Security Bytes:

December, 2008


December 30, 2008  1:05 PM

Behind the MD5 attack

David Schneier David Schneier Profile: David Schneier

When the researchers who produced the elegant MD5 attack I wrote about this morning realized the severity of what they had found, they took two highly unusual steps. First, they consulted with lawyers from the Electronic Frontier Foundation, describing their findings and voicing their concerns...

December 22, 2008  2:28 PM

Nokia to sell security business to Check Point

David Schneier David Schneier Profile: David Schneier

In a move that has been anticipated for some time, Nokia on Monday said it has an agreement in place to sell its security business. What did come as a surprise was the identity of the buyer: Check Point. The two companies have been working...


December 19, 2008  3:59 PM

Cable cuts in Mediterranean kill Internet service in Egypt, other countries

David Schneier David Schneier Profile: David Schneier

Several undersea cables in the Mediterranean Sea that carry the bulk of Internet traffic between Asia and Europe have been cut, resulting in a massive Internet outage in Egypt and problems in other countries. Early reports are speculating that the cut, which happened Friday morning, may have been...


December 17, 2008  2:03 PM

Word documents being used in new attacks on IE XML flaw

David Schneier David Schneier Profile: David Schneier

The list of things to worry about with the soon-to-be-patched MS08-078 XML data binding vulnerability is getting longer by the minute.  The researchers at McAfee's AVERT Labs report that they have been seeing


December 16, 2008  4:00 PM

Microsoft to release emergency patch for IE XML flaw

David Schneier David Schneier Profile: David Schneier

Microsoft on Wednesday will release an emergency out-of-band patch for the XML handling flaw in Internet Explorer that has been the target of malware attacks for the last week or more. This is the second time in the last...


December 15, 2008  12:55 PM

Steve Bellovin’s unsparing analysis of the CSIS cyber security report

David Schneier David Schneier Profile: David Schneier

The recent release of the "Securing Cyberspace for the 44th President" report spawned a flood of analysis and criticism, and much of it was positive and complimentary. I've written before about the idea behind...


December 12, 2008  11:07 AM

Microsoft says all versions of Internet Explorer vulnerable to XML attack

David Schneier David Schneier Profile: David Schneier

The Internet Explorer vulnerability saga continues to unfold. Microsoft late Thursday released more information about the unpatched XML flaw in IE, and confirmed that the...


December 11, 2008  10:51 AM

Microsoft releases advisory and workarounds for IE 7 XML flaw

David Schneier David Schneier Profile: David Schneier

Microsoft has released a security advisory with a suggested workaround for protecting vulnerable machines against attacks on the unpatched XML vulnerability in Internet Explorer 7 that came to light earlier this week. The...


December 10, 2008  3:54 PM

Security chief Window Snyder leaving Mozilla

David Schneier David Schneier Profile: David Schneier


December 10, 2008  11:37 AM

Unpatched Internet Explorer 7 flaw under attack

David Schneier David Schneier Profile: David Schneier

On the same day that Microsoft patched a slew of vulnerabilities in Office and other products, including Internet Explorer, the tubes were abuzz yesterday with news of a new exploit for IE 7 that was being used against fully patched Windows XP and Windows 2003 systems. Early reports of the attack...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: