Sergio Alvarez and Thierry Zoller of nruns gave an interesting presentation at Hack.lu 2007 on vulnerabilities in anti-virus software (hat tip: Pauldotcom podcast Episode 93, 1:21). One of the main problems is anti-virus software takes in just about every file format and attempts to parse and process it. If the software developer makes a mistake [...]

Brian Krebs at the Washington Post’s Security Fix has more detail on a recent utility hack and some grim predictions for 2007 Microsoft Office.
The cyber attack last month against a U.S.-based public utility came wrapped in a Microsoft PowerPoint document featuring holiday illustrations and heartwarming reflections. This PowerPoint file, which resembled an innocuous version that [...]

Now that the dust has settled a bit a few comments on the worm and how it impacts SCADA.
1) The time between the vulnerability being made public an exploit was five days. Even if a patch is available on the day the vulnerability is released, it is difficult for a SCADA vendor to run regression [...]

Last night I received a couple of e-mails from a very well known individual in the SCADA security industry with an attachment containing the W32.Beagle.AZ virus. My Norton anti-virus deleted it before I even had a chance to do the wrong thing. Hopefully everyone else who received it was also protected.
This is a great example [...]