|
|
Free Newsletters
|
|
|
|
|
|
Trust key to Internet security A few of my previous columns discussed my vision of creating a more secure Internet. It involved replacing the Internet's default anonymity with pervasive authentication, from the hardware initialization, through the OS and all applications, the user, and ending with a verifiable network stream. It is my strong belief that without a complete overhaul of default authentication, malicious hacking is going to continue indefinitely. Free gift offers dupe users into giving personal data The personal details of thousands of mostly U.S.-based PC users have been discovered stashed on a server located in France, another indication of use of the Internet to collect personal data on a vast scale. September 4, 4:09 a.m. PDT Update: Dateline NBC 'mole' outed, booted at Defcon Dateline NBC Producer Michelle Madigan was publicly outed at the Defcon security conference in Las Vegas Friday after show organizers were tipped off that she was trying to film show attendees with a hidden camera. August 3, 6:00 p.m. PDT Users urged to patch serious hole in BIND 9 DNS server A security researcher has reported a serious vulnerability in BIND 9, the software widely used in the Internet's DNS addressing system. July 25, 4:31 a.m. PDT Mounting scrutiny for Google security Much as the ubiquity of Microsoft's Windows operating system and Office productivity tools has made the software giant a focal point of security research, search giant Google is facing new scrutiny as it diversifies its products and moves further into the business environment.  July 12, 4:24 p.m. PDT Microsoft launches OneCare 2.0 beta Microsoft released a beta version of its next-generation Windows Live OneCare 2.0 desktop security and management package on July 11, touting a number of improvements made to the product, including the ability to monitor multiple PCs on a local network. July 11, 3:01 p.m. PDT Policy experts split on spyware laws CAMBRIDGE, Mass. -- Two of the agencies most actively involved in bringing cyber-criminals to justice in the United States have expressed opposing opinions over pending anti-spyware legislation. June 28, 5:45 a.m. PDT The struggle to protect enterprise data Long ago, when businesses kept sensitive information locked away in file cabinets and safes, it was relatively cheap and easy to store valuable data and control who had access to it. Today, enterprises invest millions in security, storage, and compliance technologies -- all in the name of increasing visibility into where vital electronic information lives and how it is being defended. June 25, 3:00 a.m. PDT PayPal, eBay offer Security Key to U.S. customers PayPal unveiled a new Security Key on Friday that will add an additional layer of security to user accounts and help prevent online criminals from gaining access to them. The PayPal Security Key is a small electronic token that generates a unique code that can be used in addition to a user name and password when users sign in to their PayPal account. June 15, 3:00 a.m. PDT AOL spammer pleads guilty Adam Vitale pled guilty Monday to sending unsolicited e-mail to 1.2 million AOL LLC subscribers, U.S. Attorney for the Southern District of New York Michael J. Garcia said. June 12, 4:44 a.m. PDT Stupid hacker tricks The annals of crime are rife with tales of heists pulled off by enterprising criminal minds. But for every caper carried out with style and smarts, there are hundreds of imprisoned examples of the boneheaded desperado -- guys too greedy, too hasty, or just too brain dead to pull off their nefarious deeds without getting caught. June 11, 3:00 a.m. PDT 2007 InfoWorld CTO 25: Paul Judge When online technology evangelists began chatting up Dr. Paul Judge about the promise of e-commerce in the late 1990s, he couldn't get one thought out of his head: With all that money trading hands, criminals were sure to come knocking. June 6, 3:00 a.m. PDT Spammers' use of AI only just begun Though security industry experts were openly referring to the death of spam several years ago, the arrival of image-based attacks has resulted in a stunning renaissance in the volumes of unwanted e-mail reaching end-users' inboxes. May 31, 5:03 p.m. PDT Microsoft issues emergency Windows patch With attackers finding more ways to exploit a critical flaw in its Windows operating system, Microsoft has published an emergency software patch. April 3, 1:13 p.m. PDT British UFO hacker loses extradition