Tangled Web by Michal Zalewski is an incredibly detailed book on the topic of web technologies. It includes an encyclopedic history of HTTP, HTML, browsers, and the path that has led us to where we are now. The book is well referenced with plenty of endnotes to guide you to further reading on the topics. With a focus on security in web applications, the amount of knowledge … [Read more...]
Book Review: Zero Day by Mark Russinovich
Do you know of Mark Russinovich? If you are in IT, you have probably heard of him. He is a Technical Fellow at Microsoft and the genius behind the SysInternals Windows Utilities like Process Explorer, Autoruns, and many others. He's also the author of such authoritative technical resources like Windows Internals, coming soon in its 6th edition. With Zero Day, Mr. Russinovich … [Read more...]
Out-of-band security patch for Windows today
Microsoft put out a security advisory yesterday regarding a vulnerability in the Microsoft .NET framework on almost all versions of Windows. This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft .NET Framework. The most severe of these vulnerabilities could allow elevation of privilege if an unauthenticated … [Read more...]
Microsoft to eradicate IE6 with automatic updates
Microsoft posted to its Windows Team blog yesterday that it plans to start automatically updating users of old versions of Internet Explorer across Windows XP, Vista, and 7. Before anybody gets too excited or angered about this, it sounds like it will be a slow roll-out. Today we are sharing our plan to automatically upgrade Windows customers to the latest version of Internet … [Read more...]
Update for Adobe Reader/Acrobat 9.x Now Available
The exploit that was used to target Lockheed Martin and many other companies has now been patched, says Adobe. The exploit exists in the latest version of Reader and Acrobat 10 but the version's "Protected Mode" feature prevents it from being successful. Reader X and Acrobat X will be addressed in their next quarterly security update, January 10th, 2012. Version 8's support … [Read more...]