Optimal Security : the Lumension Blog

Paul Henry, Forensics and Security Analyst, provides his insights in this September Patch Tuesday Security Briefing.

Not so long ago, if you wanted to quickly take control of a user’s PC, you scanned the Internet looking for open ports for a vulnerable victim and hacked them with an OS vulnerability. In the age of Web 2.0, OS vulnerabilities have been replaced with browser vulnerabilities as the “keys to the kingdom,” and [...]

A quick note on some interesting news/tidbits I’ve run across whilst trying to keep up with/clean out my RSS feed before I head out for the 4th of July weekend…
The Iceman Goeth. Saw where Max Ray Vision (nee Butler), aka “Iceman,” has plead guilty to two counts of wire fraud stemming from the theft of [...]

Security researchers have long used dedicated reporting websites to highlight the need to secure specific applications or services by hosting hacking challenges for members of the research and hacking communities to publicly post discovered vulnerabilities. The latest challenge called “Twitpwn” will highlight newly discovered vulnerabilities and proof of concept code that involve Twitter, a micro-blogging site, but will [...]

Like most readers, I’ve been using computers for a long time. For me it started with the PLATO project at the University of Illinois (Go Illini!!), with its cool touch panels. Then punch cards on mainframes. Then micros, minis … and finally the DOS-based PC. [Remember the dual-floppy drive 5150?] Yup, those were the days [...]

Video Blog discussing Patch Tuesday May 2009.

Read the May 2009 - Patch Tuesday Security

The second Sunday in May is Mother’s Day. Traditionally a day of flowers, candy, cards and long-distance calls. I suspect there will be many Moms getting the gift of Skype plus a webcam, but why not sprinkle in a little online security?
This Sunday, take the time to make sure Mom is running a modern browser. [...]

While IT pros were attending RSA Security Conference in San Francisco last week, several urgent patches and upgrades were released to address serious security vulnerabilities in several widely used software. Further, the discovery of a botnet tied explicitly to Mac PCs is a not so subtle reminder that security vulnerabilities are not simply a Microsoft issue.
Apple “iBotnet” – over [...]

Video Blog discussing Patch Tuesday March 2009.

Read the April 2009 - Patch Tuesday Security