appeal A British hacker who broke into U.S. military computers looking for evidence of UFOs lost another extradition appeal on Tuesday in London's High Court. April 3, 5:02 a.m. PDT Payment systems culprit in TJX heist Confirmed as the largest exposure of consumer information on record in the United States, the network intrusion experienced by TJX Companies highlights serious data security risks posed by outdated payment card systems, experts observed. March 29, 1:07 p.m. PST TJX data heist confirmed as largest ever TJX Companies confirmed in its latest filings with the Securities and Exchange Commission that the network intrusion carried out on its systems resulted in the loss of 45.7 million consumer records, making it the largest such breach on record. March 29, 9:00 a.m. PST Hackers build private IM to keep the law out Hackers have built their own encrypted IM (instant-message) program to shield themselves from law enforcement trying to spy on their communication channels. March 28, 6:36 a.m. PST Web attacks get personal Malware purveyors are increasingly tailoring their virus distribution and attack techniques to take advantage of different classes of end-users, according to researchers with the Internet Security Systems' X-Force team at IBM. March 27, 3:42 p.m. PST UK e-crime chief: Cyber criminals are undeterred Last year, the U.K. dissolved the National High-Tech Crime Unit (NHTCU), the agency responsible for investigating computer crime. The unit was folded into the Serious Organized Crime Agency (SOCA), a new organization that investigates fraud, drug trafficking and immigration-related crime. Critics charged that online crime would become a lower priority. March 27, 9:50 a.m. PST Q&A: Shred data to defend it Jeff Jonas, the chief scientist and distinguished engineer at IBM Corp.'s entity analytic solutions group, has developed a means of sharing corporate data without revealing what that data contains. March 9, 4:33 a.m. PST Elaborate 'pharming' attack targeted 50 banks An attack this week that targeted online customers of at least 50 financial institutions in the U.S., Europe, and Asia-Pacific has been shut down, a security expert said Thursday. February 22, 5:52 a.m. PST Cerf: Internet is a reflection of society The Internet is a mirror of the population that uses it, said Google's vice president and chief Internet evangelist Vinton Cerf said in reference to the proliferation of fraud, social abuse, and other online crimes. February 21, 4:55 a.m. PST RSA: Security firms evolve to tackle new threats Evolutionary biologists have long theorized that the pace of evolution quickens when a species faces great environmental stress. This idea, of course, is a tough one to “prove,” but we can see examples of it all around us. Just look at the IT security industry, where something akin to drastic environmental change is happening right now: Organized cybercrime groups are punching truck-size holes in enterprise security defenses as regulators, shareholders, and attorneys general are putting pressure on companies to lock down sensitive data. The pressure for change will make this week’s RSA Security Conference in San Francisco less an industry shindig than a live experiment in evolutionary biology. So walk quietly and keep your field glasses handy to spot some exotic new species in these areas: February 5, 3:00 a.m. PST Cisco to buy IronPort for $830M Cisco Systems said on Thursday it is buying privately held IronPort Systems for $830 million in cash and stock. January 8, 3:00 a.m. PST FFIEC deadline just the beginning What do you get when you combine deep-pocketed, IT-dependent enterprises with tough-worded federal regulations and the threat of big penalties? A Silicon Valley bonanza, for one thing. January 1, 3:00 a.m. PST Update: Santa's Web site hacked With Christmas fast approaching, Santa Claus reached out for a little help from Stopbadware.org this week. December 22, 9:39 a.m. PST A holiday season for hackers? There wasn't a lot of holiday cheer for Microsoft's Security Response Center late last year. December 21, 2:37 p.m. PST Financial firms hungry for more DHS Data The Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT) raised a few eyebrows in late November when it sent a warning out to U.S. banks and financial institutions about a possible cyber attack by Islamic militants. The alert, dated Nov. 30, was triggered by a posting on what the DHS considered an Islamic jihadi Web site calling for hackers to attack U.S. financial and banking Web sites, apparently to protest the detention of Muslims at Guantanamo Bay, Cuba. However, the warning was heavily qualified, with DHS calling the threat “more aspirational than operational.” Financial firms downplayed the danger, too. One security executive at a major brokerage told InfoWorld that the warning was a “non-event.” December 18, 3:00 a.m. PST Authentication startup Bharosa is growing up fast The United Nations last week became the latest organization to warn computer users about the dangers of relying on just passwords to protect online bank accounts and e-commerce shopping carts, according to Reuters December 11, 4:15 p.m. PST Virtualization and security It’s a pity that discussions on the subject of security vulnerabilities associated with virtual servers tend to focus on Windows: If a virtual machine is running as a guest on a Windows host, an exploit on the guest VM can climb up to the Windows host, and then all hell can break loose. There’s more to securing virtual servers than not running VMs as guests of a Windows host. If cyberfelons gain local or remote access to a VMware Virtual Center console, your world is their oyster. This seems like a fairly obscure potential risk — Virtual Center is pretty easy to lock down — but are there other risks unique to virtual servers? November 15, 3:00 a.m. PST Skirting Microsoft's Maginot Line As Microsoft’s Vista operating system slouches toward completion, there’s been a rising chorus of criticism from independent software vendors about Vista’s supposed strong suit: security. PatchGuard, a kernel-protection technology, is a favorite target. Aside from blocking access to the kernel for third-party products, some security firms are raising questions about whether the kernel-protection feature will even work. Latest among them is Authentium, a provider of security SaaS (software as a service) products, which said recently that a new product, VirtualATM, can shut off PatchGuard so the company could secure online banking transactions, even on infected PCs. InfoWorld Senior Editor Paul F. Roberts caught up with Authentium CEO John Sharp last week to talk about the controversy. November 6, 3:00 a.m. PST Birth of the killer app Apple Computer is celebrating the fifth anniversary of its “killer app,” the Apple iPod MP3 player. But Eric Allman, Chief Science Officer at Sendmail, is among those Internet pioneers celebrating the anniversary of an even older and more seminal killer app: Internet e-mail, which celebrates an anniversary of sorts this October: It has been 25 years since work started on SMTP (Simple Mail Transfer Protocol), which gave birth to modern e-mail communications. October 30, 3:00 a.m. PST How malicious hackers get away with data Compromising sensitive networks is only half the battle for malicious hackers or spies. Once they’re on the network, and have the data they want, they must find a way to get it back outside. Unfortunately, malicious hackers have a number of tools at their disposal, and with lax enterprise oversight of outbound data flows, the chances of getting caught using them are slim, according to Rob Murawski, a member of the CERT Coordination Center. Here are a few common techniques for data “exfiltration” — the technique of stealing data and slipping it past the perimeter — presented by Murawksi at the Virus Bulletin 2006 conference: October 30, 3:00 a.m. PST IBM buys bolster security, ECM IBM Corp. won stockholder approval of a buyout bid and closed another acquisition deal in two recent developments that will bolster its product and service offerings. October 16, 10:31 a.m. PDT Symantec targets crimeware with Security 2.0 Republican Congress members who have spent much of the past two weeks trying to change the subject from lurid e-mail and IMs could take a page out of Symantec’s playbook. October 16, 3:00 a.m. PDT Storm clouds on AV horizon Leave it to the world’s biggest software maker to bust up a good party. Every year for more than a decade the world’s top virus and malicious code experts have gathered for the Virus Bulletin conference to talk about what’s hot in the world of computer threats. October 16, 3:00 a.m. PDT TippingPoint Releases Anti-phishing Tool There’s a kind of “tyranny of good intentions” that often springs up around IT security problems. 3:00 a.m. PDT Norton Confidential to ship next week Symantec's new identity protection software, Norton Confidential, is set to ship on Monday. October 5, 4:57 p.m. PDT McAfee buys Citadel McAfee Inc. will pay US$60 million to acquire Citadel Security Software Inc., a producer of security compliance products that ensure corporate employees are using assigned IT policies. October 3, 9:51 a.m. PDT UK gov't security expert: Balance cybersecurity risks Governments and businesses face a variety of cybersecurity threats, but they also need to allow for increasing demands from computer users across the globe, the former information security advisor for the U.K. Ministry of Defense said Wednesday. September 27, 9:46 a.m. PDT Ben Fathi: looking beyond Vista It’s not easy being Ben Fathi. As corporate vice president of Microsoft’s Security Technology Unit, Fathi took the place of longtime STU leader Mike Nash in March amid a larger management shake-up just days after Microsoft announced that the shipment date for Vista was slipping yet again. After Nash’s high-profile tenure, Fathi’s charge is more subtle: building what he calls a “trust ecosystem” around Vista and its new security features and promoting the company’s secure development practices. But first he must help get Vista out the door. Fathi sat down to talk with InfoWorld Senior Editor Paul Roberts at the recent Security Standard Conference in Boston about Vista’s progress, and the world after Vista. September 25, 3:00 a.m. PDT Watching out for our own security Security pros know that there’s no perfect defense against a determined attacker. So when an identity thief strikes, it’s vital to detect the theft. But who’s going to be the detective? September 20, 3:00 a.m. PDT Paller: Government cybersecurity gets an F As director of research at the SANS Institute, Alan Paller has a unique window from which to view the U.S. government’s efforts to secure its vast computer networks. An original member of the National Infrastructure Advisory Council, Paller has had the ear of high-level White House officials. Paller has also been a reliable critic of the government’s cybersecurity plans, which he says are ineffective and mired in bureaucracy. September 11, 3:00 a.m. PDT McAfee warns of 'SMiShing' attacks Cell phone users should watch out for text messages containing a Web site link which, when visited, could download a Trojan horse, security experts have warned. August 28, 5:24 a.m. PDT Roam the Net naked For readers’ convenience, I’d like to summarize the long list of present best practices in client-system security implemented by all InfoWorld readers. When you sit down at a client computer that’s not hooked into a locked-down corporate network, you know the drill. You have e-mail rules that block potentially hazardous attachments, including JPEGs and Office documents. You’ve always got your firewall cranked up to maximum vigilance, getting your clearance for every attempt by every application to open an outbound TCP/IP connection. Your anti-virus software runs constantly and stays constantly updated. You set aside temporary mail accounts for use in forums, Usenet posting, and online shopping to avoid phishers and spammers. You have cookies, Javascript, auto-fill and plug-ins disabled in your browser and you never, never use IM or peer-to-peer networks. You regularly clean out your Windows registry or sweep out the detritus of installed but unused Linux or OS X software, and you weed through files that have piled up in Firefox’s cache and download directories. August 9, 3:00 a.m. PDT FBI: Cybercriminals taking cues from Mafia The Web site offered to sell stolen credit card information for $100, but it was the title of the poster that caught FBI agent Thomas X Grasso Jr.'s attention. The cybercriminal identified himself as a "Capo di capo" -- a boss of bosses, in Mafia parlance. August 7, 4:09 a.m. PDT Senate approves cybercrime treaty The U.S. Senate has ratified a long-neglected cybercrime treaty that supporters say would allow greater international cooperation in cybercrime investigations. August 4, 8:59 a.m. PDT Wireless, NAC holes on display at Black Hat One year after an ISS researcher’s presentation set off a press firestorm, the Black Hat Briefings Conference in Las Vegas was back to its old form last week: poking holes in enterprise sacred cows such as NAC (network access control) and wireless technology. August 3, 3:00 p.m. PDT McAfee cries wolf on open source According to the editor’s letter in last week’s inaugural edition of Sage, a magazine produced by anti-malware vendor McAfee, “Open source