This has just been posted to Bugtraq.
For now you can test if your version is vulnerable, here. (will cause Firefox to close)
So far Firefox 1.5.0.7 and 2.0 (Linux) have been tested, and both vulnerable. Firefox 1.0.7 (Win32), not vulnerable.
The code used on the test page and the one submitted to Bugtraq can be found here.
Severity: [...]

Continuing with the series of tools I’ve been posting on source code auditing and application security, here is PMD a Java Source Code Scanner.

PMD scans Java source code and looks for potential problems like:

Possible bugs – empty try/catch/finally/switch statements
Dead code – unused local variables, parameters and private methods
Suboptimal code – wasteful String/StringBuffer usage
Overcomplicated expressions – [...]

Cyber and computer laws are always a grey area, they tend to be very vague and don’t cover specific technologies.
Spam is a good example, look at how long we’ve been getting spammed, and it’s been a SERIOUS problem for at least the last 5 years, spam legislation has only started coming in to effect in [...]

BobCat is a tool to aid a security consultant in taking full advantage of SQL injection vulnerabilities. It is based on a tool named “Data Thief” that was published as PoC by appsecinc. BobCat can list the linked severs, database schema, and allow the retrieval of data from any table that the current application user [...]

No surprise really? Microsoft and they monopoly strategies, anti-competitive behaviour, nothing new really is it?

Microsoft and its security rivals are feuding over a key piece of Windows Vista real estate.
The fight is over the display of technology that helps Vista owners manage the security tools on their PC. Symantec, McAfee, Check Point Software Technologies and [...]

If you are paranoid about people ARP spoofing or flooding on your network you can use ARPWatch-NG, ARPWatch-NG is a continue of the popular original ARPWatch from ftp://ftp.ee.lbl.gov/.
ARPWatch monitors MAC adresses on your network and writes them into a file, last know timestamp and change notification is included.

It can be used it to monitor for [...]

An interesting new twist on things, rather than using cookies to store information you can use perpetually cached files.
So clearing your cache and cookies isn’t enough, could be a privacy issue you say, indeed it could..

Clearing cookies may not be enough as you may think. Your browser’s cache is a valuable store of information. A [...]

LAPSE stands for a Lightweight Analysis for Program Security in Eclipse. LAPSE is designed to help with the task of auditing Java J2EE applications for common types of security vulnerabilities found in Web applications. LAPSE was developed by Benjamin Livshits as part of the Griffin Software Security Project.

LAPSE targets the following Web application vulnerabilities:

Parameter manipulation
SQL [...]

An interesting enough article, but if you work in infosec you could probably guess the topics anyway.
In a key step to help businesses better understand and protect themselves against the risks of fraud, Visa USA and the U.S. Chamber of Commerce announced the five leading causes of data breaches and offered immediate, specific prevention strategies [...]

Odysseus is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Odysseus will intercept an HTTP session’s data in either direction and give the user the ability to alter the data before transmission.

For example, during [...]

It has happened quite a few times lately, politically tight situations, mistakes, data or information leaks and whoops damn…er…let’s blame it on hackers!
Case 1:

California Highway Patrol officials have opened a criminal investigation into “multiple” breaches and illegal downloads by outside hackers into the computers of Gov. Arnold Schwarzenegger’s office, after an embarrassing private taped conversation [...]

Looks like Mozilla is toughening it’s stance on security, people have been putting it down lately, especially those from the Microsoft camp as there have been a few flaws.
But well, it’s still not part of the operating system, the flaws are generally fixed within a couple of days and the patching system is simple and [...]

New versions of the ultracool tools pwdump (1.4.2) and fgdump (1.3.4) have been released.
Both versions provide some feature upgrades as well as bug fixes. Folks with really old versions of either program should definitely look at upgrading, since there are numerous performance improvements and full multithreading capabilities in both packages.
If you don’t know..what are pwdump6 [...]

For those that didn’t see, there is a new all singing all dancing ‘light-weight’ Codec in town that is actually a trojan.
Indeed it’s not the first time we’ve seen this kind of thing.
The zCodec software actually messes with your DNS settings.

Users looking for the latest and greatest video software may not just be in danger [...]

Ah Facebook again, security problems again?
Not this time, but privacy fears with the new stalker-esque features for tracking changes to people’s pages.

Millions of people have flocked to social networking sites to post information about themselves and share it with friends.
Now Facebook, one of the most popular, is facing a user backlash over a recent redesign [...]

FindBugs looks for bugs in Java programs. It is based on the concept of bug patterns. A bug pattern is a code idiom that is often an error. Bug patterns arise for a variety of reasons:

Difficult language features
Misunderstood API methods
Misunderstood invariants when code is modified during maintenance
Garden variety mistakes: typos, use of [...]

A new revision of Inprotect has just been released, 0.22.5 in order to fix bugs and implement feature requests submitted by the development team and users. Existing users are recommended to upgrade.
Inprotect is a web interface for Nessus and Nmap security scanners, released under GNU/GPL license. This version has the following enhancements:

Improved and fixed [...]

It seems like war-driving may become a thing of the past, legislation is starting to happen.
It’s a good start though, you have to target the manufacturers to educate their users, not target the users as they don’t care, sometimes ease of use has to be traded a bit with security.

California legislators have passed a law [...]

Echo Mirage is a generic network proxy. It uses DLL injection and function hooking to redirect network related function calls so that data transmitted and received by local applications can be observed and modified.
Think of it as Odysseus (or Burp, if you prefer) that will proxy (almost) anything…

Windows encryption and OpenSSL functions are also hooked [...]

Not sure if any of you heard of this new super secure ultra cool web browser called Browzar?
There was a bit of a backlash as it turned out Browzar was just another custom wrapper for Internet Exploder.
Security experts are crying foul over a new supposedly secure browser application.
Browzar is promoted as an easy way for [...]