Security Tools - Infoworld http://www.infoworld.com/t/21647 en Don't overlook URL fetching agents when fixing Heartbleed flaw on servers, researchers say http://www.infoworld.com/d/security/dont-overlook-url-fetching-agents-when-fixing-heartbleed-flaw-servers-researchers-say-240335?source=rss_security_tools <p>Website operators should assess their whole Web infrastructure when patching <a href="http://www.infoworld.com/d/security/the-heartbleed-openssl-flaw-worse-you-think-240231">the critical Heartbleed flaw in OpenSSL</a>, otherwise they risk leaving important components open to remote attacks, despite fixing the problem on their publicly facing servers.</p> Security Encryption Patch Management Security Tools Vulnerability Assessment Fri, 11 Apr 2014 15:44:51 +0000 admin 240335 at http://www.infoworld.com Update: Yahoo email anti-spoofing policy breaks mailing lists http://www.infoworld.com/d/security/update-yahoo-email-anti-spoofing-policy-breaks-mailing-lists-240068?source=rss_security_tools <p>In an attempt to block email spoofing attacks on yahoo.com addresses, Yahoo began imposing a stricter email validation policy that unfortunately breaks the usual workflow on legitimate mailing lists.</p> Security Yahoo Email Software Malware Security Management Security Tools Tue, 08 Apr 2014 14:05:15 +0000 admin 240068 at http://www.infoworld.com Low adoption rate of HSTS website security mechanism is worrying, EFF says http://www.infoworld.com/d/security/low-adoption-rate-of-hsts-website-security-mechanism-worrying-eff-says-240021?source=rss_security_tools <p>Almost a year and a half after the HTTP Strict Transport Security (HSTS) mechanism was established as a standard, its adoption rate by websites remains low because developers are not aware of its benefits and Internet Explorer still doesn't support it, according to advocacy group the Electronic Frontier Foundation.</p> Security Internet Encryption Internet Privacy Security Tools Tue, 08 Apr 2014 11:30:56 +0000 admin 240021 at http://www.infoworld.com Proprietary firmware poses a security threat, Ubuntu founder says http://www.infoworld.com/d/security/proprietary-firmware-poses-security-threat-ubuntu-founder-says-238635?source=rss_security_tools <p>Mark Shuttleworth, the founder of the popular Ubuntu Linux distribution, believes proprietary and unverifiable firmware code poses a serious security threat to users and he encourages hardware manufacturers to implement support for their innovations through the Linux kernel instead.</p> <p>"If you read the catalogue of spy tools and digital weaponry provided to us by Edward Snowden, you'll see that firmware on your device is the NSA's best friend," Shuttleworth said Monday in a <a href="http://www.markshuttleworth.com/archives/1332" target="_blank">blog post</a>.</p> Security Patch Management Security Tools Vulnerability Assessment Security Tue, 18 Mar 2014 21:34:13 +0000 admin 238635 at http://www.infoworld.com Adobe patches a critical vulnerability in Shockwave Player http://www.infoworld.com/d/security/adobe-patches-critical-vulnerability-in-shockwave-player-238334?source=rss_security_tools <p>Adobe Systems released a new security update for Shockwave Player in order to fix a critical vulnerability that could allow attackers to remotely take control of affected systems.</p> <p>The vulnerability, identified as CVE-2014-0505, is the result of a memory corruption issue and can lead to arbitrary code execution. According to Adobe, the flaw was privately reported to the company and there are no reports of active exploits targeting it in the wild.</p> Security Patch Management Security Tools Vulnerability Assessment Thu, 13 Mar 2014 18:00:01 +0000 admin 238334 at http://www.infoworld.com NSA's plans reportedly involve infecting millions of computers with surveillance malware http://www.infoworld.com/d/the-industry-standard/nsas-plans-reportedly-involve-infecting-millions-of-computers-surveillance-malware-238275?source=rss_security_tools <p>The U.S. National Security Agency has reportedly been working for the past several years on expanding its ability to infect computers with surveillance malware and creating a command-and-control infrastructure capable of managing millions of compromised systems at a time.