To infinity and beyond! Unimaginably large bug-hunting prize fund announced by Google

For the past few years, Google has been holding an annual bug-hunting competition – known as Pwnium – to encourage vulnerability researchers to find security holes in Chrome OS and the Chrome browser.

Google took advantage of the fact that many of the world’s leading bug hunters were already meeting at the CanSecWest security conference in Vancouver to compete in Pwn2Own (a separate bug-hunting competition) to run their own,

> Read More

Don’t be evil? Google discloses yet another zero-day vulnerability in Microsoft code

For the third time in a month, Google has gone public about a security vulnerability in Microsoft’s code – and not been prepared to wait for the software giant to publish a patch.

The security hole, which exists in Microsoft Windows 7 and 8.1 is expected to be patched in Microsoft’s regular monthly security update on Tuesday February 10th.

> Read More

Google shows hackers how to exploit Windows 8.1

If I told that you that a bunch of hackers had found a zero-day vulnerability in Microsoft Windows 8.1 you would probably be concerned.

Especially if details of the unpatched security bug had not only been made public, but actual working exploit code had also been released on the internet for anyone else to use.

> Read More

Malicious ads run next to popular YouTube videos, laced with the Sweet Orange exploit kit

If you want to watch a video, you go to YouTube.  It’s as simple as that.

Although other sites exist which host videos, Google-owned YouTube is the Goliath in the market – and gets the overwhelming bulk of the net’s video-watching traffic.

And, of course, that enormous success and high traffic brings with it unwanted attention –

> Read More

Google’s Project Zero – Targeting Zero-Day Vulnerabilities

Google has announced that it is assembling a crack team of researchers, devoted to finding and reporting security holes in widely used software.

According to Google security engineer Chris Evans, the group – which has been dubbed “Project Zero” – aims to uncover unpatched security vulnerabilities before they are exploited in targeted internet attacks.

> Read More

Not Running Android KitKat? Hackers Could Steal Info from Your Phone

Security researchers at IBM have gone public about a critical security vulnerability in the Android operating system, that could allow hackers to remotely execute code on users’ devices and steal sensitive information.

The flaw, which was discovered nine months ago by researchers of the Application Security team at IBM but has only now been made public,

> Read More

Android Kitkat 4.4.4 released by Google to tackle OpenSSL security hole

Less than three weeks after Google pushed out Android 4.4.3 to users of its Nexus smartphones and tablets, the technology giant has unexpectedly released factory images, binaries and source code for a new version – Android Kitkat 4.4.4 – patching a serious vulnerability in the OpenSSL cryptographic library.

Sascha Prüter, a Google Android program manager,

> Read More

A September to Remember This Patch Tuesday

UPDATE September 16, 2013: Due to installations problems and some re-targeting issues, Microsoft re-issued a few patches last week. Get the new updates on the Microsoft blog.

This is definitely a September to remember – last year at this time Microsoft released only 2 bulletins and both were only rated Important.

> Read More

Not reporting a data breach – your reputation may suffer but what about your pocketbook?

How would you feel if a restaurant, hotel or retailer knew your information had been compromised, but you didn’t find out until fraudulent charges started appearing on your credit card? Or if a company you had invested tens of thousands of dollars in didn’t let you know that it had suffered a data breach? Not great I’d imagine,

> Read More

Does ‘Death of the Web’ Mean a More Secure Internet?

So, the web is dead.  Or so says the latest cover of Wired Magazine.  I must admit, seeing this pronouncement (in bright orange!) pop out of my mailbox caused me to stop in my tracks.  But the hot Arizona sun soon had me scrambling for the cover of my comfortably AC’d house and I continued my pondering there. 

> Read More

Think the Solution to Your Security Woes is to Abandon Microsoft?

Reflecting on recent headlines that Google was going to drop Windows usage for desktops and move to Linux or OS X (Apple) reminded me of advice I received very early on in my security career – no operating system is the holy grail and you are always better off working with one you are more familiar with,

> Read More

Is Android Doomed to Repeat the WinTel Security Record?

The analogies comparing Android and iPhone OS to the PC and the Mac back in the ‘80s are everywhere on web.  The ground-breaking Mac established an early lead that was soon eclipsed by the comparatively open WinTel platform.  Will the iPhone’s early lead in the smart phone market place similarly give way to the comparative openness of Android available on a wide range of hardware options? 

> Read More