Foxit Software just released an update to their PDF reader to fix a security flaw. Secunia rated the util.printf() buffer overflow vulnerability as highly critical, so download and install the latest version now. The latest version is now 2.3 build 2923. Their download servers are very slow right now, but I was able to get [...]

Niels Provos mentioned it at today’s Web 2.0 Security and Privacy workshop, and somehow everyone I knew missed Google’s official announcement last week of the safe browsing diagnostic page. So what type of information is given back to the user? What is the current listing status for [the site in question]? We display the current [...]

Today at the Claremont Resort in Berkeley California, I attended the Web 2.0 Security and Privacy workshop. It was was sponsored by IEEE, whom just finished their Symposium on Security and Privacy yesterday. The papers for the Web 2.0 Security and Privacy workshop are now available, and can be found on the program page. Presentations [...]

This post was guest blogged by Tom of spylogic.net. If you are in the Cleveland, Ohio area and a security professional be sure to check out the other security bloggers that are located in our area: Security Second Thoughts The Security Shoggoth Securi-D Even if you are not from Cleveland, check them out! Matt and [...]

Today I noticed a ton of duplicate content on various blogs. My first thought was they were all hacked, but the content pages weren’t malicious at all. I then noticed that all the blogs that were effected were hosted blogs at wordpress.com! Somehow, all the feeds were now pointing to http://en.blog.wordpress.com/feed/. Below are a couple [...]

Yesterday Tenable Network Security announced an update to their subscription model for their very popular vulnerability scanner Nessus. The bottom line is that as of July 31st 2008, any commercial use of the application will require a paid subscription. A small bit of good news is that it will still be free for home use [...]

Jeremiah Grossman recently did a short podcast on Help Net Security on his top security conferences. He didn’t name one as the best, because each conference caters to all different sorts of people. Some are highly technical, some are more business related, and some are more underground. My question to you is which conference is [...]

Because I maintain the information security events calendar, I often get asked about local information security events. If I were to add all the local events that I know about, it would fill the calendar with a ton of entries, many of them not applicable to the users. I might start another calendar only for [...]

Over the last week, here are some of the new security tools released. Microsoft Debugger 6.9.3.113 – 32bit and 64bit Microsoft Fiddler 2.1.6.1 – Web proxy tool for IE Hexer 1.2.0 – Hex Editor with python scripting ability Nmap 4.62 While there are other sites that track tools on a daily basis, these are tools [...]

May is a bit slower with only 7 different events going. Here is a list of information security events in May: EDUCAUSE Security 2008: May 4 – 6 ChicagoCon Training and Conference: May 12 – 17 LayerOne 2008: May 17 – 18 IEEE Symposium on Security and Privacy: May 18 – 21 Systematic Approaches to [...]