LAS VEGAS--A security researcher has found a slew of fundamental problems with the way that modern browsers are designed and built, leading to serious questions about the security of these applications and the way that they handle SSL sessions.

LAS VEGAS -- Using home-brewed software tools and exploiting a gaping security hole in the authentication mechanism used to update the firmware on automated teller machines (ATMs), a security researcher hacked into ATMs made by Triton and Tranax and planted a rootkit that dispensed cash on demand.

LAS VEGAS--Security technology and practice have advanced quite a bit in the past few years, but one thing that has become clear is that whatever gains have been made are just not keeping pace with the innovation of attackers. The advances being made by malware authors and crimeware gangs are keeping them well ahead of the curve and will continue to do so for the foreseeable future, researchers say.

LAS VEGAS -- Microsoft today released a new tool to help IT administrators backport anti-exploit mitigations like ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention) to older versions of Windows.

LAS VEGAS -- Adobe's push to beef up its security posture took another leap forward here with the announcement of plans to start sharing details on software vulnerabilities with security vendors ahead of time to help reduce the window of exposure to hacker attacks.

LAS VEGAS--Apple has released a major update to its Safari browser that includes a number of security fixes, most importantly a patch for the AutoFill vulnerability disclosed recently.

By Alex Rothacker

Privilege escalation attacks consist of exploiting a bug or design flaw in a software application to gain access to resources which normally are protected from an application or user. The result is that the application allows actions with privileges beyond an acceptable level for the specific user.  

A new change to the much-maligned Digital Millennium Copyright Act free users who jailbreak their iPhones and other mobile handsets from worries about prosecution under the provisions of the DMCA that prevented circumvention of protection technologies. A separate change announced Monday also gives security researchers some new protections.

Digital Underground podcast with Dennis Fisher

Dennis Fisher talks with Paul Judge and David Maynor of Barracuda about new research the pair will be presenting at BSides Las Vegas and Defcon this week on the start of a reputation system for Twitter accounts, how attackers use search engines to spread malware and what kinds of sites are most likely to be serving you SEO-related malware.

digital_underground_66.mp3

At the Defcon conference later this week, Chris Paget, a well-known security researcher who focuses on wireless and RFID issues, will give a demonstration of a technique that enables him to intercept calls made on GSM wireless handsets without any interaction with the user's handset.