Security - Infoworld

Adobe launches sandboxed Flash Player for Firefox, hopes for fewer exploits

admin — Mon, 06 Feb 2012 23:36:06 +0000

Adobe has released a beta version of Flash Player for Firefox, which has better protection against vulnerability exploits because of a new sandboxed architecture.

Microsoft team discovers malicious cookie-forwarding scheme

admin — Thu, 02 Feb 2012 20:08:42 +0000

Microsoft researchers checking how easy it is to identify users by analyzing commonly collected Web-log data incidentally discovered a cookie-forwarding scheme that can be used to aid session hijacking.

Symantec recants Android malware claims

admin — Wed, 01 Feb 2012 21:47:12 +0000

Symantec has backtracked from assertions last week that 13 Android apps distributed by Google's Android Market were malicious, and now says that the code in question comes from an aggressive ad network that provides revenue to the smartphone programs.

Symantec drops don't-use advice, gives pcAnywhere all-clear

admin — Wed, 01 Feb 2012 00:21:19 +0000

Symantec has retracted its don't-use-pcAnywhere recommendation to owners of the remote access software.

Last week, the company took the highly unusual step of telling pcAnywhere users to disable the program based on a 2006 source code leak and this month's claims by members of Anonymous that they were mining the stolen code for vulnerabilities.

Book review: 'Liars and Outliers: Enabling the Trust that Society Needs to Thrive'

Roger A. Grimes — Tue, 31 Jan 2012 11:00:00 +0000

I've always considered anything written by Bruce Schneier to be part of my ongoing education about IT security. Like Warren Buffet of the financial world, Schneier has a special talent for simplifying complex IT concepts by stripping away the fat. Each book is like its own little graduate course on whichever subject he happens to be discussing.

Many pcAnywhere systems still sitting ducks

Eric Knorr — Tue, 31 Jan 2012 11:00:00 +0000

Despite warnings from security software maker Symantec not to connect its pcAnywhere remote-access software to the Internet, more than 140,000 computers appear to remain configured to allow direct connections from the Internet, thereby putting them at risk.

Even the best patching programs probably miss this

admin — Mon, 30 Jan 2012 20:46:00 +0000

We like to think our data center configuration and patch management practices are pretty businesslike and solid, right? Well, in at least one very important aspect, almost all of us are essentially asleep at the wheel, folks.

Sure, most data centers have honed their patch management over the years. Most actually do a pretty good job at getting operating system and application server patches deployed in a timely manner. The majority even have an emergency process for getting critical patches installed even faster than the normal process.

Facebook scammers redirect victims through Amazon's cloud

admin — Fri, 27 Jan 2012 20:26:02 +0000

Facebook scammers have started redirecting victims through Amazon's cloud in order to bypass malicious URL filters, according to security researchers from antivirus vendor F-Secure.

One Facebook survey scam recently analyzed by F-Secure uses malicious browser extensions to hijack Facebook accounts and post spam messages on their walls.

Security alert: Why compliance and privacy matter

Roger A. Grimes — Tue, 24 Jan 2012 11:00:00 +0000

One bit of IT security dogma that's gone unquestioned over the years is the notion that every technology belongs to one of three pillars: confidentiality, integrity, and availability, also known by the abbreviation CIA. Traditionally, a security team is doing its job if it manages to protect the technologies that fall into those three buckets.

The Oracle flaw: Clarifications and more information

Eric Knorr — Mon, 23 Jan 2012 16:54:33 +0000

Since InfoWorld published "Fundamental Oracle flaw revealed" on Jan. 17, we've received abundant feedback from Oracle users and consulted with Oracle representatives, who went through the story point by point, offering clarifications and additional details, including information about the patches that address the flaw.

Will a $6.7 million cyber heist spur a move toward fixing the Internet?

InfoWorld Tech Watch — Tue, 17 Jan 2012 23:50:25 +0000

A remarkably lucrative $6.7 million cyber bank heist of South Africa's state-owned Postbank provides an outstanding case study of just why 2011 was today's security problems -- buffer overflows, misconfigurations, poor authentication implementations, and data malformation -- won't much change; they'll just move to the latest gadgets.

Update: Fundamental Oracle flaw revealed

Eric Knorr — Tue, 17 Jan 2012 11:00:00 +0000

(Editor's note: This story has been updated to include clarifications and additional information, which appear in italics. For the latest developments, see the follow-on story "The Oracle flaw: Clarifications and more information.")

Symantec uses scareware sales tactics, lawsuit charges

Pete Babb — Thu, 12 Jan 2012 20:02:57 +0000

A Washington man on Tuesday sued Symantec in federal court, accusing it of using the same tactics as fake "scareware" software to sell its PC cleanup utilities.

Symantec said the lawsuit was without merit, and promised to defend its practices.

[ Keep up on the day's tech news headlines with InfoWorld's Today's Headlines: Wrap Up newsletter. ]

Companies prove careless when enlisting data recovery services

InfoWorld Tech Watch — Wed, 11 Jan 2012 11:00:00 +0000

Even the most vigilant IT security department could invest countless hours and dollars into defending its company's data trove

Virtual-security appliances winning users over traditional messaging-security software

admin — Tue, 10 Jan 2012 16:54:55 +0000

There's no question enterprises want messaging security -- the market for products and services worldwide reached almost $3.2 billion last year, up from $2.7 billion in 2010, and will grow to $4.78 billion in 2015, according to research firm IDC. But a fundamental shift is occurring that foresees businesses favoring virtual-security appliances over more traditional messaging security software.

Security headlines you'll never read

Roger A. Grimes — Tue, 27 Dec 2011 11:00:00 +0000

Whenever I read another article about how Company X or University Y or Governmental Organization Z was "recently" hacked -- usually "by the Chinese" -- I can't help but chuckle.

FTC fishes for info on facial recognition

admin — Mon, 26 Dec 2011 17:03:50 +0000

A federal agency charged with protecting consumer rights is gathering information on the new uses of facial recognition in contexts such as social networks, digital signs, and mobile apps, and it's asking the public for help.

Windows 8 picture password is 'Fisher-Price toy,' says father of 2-factor authentication

admin — Thu, 22 Dec 2011 23:22:01 +0000

The Windows 8 feature that logs users in if they touch certain points in a photo in the right order might be fun, but it's not very good security, according to the inventor of RSA's SecurID token.

"I think it's cute," says Kenneth Weiss, who now runs a three-factor authentication business called Universal Secure Registry. "I don't think it's serious security."