Day one of PWN2OWN was unsuccessful, which is no big surprise.  But today, I am really hoping for something — otherwise we’ll have to wait until tomorrow for the third-party clieint-side exploits.
Here’s a little summary I wrote a bit back on how to increase the likelihood of exploiting the three systems.
Are Linux and Mac OS […]

You installed Firefox. How do you make it more secure for daily use? How do the Mozilla developers ensure that they are doing all the right things? How do you safely browse the Internet?
These are not easy questions to answer, and some of the answers will be system/OS-dependent.
Security functionality in Windows […]

Let’s take some time here to discuss what “secure code review” is and what it is not.  I see a lot more people talking about code review.  Many people have only the view of the PCI DSS compliance standard, which almost pits code review against the web application firewall.
David Rice quoted a Gartner study on […]

I’ve downloaded and used the Firefox 3 beta browser software for the past few months and wanted to give a report on the latest of what works and what doesn’t.  Note that I had to install Nightly Tester Tools to get many of these to work.  I am also now using the Classic Compact theme, […]

Lesson 13: Just this week, in lessons 12 and 13, we’ve covered — at least partially — how to significantly reduce risk and vulnerability to system and network infrastructure.  We touched on protecting applications, but we weren’t able to go into specific detail about how to handle the path of execution to the attacks, only […]