</p> Security The Industry Standard E-government Intrusion Detection Malware Security Tools Wed, 12 Mar 2014 21:14:58 +0000 admin 238275 at http://www.infoworld.com Adobe patches two important vulnerabilities in Flash Player http://www.infoworld.com/d/security/adobe-patches-two-important-vulnerabilities-in-flash-player-238234?source=rss_security_tools <p>Adobe released updates for Flash Player that fix two vulnerabilities that could allow attackers to bypass security controls in the software.</p> Security Adobe Flash Patch Management Security Tools Vulnerability Assessment Wed, 12 Mar 2014 14:02:17 +0000 admin 238234 at http://www.infoworld.com To build the best defense, know which attack is which http://www.infoworld.com/d/security/build-the-best-defense-know-which-attack-which-237052?source=rss_security_tools <div id="blog-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 192px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/laptop_spy.jpg" alt="To build the best defense, know which attack is which" width="243" height="182" align="right" /><br /><em><p align="right">Credit: iStockphoto</p> </em></div> <p>As you mount your defense against the bad guys, it's important to make the distinction between the two major types of attack: the initial compromise and movement.</p> Security Cyber Crime Hacking Network Security Password Security Security Tools Security Tue, 25 Feb 2014 11:00:00 +0000 Roger A. Grimes 237052 at http://www.infoworld.com Exploit released for vulnerability targeted by Linksys router worm http://www.infoworld.com/d/security/exploit-released-vulnerability-targeted-linksys-router-worm-236475?source=rss_security_tools <p>Technical details about a vulnerability in Linksys routers that's being exploited by a new worm were released Sunday along with a proof-of-concept exploit and a larger than earlier expected list of potentially vulnerable device models.</p> <p>Last week, security researchers from the SANS Institute's Internet Storm Center identified a self-replicating malware program that exploits an authentication bypass vulnerability to infect Linksys routers. <a href="http://www.infoworld.com/d/security/themoon-worm-infects-linksys-routers-236404">The worm has been named TheMoon</a>.</p> Networking Security Cyber Crime Network Router Intrusion Detection Malware Security Tools Vulnerability Assessment Tue, 18 Feb 2014 12:21:31 +0000 admin 236475 at http://www.infoworld.com Malware IQ test: Round 3 http://www.infoworld.com/d/security/malware-iq-test-round-3-234220?source=rss_security_tools <div class="field field-type-text field-field-quiz-overview"> <div class="field-label">Overview:&nbsp;</div> <div class="field-items"> <div class="field-item odd"> <!--paging_filter--><p>2014 has kicked off with a cyber security bang thanks to the Target hack, which exposed the financial information of more 100 million customers. Make no mistake, understanding how hackers and malware succeed is more important than ever.</p> <p><strong>[ More InfoWorld quizzes: <a href="http://www.infoworld.com/d/application-development/programming-iq-test-round-3-221946?source=fssr">Programming IQ test: Round 3</a> | <a href="http://www.infoworld.com/d/application-development/hello-world-programming-languages-quiz-188874?source=fssr">"Hello, world": Programming languages quiz</a> | <a href="http://www.infoworld.com/d/application-development/the-javascript-iq-test-191020?source=fssr">The JavaScript IQ test</a> | <a href="http://www.infoworld.com/d/application-development/the-java-iq-test-194151?source=fssr">The Java IQ test</a> | <a href="http://www.infoworld.com/t/misadventures/the-2012-infoworld-geek-iq-test-209003?source=fssr">The 2012 InfoWorld geek IQ test</a> | <a href="http://www.infoworld.com/d/microsoft-windows/microsoft-windows-iq-test-round-2-212323?source=fssr">Microsoft Windows IQ test round 2</a> | <a href="http://www.infoworld.com/t/linux/linux-iq-test-round-2-657?source=fssr">InfoWorld's Linux IQ test: Round 2</a> | <a href="http://www.infoworld.com/d/security/malware-iq-test-round-2-198237?source=fssr">Malware IQ test: Round 2</a> | <a href="http://www.infoworld.com/t/technology-business/the-google-iq-test-204712?source=fssr">The Google IQ test</a> | <a href="http://www.infoworld.com/d/mobile-technology/the-android-iq-test-196025?source=fssr">The Android IQ test</a> ]</strong></p> <p>Take this InfoWorld computer security quiz to see if you really understand how the malicious coders do damage. Find out if you can separate the fiction from the facts and the fantasy malware from emerging new threats. (And once you've aced it, check out our previous computer security quizzes: <a href="http://www.infoworld.com/d/security/are-you-cyber-sleuth-test-your-malware-iq-187066">Malware IQ test: Round 1</a> and <a href="http://www.infoworld.com/d/security/malware-iq-test-round-2-198237">Malware IQ test: Round 2</a>.)</p> </div> </div> </div> <!--paging_filter--> Security Anti-spam Anti-virus Cyber Crime Hacking Malware Security Tools Security Thu, 16 Jan 2014 11:00:00 +0000 Jason Snyder 234220 at http://www.infoworld.com RIP, information security, done in by backdoors and secret deals http://www.infoworld.com/d/data-center/rip-information-security-done-in-backdoors-and-secret-deals-233989?source=rss_security_tools <div id="blog-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/IFW_Hacking.jpg" alt="RIP, information security, done in by backdoors and secret deals" width="243" height="182" align="right" /></div><p>Another day, another revelation about massive government data collection on citizens domestic and abroad, including (but not limited to) phone calls, Internet transactions, backdoors in encryption algorithms, man-in-the-middle att</p> Data Center Insider Threats Security Tools Data Center Security Mon, 13 Jan 2014 11:00:00 +0000 Paul Venezia 233989 at http://www.infoworld.com Should you switch to a supersecure operating system? http://www.infoworld.com/d/security/should-you-switch-supersecure-operating-system-233561?source=rss_security_tools <div id="blog-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/IFW_Hacking3.jpg" alt="Should you switch to a supersecure operating system?" width="243" height="182" align="right" /></div><p>A reader recently wrote me to ask how I felt about <a href="http://qubes-os.org/trac" target="_blank">Qubes</a>, an operating system conceptualized and co-created by Joanna Rutkowska, founder and CEO of Invisible Things Lab.</p> Open Source Software Security Linux Endpoint Protection Security Tools Security Tue, 07 Jan 2014 11:00:00 +0000 Roger A. Grimes 233561 at http://www.infoworld.com Startup Adallom takes on SaaS security challenges http://www.infoworld.com/d/virtualization/startup-adallom-takes-saas-security-challenges-231029?source=rss_security_tools <p>A new company has emerged from stealth mode with a cloud-based offering intended to help organizations better monitor, audit, and control the use of software as a service (<a href="http://www.infoworld.com/t/saas">SaaS</a>) by employees. Adallom has spent the last 18 months beta-testing its software with a number of private clients, and this month the company is officially launching and making its product available to the public.</p> Cloud Computing Security Virtualization Cloud Security SaaS Startups Security Tools Virtualization Mon, 18 Nov 2013 19:03:47 +0000 David Marshall 231029 at http://www.infoworld.com The perfect security defense is right under our noses http://www.infoworld.com/d/security/the-perfect-security-defense-right-under-our-noses-225865?source=rss_security_tools <div id="blog-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 192px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/laptop_hands.jpg" alt="The perfect security defense is right under our noses" width="243" height="182" align="right" /><br /><em><p align="right">Credit: iStockphoto</p> </em></div> <p>A multitude of computer security defenses simply don't work. And the one we need doesn't exist.</p> Security Security Management Security Tools Security Tue, 03 Sep 2013 10:00:00 +0000 Roger A. Grimes 225865 at http://www.infoworld.com The one security technology that actually works http://www.infoworld.com/d/security/the-one-security-technology-actually-works-222763?source=rss_security_tools <div id="blog-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/security_checkmarks_hp.jpg" alt="The one security technology that actually works" width="243" height="182" align="right" /></div><p>To decrease security risk, most companies try to do too much. They have dozens of "top priority" security projects, few of which they ever complete and even fewer that are done well.