Today, Sun released an update to their Java Runtime Environment (JRE) and Java Development Kit (JDK) to fix several security vulnerabilities. The latest JRE and JDK is version 6 update 7. John Heasman of NGSSoftware put his thoughts on the various security vulnerabilities in a post called ‘Time to updated your JRE again‘. It looks [...]

Yesterday, Dan Kaminsky announced that there is a fundamental flaw in the DNS protocol that can allow attackers to spoof domains to any DNS server. Because it is a fundamental flaw in the DNS protocol, many implementations of DNS servers are vulnerable. Yes, that means BIND, Cisco, Microsoft, and many others are vulnerable. Luckily, Dan [...]

Mozilla released yesterday an update to the 2.0.0.x version of Firefox, fixing 12 security bugs. The Firefox 2.0.0.15 release fixed 12 security vulnerabilities, 4 of which were rated critical. So for those that are not using the recently released Firefox 3.0, I would suggest upgrading now to Firefox 2.0.0.15.

The blog-o-sphere has been buzzing about the popular wordpress blogging platform getting hacked and their sites being redirected to anyresults.net.
Via Donncha O Caoimh’s blog:
Remember a few weeks ago there was all that noise about WordPress blogs getting hacked? Remember how everyone was urged to upgrade their blogs. You did upgrade didn’t you? No? It was [...]

Skype recently released an update to their Windows client to fix a major security issue. The Skype advisory is SB/2008-003: Skype File URI Security Bypass Code Execution Vulnerability. The latest Skype for Windows client is now 3.8.0.139.
There are some more details of the vulnerability on the iDefense Labs advisory page.
II. DESCRIPTION
Remote exploitation of a security [...]

A few days ago VMware released an update to their Workstation product to fix two major security issues. The latest version is now 6.0.4, Build 93057, and here you can download VMware Workstation.
From the VMware Workstation 6.0 Release Notes:
Workstation 6.0.4 addresses the following security issues:

On Windows hosts, if VMCI is enabled, a guest can [...]

Foxit Software just released an update to their PDF reader to fix a security flaw. Secunia rated the util.printf() buffer overflow vulnerability as highly critical, so download and install the latest version now. The latest version is now 2.3 build 2923. Their download servers are very slow right now, but I was able to get [...]

Today I noticed a ton of duplicate content on various blogs. My first thought was they were all hacked, but the content pages weren’t malicious at all. I then noticed that all the blogs that were effected were hosted blogs at wordpress.com!
Somehow, all the feeds were now pointing to http://en.blog.wordpress.com/feed/. Below are a couple screenshots [...]