is not to blame for current security trends.” Maybe not, but apparently it’s still expected to take the fall. July 24, 3:00 a.m. PDT Entrust acquiring Business Signatures Digital identity vendor Entrust said on Thursday that it is acquiring Business Signatures, a maker of fraud detection technology, for around $50 million in cash. July 19, 9:25 p.m. PDT IBM sued over hacked e-mail server A Washington, D.C., law firm has sued IBM, claiming that the computing giant is responsible for a 2005 attack on its e-mail server. July 12, 1:33 p.m. PDT Secure Computing to buy CipherTrust Secure Computing plans to acquire e-mail security vendor CipherTrust in a deal valued at close to $274 million. July 11, 3:52 p.m. PDT Symantec preparing to enter anti-fraud space The recent super-sophisticated phishing attack against online payment service PayPal was yet more proof that the inability of anti-virus and firewall tools to stop new threats is the worst-kept secret in computer security. June 26, 3:00 a.m. PDT CTO: Large-scale acquisitions likely over for CA Large-scale acquisitions are probably a thing of the past for CA Inc., says the software vendor's new chief technology officer (CTO), Al Nugent. June 21, 12:32 p.m. PDT BuysUSA.com operator pleads guilty to piracy BuysUSA.com's owner pleaded guilty to selling nearly US$20 million worth of pirated software through the mail, the U.S. Department of Justice (DOJ) said Friday. June 16, 11:27 a.m. PDT Interview: Microsoft security chief's new vistas Ben Fathi knows a thing or two about security. He spent the first half of his 24-year career working as an operating system developer, before moving to management. Before being named head of Microsoft Corp.'s security group, he was the executive responsible for the Server Message Block (SMB) file-sharing protocol, which has had its share of security issues. June 13, 4:16 p.m. PDT Mouse jitters give away fraudsters Online fraudsters might want to try some method acting classes before they attempt to log in to an online banking session using a stolen user name and password. New technology from Fair Isaac claims to be able to spot fishy Web sessions by, among other things, comparing mouse movements and typing mannerisms with those of the account holder. May 31, 9:50 a.m. PDT Phishers use Microsoft Word hole as bait Microsoft last week said it would rush to deliver a patch for a recently discovered hole in Microsoft Word that was being used in sophisticated online attacks. May 29, 3:00 a.m. PDT Hundreds arrested in $1B marketing fraud More than 565 people in North America and Europe have been arrested in an international sweep that targeted marketing fraud using the Internet and other means, the U.S. Department of Justice (DOJ) announced Tuesday. May 24, 7:28 a.m. PDT Microsoft: Word zero-day patch by June Microsoft plans to patch a newly discovered hole in Microsoft Word in its next monthly patch update, and may release a rare "out of cycle" patch to address the hole, a company spokesman said. May 22, 3:10 p.m. PDT Researchers: spend to protect against one attack, not many In an academic paper to be presented next month at the University of Cambridge in England, a research team will make a compelling and somewhat surprising mathematical case for how enterprises should spend their IT security budgets. May 19, 10:08 a.m. PDT Africa tightens up cyberlaws East African countries are coordinating efforts to pass cybercrime laws that would be similar to ones in the Southern African Development Community (SADC) region, according to government officials. May 12, 8:53 a.m. PDT Botmaster gets five years in prison Jeanson James Ancheta, who used a network of zombie computers to rake in tens of thousands of dollars and buy himself a BMW, was sentenced to almost five years in federal prison on Monday. May 9, 8:02 a.m. PDT Tracking malware with honeyclients I’ve been a big fan of honeypots ever since I first learned about them in Clifford Stoll’s The Cuckoo’s Egg. His story about catching German hackers because of a 75-cent accounting error is a thrilling forensics journey. Today, I support honeypots because they are a must-have early-warning tool in any organization. April 14, 3:00 a.m. PDT Guide aims to plug security holes for small business Several groups have come together to help vulnerable small businesses protect against data breaches with a package of guidelines unveiled Monday. March 27, 10:09 a.m. PST > Security > Scams |
|
|
||||||||||||||||||
