Security Corner:


January 18, 2009  1:34 AM

The Great Drive Wiping Controversy Settled at Last

Posted by: Ken Harthun
Data destruction, Data sanitization, Secure Computing, Secure drive wipe, Security

How many times do you have to overwrite a hard drive in order to securely wipe it? This question has been at the center of an ongoing controversy for a long time. On the one hand, we've had Peter Gutmann saying it takes 35 passes (Gutmann, P.  (1996) “

January 17, 2009  3:27 AM

Software for Secure Computing: Exploit Prevention Labs Link Scanner

Posted by: Ken Harthun
Anti-malware, Cybercrime, Exploits, Malware, Secure Computing, Security, Vulnerabilities

With cybercriminals now actively poisoning search results and legitimate websites--unbeknownst to the webmasters--you can't be too careful when clicking on links. Take a look at this video library presented by

January 7, 2009  3:35 AM

MD5 Hashing Algorithm No Longer Safe

Posted by: Ken Harthun
Cryptography, hashing algorithm, MD5, Security, SHA1, Vulnerabilities

Just last week, two German security researchers, Alex Sotirov and Jacob Appelbaum, made a surprising announcement at the Chaos Communication Conference in Berlin: they had created a fraudulent Certificate Authority (CA) that had a valid signature from a root CA, Equifax, one of the oldest. The...

December 30, 2008  8:33 PM

CastleCops Shuts Down Operations

Posted by: Ken Harthun
Malware, Phishing, Security

CastleCops, the largest and most effective volunteer security community on the Internet, has shut down operations. Their website has this announcement posted:

You have arrived at the CastleCops website, which is currently offline. It has...

December 24, 2008  4:43 PM

Microsoft Releases Security Advisory (961040)

Posted by: Ken Harthun
Database, Remote Code Execution, Security, SQL Server, Vulnerabilities

Microsoft's latest Security Advisory (961040) covers a vulnerability in SQL Server that could allow remote code execution:

Microsoft is investigating new public reports of a vulnerability that could allow...

December 21, 2008  11:19 PM

No More Security Updates for Firefox 2

Posted by: Ken Harthun
Anti-malware, Browsers, Firefox, Internet Explorer, Opinion, Phishing, Security, Vulnerabilities

Security Fix reports that on December 16, Mozilla released its final update to Firefox 2, and plans no...

December 16, 2008  9:21 PM

Microsoft Announces Out-of-band Patch for Zero-day Flaw

Posted by: Ken Harthun
Critical update, Internet Explorer, Microsoft Windows, Security, Security bulletin, Zero-day exploit, Zero-day vulnerability

Microsoft issued today "Microsoft Security Bulletin Advance Notification for December 2008." The actual security bulletin will be released on December 17, 2008:

Microsoft Security Bulletin Advance...

December 12, 2008  9:44 PM

Internet Explorer Targeted by Zero-day Attack

Posted by: Ken Harthun
Critical update, Firefox, Internet Explorer, Malware, Opinion, Remote Code Execution, Security, Security bulletin, Vulnerabilities, Zero-day exploit, Zero-day vulnerability

Even though Microsoft released the biggest batch of patches ever on Tuesday--28 flaws affecting Windows, Office, Internet Explorer, Visual Basic Active Controls and Windows Media Player, 23 of them rated “critical”--there's no fix for a zero-day XML parser vulnerability that surfaced the same...

December 9, 2008  2:33 AM

But Wait! Apple Says it’s Just Kidding About Antivirus

Posted by: Ken Harthun
Opinion, Security, Security management, Vulnerabilities

If you tried to click through to the link in my December 2d article, you probably saw this page: Sorry Apple has taken down their notice recommending that users install multiple antivirus programs on their Mac computers. ...

December 8, 2008  7:49 PM

Secunia Releases Personal Software Inspector 1.0

Posted by: Ken Harthun
Patch management, Security, Security management, Vulnerabilities

On November 25, 2008, Secunia released the first official version of its Secunia Personal Software Inspector (PSI). The program had been in beta for 17 months. From the Secunia blog:

"Though the PSI so far has been in beta, it has received a huge amount of praising words like these...

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: