positive when uploading a file to a website like VirusTotal? Sometimes it happens that not just one scanner detects the file, but several. This leads to an absurd situation where every product which doesn't detect this file automatically looks bad to users who don't understand that it's just false positives.

By Gunter Ollmann, Damballa

The recent Google Advanced Persistent Threat (APT) dialogue has been hogging the press for a week now, and each day reveals new (and often conflicting) insight. As I mentioned on Thursdays blog – “Preemptive Protection” Isn’t – If You’re Battling APT’s – this particular attack doesn’t represent some new shift in tactics. It’s not the first APT in the world, in fact I’m pretty sure it’s not Google’s first exposure to APT’s, and I’m certain it isn’t going to the last. In fact I’d say its a safe bet to say that there are several other equivalent APT successes currently operating within Google’s networks waiting to be discovered. Such is the state of the threat.

By Scott Crawford & Nick Selby

There has been much talk recently about the "Advanced Persistent Threat." According to Richard Bejtlich [1] and others, the term originated with the US Air Force around 2006, which explains why Bejtlich and others with an Air Force pedigree, such as Mandiant founder Kevin Mandia, have made much of the term.

Ninety years ago KitchenAid released their first countertop mixer, which weighed in at about 69 pounds. More interestingly, the mixer also had a special socket that allowed users to attach assorted add-ons for new functionality such as slicers, shredders and meat grinders. Today this sort of extensibility of countertop-appliances is old hat for KitchenAid and their competitors.  The interesting thing about this socket is that it has not changed in size or shape since the very first version was released. As a result, you can buy a brand new attachment, say the pasta rollers and it will work in every single version of every KitchenAid stand mixer ever made. Talk about backward compatibility!