The Fixed Bounty Bug Revealed Last month Google awarded our security analyst Luka Treiber a Chromium Security Reward for a high-severity ...

[Update September 19, 2011: Windows update MS11-071 breaks this proof of concept by removing the deskpan.dll registry reference. It thus n...

This article is partly a summary of, and partly an update to, my presentation titled " How To Rob An Online Bank And Get Away With It ,...

That is, after making them vulnerable in the first place Last October our company reported that Microsoft Visual Studio 2010 and 2008 (we...

Vulnerability Patches Can be Really Small and Easy to Apply Yesterday we tweeted a proof-of-concept actual micropatch for the "Winsho...

Just a quick description for what we think may (or may not) become an important attack technique in the future: User-in-the-Middle (UITM)...

A Case Study of Logical Error in Online Gambling Gambling is one of the most profitable business models in the online world. There is no s...

Last year, soon after revealing our binary planting research project, we published a blog post clearing up five frequently-appearing misconc...

Keeping binary planting bugs out of 120 million lines of code In the course of the ongoing binary planting research , our company has disc...

[May 6, 2011 update: we published a proof of concept for this vulnerability .] Last week at the Hack In The Box conference in Amsterdam w...