Today, another vulnerability has been making the headlines, various industry security professionals predicting apocalyspe, genocide and famine along with everything in between. It first started earlier this summer, back when Dan Kaminsky, in a multi-vendor coordinated effort, told the world of his DNS vulnerability. Then came the BGP hijacking, disclosed by Tony Kapela [...]

The bad:

It’s a front-end to WebKit much like Safari, with no bells-or-whistles
The only add-ons are Web Inspector (from WebKit), Chrome’s own Task Manager, and Chrome’s own Java Debugger (they could have at least used Drosera which comes with Web Inspector / WebKit)
The Google Updater software it installs runs as a separate process, is not a [...]

Yesterday we celebrated tssci-security.com’s two-year anniversary. I started this site on August 23rd, 2006 during my first internship, and oh my, how the time flew by. A lot of good things have come my way — most as a direct result of this blog. The connections and many good times I’ve had [...]

My good friend Arshan Dabirsiaghi at Aspect Security released an interesting paper today on Bypassing VBAAC with HTTP Verb Tampering. For those who don’t know what VBAAC is, it stands for “Verb-Based Authentication Access Control.” Unfortunately, most vendors have screwed up the implementation by taking a default allow approach, and as a result developers are [...]

Not to be outdone by Neohapsis Labs, NSS Labs also enters the fray with their blog, Security Product Testing.  Again, I think that NSS Labs (like Neohapsis Labs) has been blogging for awhile, but it has picked up more pace lately.
In the past, the TS/SCI Security blog staff were invited as guests by Martin McKeay [...]