|
|
Free Newsletters
|
|
|
|
|
|
Malware boom puts pressure on second-tier AV labs Over the first six months of 2007, anti-virus applications market leader Symantec found a total of 212,101 new malware variants, an astonishing 185 percent increase over the second half of 2006, totaling an average of well over 1,100 unique samples arriving per day. Trust key to Internet security A few of my previous columns discussed my vision of creating a more secure Internet. It involved replacing the Internet's default anonymity with pervasive authentication, from the hardware initialization, through the OS and all applications, the user, and ending with a verifiable network stream. It is my strong belief that without a complete overhaul of default authentication, malicious hacking is going to continue indefinitely.  September 14, 3:00 a.m. PDT Financially motivated malware thrives Financially motivated malware attacks are on the rise, with automated software packages making it easy for unskilled hackers to earn a living by sending out spam, researchers at messaging security vendor Secure Computing say. September 7, 9:19 a.m. PDT Debate rages over German government spyware plan When it comes to who can and who can't be a hacker, the German government appears to want its cake and eat it, too. September 5, 8:14 a.m. PDT Malicious Web: Not just porn sites The New Zealand Honeynet Project, which produced Capture-HPC (mentioned here last week), also produced an excellent white paper about using Capture-HPC to identify malicious Web servers. On the group's Web site, you'll find that paper, the captured data, and the tools for anyone to inspect and replicate. August 31, 3:00 a.m. PDT Clearswift makes a clean sweep of Web threats Mitigating network-borne threats has been an imperative to companies of all sizes and statures. As if malware and viral infestation weren’t enough, today’s corporations must contend with even bigger bugs, including regulatory compliance, information leaks, and intellectual property theft. August 22, 3:00 a.m. PDT SpyProxy takes Web apps security fight to 'virtual sandbox' Faced with volumes of browser vulnerabilities and Web-based exploits designed to take advantage of the flaws, security researchers presented a new process for protecting users with execution-based malware detection at the ongoing Usenix Security Symposium in Boston on Wednesday. August 8, 12:42 p.m. PDT Update: Dateline NBC 'mole' outed, booted at Defcon Dateline NBC Producer Michelle Madigan was publicly outed at the Defcon security conference in Las Vegas Friday after show organizers were tipped off that she was trying to film show attendees with a hidden camera. August 3, 6:00 p.m. PDT Report: 90 percent of companies fail compliance An overwhelming percentage of businesses still fall far short in their efforts to comply with industry data-handling regulations and reduce their likelihood of experiencing a serious leakage incident, according to a new survey. July 16, 1:51 p.m. PDT Mounting scrutiny for Google security Much as the ubiquity of Microsoft's Windows operating system and Office productivity tools has made the software giant a focal point of security research, search giant Google is facing new scrutiny as it diversifies its products and moves further into the business environment. July 12, 4:24 p.m. PDT Microsoft launches OneCare 2.0 beta Microsoft released a beta version of its next-generation Windows Live OneCare 2.0 desktop security and management package on July 11, touting a number of improvements made to the product, including the ability to monitor multiple PCs on a local network. July 11, 3:01 p.m. PDT Policy experts split on spyware laws CAMBRIDGE, Mass. -- Two of the agencies most actively involved in bringing cyber-criminals to justice in the United States have expressed opposing opinions over pending anti-spyware legislation. June 28, 5:45 a.m. PDT BeyondTrust keeps Windows users from abusing privileges Too many organizations are still allowing most of their end-users full-time administration privileges in Windows. If you ask why the taboo practice is continuing, administrators will respond that they must allow regular end-users to install software and to make basic system configuration changes. Yet these very tasks also put end-users at risk for malicious exploitation. June 28, 3:00 a.m. PDT Stupid hacker tricks The annals of crime are rife with tales of heists pulled off by enterprising criminal minds. But for every caper carried out with style and smarts, there are hundreds of imprisoned examples of the boneheaded desperado -- guys too greedy, too hasty, or just too brain dead to pull off their nefarious deeds without getting caught. June 11, 3:00 a.m. PDT Some say spyware bill too broad, others say too weak An antispyware bill that passed the U.S. House of Representatives this week faces opposition from several groups with one side saying it's too strong and the other saying it's too weak. June 8, 11:33 a.m. PDT 2007 InfoWorld CTO 25: Paul Judge When online technology evangelists began chatting up Dr. Paul Judge about the promise of e-commerce in