What is DNSSEC?
DNSSEC (short for DNS Security Extensions) adds security to the Domain Name System. DNSSEC was designed to protect the Internet from certain attacks, such as DNS cache poisoning (discovered by Dan Kaminsky). It is a set of extensions to DNS, which [...]

The internet is filled with threats real and imagined, from malicious hackers to government censors.
Beyond the hacks and cracks — and in celebration of Sunshine Week — we’ve compiled a brief list of some of the biggest public and private threats facing the internet.
1. Warrantless Government Monitoring
2. Private Censorship
3. Government Censorship
4. Deep Packet Inspection
5. [...]

Kenshoto has officially released their call-for-ninjas regading Defcon 16’s Capture The Flag (CTF) competition.

When questioned about this shocking revelation, Dr. Shoto responded palm-to-forehead, “What you say?!” He further elaborated, “The recent challenges with cyber-infrastructure and the threat of cyber-attack from cyber-terrorists plotting devious cyber-crimes has been troublesome. So let’s all get together and cyber-bitchslap each [...]

In what may turn out to be an important development for interoperability between Internet services, online giant Yahoo! has announced it plans to support OpenID 2.0, a standard designed to enable single-login access to Internet services—even if they’re operated by different companies. Yahoo! plans to introduce beta support for OpenID 2.0 beginning on January 30 [...]

For those researchers out there that thought the Zero Day Initiative was not offering enough money for your zero day exploit, rejoice. WabiSabiLabi, a swiss based company, is offering an auction site for new unreported vulnerabilities. According to the companies home page:
WabiSabiLabi is aiming to a single moving target: to bring the world closer to [...]

We’re not sure if this is directly related to the Ajax exploit we posted about, but interesting to see the point proven that security shouldn’t be forgotten in the name of “Web 2.0”
Apparently it was a simple as them not validating any input on their posts/comments as reported here. This is a similar [...]

According to Fortify Software, 11 out of 12 of the most popular Ajax/JS frameworks are vulnerable to javascript hijacking. So apparently every shiney web 2.0 app out there is ripe for the picking!
“Fortify said that the “pervasive and critical vulnerability” is present in 11 of the 12 most popular AJAX frameworks, and therefore [...]

Michael Kemp has discovered a denial of service issue in the BlackBerry Browser. An BlackBerry device running OS version 4.2 or earlier would be affected as RIM has released a patched version 4.2.1 which fixes this issue.
Here is how the vulnerability works:

Construct a WML page that contains an overly long string value within a link [...]

Shortly after reports of the first virus for Mac OS X, a new security flaw has surfaced. The culprit is the option “Open ’safe’ files after downloading” in Apple’s Safari web browser. This feature is activated by default. Its function is to automatically display images and movies after they are transmitted to the user’s computer, [...]