Archive for May, 2007

Disable Firefox automatic updates

Christopher Soghoian has an excellent remote vulnerability disclosure report concerning Firefox Add-ons. More than several extensions from various 3rd parties are vulnerable to man-in-the-middle attacks.
Q: Who is at risk?
A: Anyone who has installed the Firefox Web Browser and one or more vulnerable extensions. These include, but are not limited to: Google Toolbar, Google Browser Sync, […]

Dell + Google Toolbar… profit??!?!

Andrew Hay writes:
Dell & Google Secretly Installing Software to Make Money Off Your Typos - Those….bastards….how is this business practice not illegal?
New Dell machines that include the Google toolbar as part of a marketing agreement also include a secret program that redirects non-url information typed into a browser window to a Dell-branded page filled with […]

Guaging interest, CitySec — Hartford, CT

Is anyone in the Hartford, Connecticut area between Boston and Manhattan interested in a CitySec meetup? I’m gauging interest for those located between the two cities (like myself). Anybody care to share a trip report for BeanSec or NYSec meetings?

Protecting data in use

Last week, I blogged about data classification and how it’s difficult for many organizations to gain control of. The next day SearchSecurity published Data classification is first step in successful data protection, an article that addresses the need to classify data to properly secure it. The trouble with it is the enormous amounts of data […]

Vulnerabilities of low probability bring about devestating impact

(Continued from Consumerization of IT and state of the security industry and a reply to Low probability but a devestating impact.)
After lunch, we broke up into several groups and I headed to the discussion on “next generation threat analysis,” which worked to identify vulnerabilities with a low probability of being exploited, but have a huge […]