the late 1990s, he couldn't get one thought out of his head: With all that money trading hands, criminals were sure to come knocking. June 6, 3:00 a.m. PDT Microsoft unveils integrated security Microsoft shared details of its long-term security product strategy as part of its ongoing TechEd 2007 training conference on June 4, lifting the lid on plans to deliver an integrated suite of its software by mid-2009. June 4, 7:24 a.m. PDT Spammers' use of AI only just begun Though security industry experts were openly referring to the death of spam several years ago, the arrival of image-based attacks has resulted in a stunning renaissance in the volumes of unwanted e-mail reaching end-users' inboxes. May 31, 5:03 p.m. PDT Code Green gives red light to data leaks Reports of corporate data leaks, lost laptops, and misplaced backup tapes are so commonplace that many no longer warrant a mention in the press. So common are corporate data leaks of one form or another that only the multimegaton events -- TJX, the Veterans Administration, or DuPont -- get covered. May 24, 3:00 a.m. PDT Spyware bill passes House The U.S. House of Representatives passed an antispyware bill Tuesday on a voice vote. May 22, 3:00 p.m. PDT Microsoft, TCG get closer on NAC The Trusted Computing Group (TCG) is tying its authentication software standard to Microsoft's proprietary network access protection platform -- a move that leaders in the network access control (NAC) segment tout as a major step toward getting products made by different vendors to work together. May 21, 8:20 a.m. PDT Spyware hunter probes larger market flaws Ben Edelman made a name for himself while still a graduate student by digging into the shady dealings that spawned what most people considered an innocuous problem: pop-up Web advertising. May 16, 3:00 a.m. PDT Scammers gaming YouTube ratings for profit The half-minute-long commercial for energy drink IRN-BRU on YouTube isn't all that original or really very funny. All the same, the clip "R0049_TDAU8" garnered 113 million hits and received a five-star review, with more than 70,000 visitors giving the clip the popular video site's highest content approval rating. (Editor's note: the file has since been removed from YouTube.) May 16, 3:00 a.m. PDT Social Security, spyware bills go to House vote The House Energy and Commerce Committee unanimously approved a pair of bills on May 10 that aim to bolster consumers' protection against misuse of their social security numbers and computer-borne spyware. May 11, 11:23 a.m. PDT Varonis matches data, fishy behavior In the old days, keeping track of critical files was pretty easy: just lock up the file cabinets. These days, the problem is not so simple. With the advent of corporate messaging systems, desktop (and now Web-based) productivity suites, CRM systems and other must-have enterprise applications, companies are drowning in data. Not surprisingly, that's led to some embarrassing gaffes (two words for you: "Veterans Administration.") Now a new generation of companies has sprung up to address that problem with so-called "DLP" or data leak prevention technology. May 9, 12:00 a.m. PDT Nokia expands security appliance line Nokia introduced two new network security appliances on April 30, adding high- and low-end models that aim to help companies filter out malware traffic before it penetrates their IT systems. April 30, 2:17 p.m. PDT Update: Microsoft contests reports of new Office flaws Microsoft Corp. is disputing reports of new three flaws in its Office software while also taking issue in how the alleged flaws were disclosed, the company said Wednesday. April 11, 9:57 a.m. PDT British UFO hacker loses extradition appeal A British hacker who broke into U.S. military computers looking for evidence of UFOs lost another extradition appeal on Tuesday in London's High Court. April 3, 5:02 a.m. PDT Payment systems culprit in TJX heist Confirmed as the largest exposure of consumer information on record in the United States, the network intrusion experienced by TJX Companies highlights serious data security risks posed by outdated payment card systems, experts observed. March 29, 1:07 p.m. PST TJX data heist confirmed as largest ever TJX Companies confirmed in its latest filings with the Securities and Exchange Commission that the network intrusion carried out on its systems resulted in the loss of 45.7 million consumer records, making it the largest such breach on record. March 29, 9:00 a.m. PST Hackers build private IM to keep the law out Hackers have built their own encrypted IM (instant-message) program to shield themselves from law enforcement trying to spy on their communication channels. March 28, 6:36 a.m. PST Web attacks get personal Malware purveyors are increasingly tailoring their virus distribution and attack techniques to take advantage of different classes of end-users, according to researchers with the Internet Security Systems' X-Force team at IBM. March 27, 3:42 p.m. PST More evidence of U.S. as malware capital Contrary to beliefs that overseas crime networks and unemployed computer programmers in Eastern Europe remain the leading sources of virus code on the Internet, new research supports the growing perception that the United States is producing greater volumes of malware code than any other region of the planet. March 26, 1:19 p.m. PST Carriers predict boom in managed security services lass="MsoNormal">Telecommunications companies ranging from Internet service providers to wireless carriers are betting that a new wave of managed security services can help generate additional opportunities with enterprise customers. March 20, 3:00 a.m. PST Researcher: Cingular, Travelocity still in spyware net Just weeks after reaching a settlement with New York's attorney general, AT&T's Cingular division and Travelocity.com are again being accused of having ties to spyware companies. March 14, 3:27 p.m. PST Free domain registrations help spread malware Cheap or free registration of new domain names drives the growth in Web sites used for spamming or hosting malicious software, according to research from McAfee. March 12, 12:21 p.m. PST Visa summit will counter data breach hype Credit-card payments giant Visa is hoping to shed new light on problems like consumer data theft and identity fraud through a conference that will bring together leaders from the business, government, and technology communities to discuss security for the electronic payments industry. March 7, 10:43 a.m. PST Lawsuits, patent claims silence Black Hat talk A planned talk on RFID security by a security researcher has been pulled from this week's Black Hat Federal security conference after secure card maker HID claimed the talk violated the company's patent rights and threatened to take legal action against Chris Paget, the researcher, and IOActive, Paget's employer, if the talk went forward. February 27, 9:30 a.m. PST New laws target data security problem As more details emerge about the recently disclosed security breach at TJX Companies, lawmakers in Massachusetts are considering new laws that would put the onus for paying for such breaches on retailers and merchants, rather than banks and credit unions, the Wall Street Journal reported Thursday. February 23, 8:15 a.m. PST Google patches serious Desktop flaw Google quickly patched what security researchers identified Wednesday was a potentially serious cross-site scripting flaw in its popular desktop search and widget application that could leave users vulnerable to outside attack. February 21, 2:13 p.m. PST Crypto Expert: Moore's Law fuels app obesity epidemic Cryptography is no mean field. After all, the science was invented by humans for the purpose of concealing information from other humans. That means that the best cryptographers have to be blindingly smart, with a mastery of mathematics but also a firm grasp of human psychology and, these days, fields such as computer science. February 19, 3:00 a.m. PST German court bans police from spying on PCs Germany's High Court has handed down a landmark decision banning police from installing spyware on computers of suspected criminals without their knowledge. February 5, 7:53 a.m. PST RSA: Security firms evolve to tackle new threats Evolutionary biologists have long theorized that the pace of evolution quickens when a species faces great environmental stress. This idea, of course, is a tough one to “prove,” but we can see examples of it all around us. Just look at the IT security industry, where something akin to drastic environmental change is happening right now: Organized cybercrime groups are punching truck-size holes in enterprise security defenses as regulators, shareholders, and attorneys general are putting pressure on companies to lock down sensitive data. The pressure for change will make this week’s RSA Security Conference in San Francisco less an industry shindig than a live experiment in evolutionary biology. So walk quietly and keep your field glasses handy to spot some exotic new species in these areas: February 5, 3:00 a.m. PST Hackers target hole in BrightStor Anti-virus firm Symantec warned today that exploit code is circulating for a known security hole in Computer Associates' BrightStor ARCServe Backup software, which provides data backup and restore for a variety of operating systems including Windows, Netware, Linux, Unix, and Mac. February 2, 1:32 p.m. PST Sony settles with FTC on rootkit fracas More than two years after a security researcher first called attention to Sony BMG's use of a stealth program to enforce digital rights management on its music CDs, the company reached a deal with the U.S. Federal Trade Commission over the incident, the FTC announced on Tuesday. January 30, 10:25 a.m. PST Cingular, Priceline, Travelocity settle adware suit Cingular Wireless, Priceline.com, and Travelocity.com have settled with New York State's attorney general after the state accused them of contributing to the spread of adware. January 30, 5:17 a.m. PST Tech firms swarm on end point protection problem Enterprise IT administrators didn’t need the recent stories about large-scale data breaches at TJX (network compromise exposing credit data of hundreds of thousands of consumers) or Canadian Imperial Bank of Commerce (lost hard drive with personal financial information on 470,000 mutual fund customers) to convince them that data leaks were an urgent problem in need of attention. Frankly, corporate boards of directors and auditors have been screaming in their ear about it for a while now. January 29, 3:00 a.m. PST IBM software hides consumer data trail IBM on Friday unveiled a new open source software project, IBM Identity Mixer, or "Idemix," that the company said will mask consumer information exchanged in Web transactions and helping to combat online identity theft. January 26, 1:38 p.m. PST Webroot: Vista’s Defender stops only 16% of spyware Users who put their faith in Vista's new security features and Microsoft's Windows Defender antispyware product may find themselves under attack from spyware all the same, according to the results of a study by Webroot, a leading antispyware vendor and Microsoft competitor. January 25, 12:59 p.m. PST Tech firms swarm on data protection problem Enterprise IT administrators didn't need the recent stories about large-scale data breaches at TJX Co. (network compromise potentially exposing credit data on hundreds of thousands of customers) or Canadian Imperial Bank of Commerce (lost hard drive with personal financial information on 470,000 mutual fund customers) or Nationwide Health Plans (backup tapes with data on 28,000 patients stolen from a lockbox) to convince them that data protection was an urgent problem in need of attention. Frankly, corporate boards of directors and auditors have been screaming it in their ear about it for a while now. January 25, 10:07 a.m. PST Earnings woes threaten Intel, Symantec It was the best and worst of times on Wall Street last week, as earnings announcements made a star of Apple, and monkeys of tech giants Intel and Symantec. January 22, 3:00 a.m. PST Researcher: PatchGuard hotfix stitches up benefit to Microsoft Microsoft has come under fire for quietly releasing a fix to its controversial PatchGuard kernel protection software in order to improve the performance of its Virtual Server 2005 product. January 19, 7:12 p.m. PST Retailer TJX reports massive data breach The TJX Companies, a large retailer that operates over 2,000 retails stores under brands such as Bob's Stores, HomeGoods, Marshalls, T.J. Maxx and A.J. Wright said on Wednesday that it suffered a massive computer breach on a portion of its network that handles credit card, debit card, check, and merchandise transactions in the U.S. and abroad. January 17, 3:37 p.m. PST Cisco to buy IronPort for $830M Cisco Systems said on Thursday it is buying privately held IronPort Systems for $830 million in cash and stock. January 8, 3:00 a.m. PST Apple's New Years Hangover: Lawsuits, Hackers Apple Computer in the past decade has risen, phoenix-like, from the ashes of its own managerial incompetence to attain new heights of profitability (up 27 percent in fourth-quarter 2006 to $546 million), market capitalization ($74 billion at last count) and plain old street cred (traffic to Apple’s iTunes music store beat Microsoft’s Zune 30 to 1 on Christmas Day.) January 8, 3:00 a.m. PST Cisco warns of vulnerabilities in NAC product Networking equipment vendor Cisco Systems Inc. issued an advisory to customers Wednesday about two serious vulnerabilities in its Cisco Clean Access software, a network access control product. January 4, 1:36 p.m. PST Cisco buys e-mail security firm for $830m Cisco Systems Inc. said on Thursday that it was buying IronPort Systems Inc. of San Bruno, Calif. for $830 million in cash and stock. January 4, 5:15 a.m. PST Privacy, patents on agenda for new Congress With our political process morphing into something resembling a perpetual campaign season, the Democratic leaders who captured both the U.S. House of Representatives and Senate in November will have to move darned quick if they want to make good on their campaign promises. January 1, 3:00 a.m. PST FFIEC deadline just the beginning What do you get when you combine deep-pocketed, IT-dependent enterprises with tough-worded federal regulations and the threat of big penalties? A Silicon Valley bonanza, for one thing. January 1, 3:00 a.m. PST A holiday season for hackers? There wasn't a lot of holiday cheer for Microsoft's Security Response Center late last year. December 21, 2:37 p.m. PST Month of security bugs set to bite Apple Apple Computer will soon be a member of the "month of bugs" club. December 19, 5:10 p.m. PST Financial firms hungry for more DHS Data The Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT) raised a few eyebrows in late November when it sent a warning out to U.S. banks and financial institutions about a possible cyber attack by Islamic militants. The alert, dated Nov. 30, was triggered by a posting on what the DHS considered an Islamic jihadi Web site calling for hackers to attack U.S. financial and banking Web sites, apparently to protest the detention of Muslims at Guantanamo Bay, Cuba. However, the warning was heavily qualified, with DHS calling the threat “more aspirational than operational.” Financial