The author of Blackhole, an exploit kit that booby-traps hacked Web sites to serve malware, has done so well for himself renting his creation to miscreants that the software has emerged as perhaps the most notorious and ubiquitous crimeware product in the Underweb. Recently, however, the author has begun buying up custom exploits to bundle into a far more closely-held and expensive exploit pack, one that appears to be fueling a wave of increasingly destructive online extortion schemes.
I recently began publishing a series of advice columns for people who are interested in learning more about security as a craft or profession. For the third installment in this series, I interviewed Jeremiah Grossman, chief technology officer of WhiteHat Security, a Web application security firm.
A frequent speaker on a broad range of security topics, Grossman stressed the importance of coding, networking, and getting your hands dirty (in a clean way, of course).
Adobe and Microsoft today each issued updates to address critical security flaws in their software. Adobe’s patch plugs at least five holes in its Shockwave Player, while Microsoft has released a bundle of seven updates to correct 23 vulnerabilities in… Read More »