LAS VEGAS--A security researcher has found a slew of fundamental problems with the way that modern browsers are designed and built, leading to serious questions about the security of these applications and the way that they handle SSL sessions.

LAS VEGAS--Security technology and practice have advanced quite a bit in the past few years, but one thing that has become clear is that whatever gains have been made are just not keeping pace with the innovation of attackers. The advances being made by malware authors and crimeware gangs are keeping them well ahead of the curve and will continue to do so for the foreseeable future, researchers say.

LAS VEGAS--Apple has released a major update to its Safari browser that includes a number of security fixes, most importantly a patch for the AutoFill vulnerability disclosed recently.

A new change to the much-maligned Digital Millennium Copyright Act free users who jailbreak their iPhones and other mobile handsets from worries about prosecution under the provisions of the DMCA that prevented circumvention of protection technologies. A separate change announced Monday also gives security researchers some new protections.

Digital Underground podcast with Dennis Fisher

Dennis Fisher talks with Paul Judge and David Maynor of Barracuda about new research the pair will be presenting at BSides Las Vegas and Defcon this week on the start of a reputation system for Twitter accounts, how attackers use search engines to spread malware and what kinds of sites are most likely to be serving you SEO-related malware.

digital_underground_66.mp3

At the Defcon conference later this week, Chris Paget, a well-known security researcher who focuses on wireless and RFID issues, will give a demonstration of a technique that enables him to intercept calls made on GSM wireless handsets without any interaction with the user's handset.

This week brought us the rare double rainbow of a re-emergence of the disclosure discussion and major security news from Microsoft, all wrapped into one. It truly was a gift from Mother Nature. But Microsoft's decision to change its disclosure stance--and refusal to pay bug bounties--wasn't the only big news. The Stuxnet saga continued to widen and weirden, a major privacy leak cropped up in Safari and the roots of the mass SQL injection attacks were exposed. What does it all mean? Read on for the full week in review.

Digital Underground podcast with Dennis Fisher

In this episode, Dennis Fisher talks with independent security researcher Dino Dai Zovi about his upcoming Black Hat talk on return-oriented exploitation, the value of exploit mitigations such as DEP and ASLR, the new crop of vendor bug bounties and why we don’t have any good data on zero-day attacks.

digital_underground_65.mp3

Researchers have found two distinct new malware families that are exploiting the newly discovered Windows shell LNK vulnerability, leading to concerns that the development of a worm could be in the offing.

Microsoft has no plans to follow in the footsteps of Mozilla and Google and pay researchers cash rewards for the bugs that they find in Microsoft's products.