When using a Hotel’s network, do you ever wonder how safe you are when connected to it? In a recent study from the Cornell University School of Hotel Administration, they found that most hotels are not secured properly.
The paper called Hotel Network Security: A Study of Computer Networks in U.S. Hotels (registration required) shows [...]

Last Friday, Forever 21 issued a notice on their website stating that their systems were illegally accessed to obtain customer payment card information. Approximately 98,930 credit and debit card numbers were illegally accessed, but more than half of the affected payment card numbers are no longer active or have expired expiration dates.
We have determined [...]

For those that love web application security data, WASC has just released their Web Application Security Statistics Report for 2007. Statistics were compiled from several companies, including Booz Allen Hamilton, BT, Cenzic, dblogic.it, HP, Positive Technologies, Veracode, and WhiteHat Security. In total, over 32,000 sites were analyzed, with roughly 70,000 vulnerabilities of different degrees of [...]

VMware has just released new versions of their VMware ACE, VMware Player, VMware Server, and VMware Workstation products to fix several security issues.
The updates to VMware ACE, Player, Server, and Workstation are:
Setting ActiveX killbit Starting from this release, VMware has set the killbit on its ActiveX controls. Setting [...]

Last week the Office of Management and Budget released memoranda M-08-23, titled Securing the Federal Government’s Domain Name System Infrastructure. The document states that all US government top level .gov domains will use DNSSEC starting in January 2009. This is in response to the DNS cache poisoning attack that Dan Kaminsky made public a few [...]

WhiteHat Security released their 5th website security statistics report yesterday. They also held a webinar to go over the results, and the website security statistics slides are also available on slideshare.
Total Websites: 687 Identified vulnerabilities: 11,234 Unresolved vulnerabilities: 3,541 (66% resolved)  Websites [...]

Just two weeks ago, Mozilla released a security update for their Firefox web browser, and today they are releasing another security update to fix 3 security vulnerabilities. All of the vulnerabilities were marked critical.

MFSA 2008-36 - Crash with malformed GIF file on Mac OS X
MFSA 2008-35 - Command-line URLs launch multiple tabs when Firefox [...]

Today, Sun released an update to their Java Runtime Environment (JRE) and Java Development Kit (JDK) to fix several security vulnerabilities. The latest JRE and JDK is version 6 update 7. John Heasman of NGSSoftware put his thoughts on the various security vulnerabilities in a post called ‘Time to updated your JRE again‘. It looks [...]

Yesterday, Dan Kaminsky announced that there is a fundamental flaw in the DNS protocol that can allow attackers to spoof domains to any DNS server. Because it is a fundamental flaw in the DNS protocol, many implementations of DNS servers are vulnerable. Yes, that means BIND, Cisco, Microsoft, and many others are vulnerable. Luckily, Dan [...]

Mozilla released yesterday an update to the 2.0.0.x version of Firefox, fixing 12 security bugs. The Firefox 2.0.0.15 release fixed 12 security vulnerabilities, 4 of which were rated critical. So for those that are not using the recently released Firefox 3.0, I would suggest upgrading now to Firefox 2.0.0.15.