</p> Security Endpoint Protection Security Management Security Tools Security Tue, 16 Jul 2013 10:00:00 +0000 Roger A. Grimes 222763 at http://www.infoworld.com Telltale signs your ATM card has been hacked http://www.infoworld.com/slideshow/106639/telltale-signs-your-atm-card-has-been-hacked-220971?source=rss_security_tools <!--paging_filter-->ATM skimming schemes involve installing fraudulent equipment that criminals use to steal credit and debit card numbers and PINs. Here are a few things to look for the next time you need to hit the ATM.<div class="field field-type-text field-field-slideshow-dek"> <div class="field-label">Dek:&nbsp;</div> <div class="field-items"> <div class="field-item odd"> ATM skimming schemes involve installing fraudulent equipment that criminals use to steal credit and debit card numbers and PINs. Here are a few things to look for the next time you need to hit the ATM. </div> </div> </div> <div class="field field-type-text field-field-slideshow-external-source"> <div class="field-label">External Source:&nbsp;</div> <div class="field-items"> <div class="field-item odd"> csoonline.com </div> </div> </div> <div class="field field-type-text field-field-slideshow-url-redirect"> <div class="field-label">Redirect Unpublished Slideshow to:&nbsp;</div> <div class="field-items"> <div class="field-item odd"> http://www.infoworld.com/slideshow/106639 </div> </div> </div> Security Tools Security Sat, 22 Jun 2013 10:00:00 +0000 admin 220971 at http://www.infoworld.com Security tools can't keep hackers at bay http://www.infoworld.com/d/security/security-tools-cant-keep-hackers-bay-217978?source=rss_security_tools <p>For a few months earlier this year, the personal data of customers of the Schnucks supermarket chain was exposed to hackers whose work went undetected until after a card processing company issued an alert about fraudulent activity on a handful of credit and debit cards used at the stores.</p> Security Data Loss Prevention Data Security Hacking Security Management Security Tools Security IDG Insider Wed, 08 May 2013 10:00:00 +0000 admin 217978 at http://www.infoworld.com 5 hot security defenses that don't deliver http://www.infoworld.com/d/security/5-hot-security-defenses-dont-deliver-217045?source=rss_security_tools <div id="blog-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 192px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/laptop_hands.jpg" alt="5 hot security defenses that don't deliver" width="243" height="182" align="right" /><br /><em><p align="right">Credit: iStockphoto</p></em></div> Big Data Security Access Control Big Data Anti-virus Authentication Cyber Crime Hacking Malware Security Tools Security Tue, 23 Apr 2013 10:00:00 +0000 Roger A. Grimes 217045 at http://www.infoworld.com Beyond honeypots: It takes a honeytoken to catch a thief http://www.infoworld.com/d/security/beyond-honeypots-it-takes-honeytoken-catch-thief-216467?source=rss_security_tools <div id="blog-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/IFW_Hacking3.jpg" alt="Beyond honeypots: It takes a honeytoken to catch a thief" width="243" height="182" align="right" /></div><p>Last week I talked about <a href="http://www.infoworld.com/d/security/no-honeypot-dont-bother-calling-yourself-security-pro-216038">the importance of deploying honeypots</a> to catch malicious hackers and malware.</p> Security Cyber Crime Hacking Insider Threats Security Tools Security Tue, 16 Apr 2013 10:00:00 +0000 Roger A. Grimes 216467 at http://www.infoworld.com How the pros sniff out a malware infection http://www.infoworld.com/d/security/how-the-pros-sniff-out-malware-infection-210318?source=rss_security_tools <p>In my last column, I talked about <a href="http://www.infoworld.com/d/security/your-guide-safe-and-secure-post-holiday-shopping-209676">making online shopping safer</a>, starting with ensuring your computer isn't already infected with some devious malware. But I didn't tell readers how to confirm that their computer wasn't maliciously compromised from the start.</p> Security Malware Security Tools Security Tue, 08 Jan 2013 11:00:00 +0000 Roger A. Grimes 210318 at http://www.infoworld.com