firms downplayed the danger, too. One security executive at a major brokerage told InfoWorld that the warning was a “non-event.” December 18, 3:00 a.m. PST 2006 Year in Reviews: Security Given a sharp nudge from federal and state mandates, the security focus has shifted from intruders and malware to data protection and the insider threat — and the likes of Vontu, Reconnex, Oakley Networks, and PortAuthority are meeting the challenge. December 18, 3:00 a.m. PST Authentication startup Bharosa is growing up fast The United Nations last week became the latest organization to warn computer users about the dangers of relying on just passwords to protect online bank accounts and e-commerce shopping carts, according to Reuters December 11, 4:15 p.m. PST Forefront client security out and about It’s good to hear people laugh. Like when I asked the InfoWorld editors if I could go to Barcelona to attend the Microsoft IT Forum that’s going on there right now. At first, it felt good to give them some stress relief, but then they just kept chuckling until I had no choice but to get steamed. I mean, you’ve got to maintain their respect because the InfoWorld office is a lot like Oz -- the TV show, not the land created by L. Frank Baum. So on my way out of the office, I smacked the mail guy around a little. With his own shoes. Should restore the proper level of fear. November 16, 3:00 a.m. PST Virtualization and security It’s a pity that discussions on the subject of security vulnerabilities associated with virtual servers tend to focus on Windows: If a virtual machine is running as a guest on a Windows host, an exploit on the guest VM can climb up to the Windows host, and then all hell can break loose. There’s more to securing virtual servers than not running VMs as guests of a Windows host. If cyberfelons gain local or remote access to a VMware Virtual Center console, your world is their oyster. This seems like a fairly obscure potential risk — Virtual Center is pretty easy to lock down — but are there other risks unique to virtual servers? November 15, 3:00 a.m. PST Bit9 adds malware code IDs to app database Application control vendor Bit9 said on Tuesday that an update to the company's Parity product will add malicious code IDs to the ParityCenter database of applications, allowing administrators to determine the trustworthiness of new applications that appear on their networks. November 7, 7:30 a.m. PST Cash crisis in the frozen north One of my most exciting jobs was working as a network engineer in the far Canadian north. It was pretty rough up there! Many of the villages were accessible only by small aircraft, and when your plane landed, the Mounties would search you and confiscate any alcohol. When people got hold of a drink, they went crazy. November 7, 3:00 a.m. PST Skirting Microsoft's Maginot Line As Microsoft’s Vista operating system slouches toward completion, there’s been a rising chorus of criticism from independent software vendors about Vista’s supposed strong suit: security. PatchGuard, a kernel-protection technology, is a favorite target. Aside from blocking access to the kernel for third-party products, some security firms are raising questions about whether the kernel-protection feature will even work. Latest among them is Authentium, a provider of security SaaS (software as a service) products, which said recently that a new product, VirtualATM, can shut off PatchGuard so the company could secure online banking transactions, even on infected PCs. InfoWorld Senior Editor Paul F. Roberts caught up with Authentium CEO John Sharp last week to talk about the controversy. November 6, 3:00 a.m. PST Security weapons to fight the next malware war The shift from frontal assaults on enterprise networks to insider threats such as rootkits, Trojans, and bots signals big changes in IT security. Here are a few of the technologies that will play an important role in the years to come: October 30, 3:00 a.m. PST How malicious hackers get away with data Compromising sensitive networks is only half the battle for malicious hackers or spies. Once they’re on the network, and have the data they want, they must find a way to get it back outside. Unfortunately, malicious hackers have a number of tools at their disposal, and with lax enterprise oversight of outbound data flows, the chances of getting caught using them are slim, according to Rob Murawski, a member of the CERT Coordination Center. Here are a few common techniques for data “exfiltration” — the technique of stealing data and slipping it past the perimeter — presented by Murawksi at the Virus Bulletin 2006 conference: October 30, 3:00 a.m. PST Future-proof your IT security Asymmetric warfare is hell. Sure, you may have night-vision goggles, body armor, and air support, but you’re also working for a bureaucratic organization built to fight a war that doesn’t look much like the one you’re in. Your adversary, on the other hand, is poorly equipped, yet nimble, resourceful, and adept at spotting and exploiting the slightest weakness. So much so, you may not even know you’re under attack. October 30, 3:00 a.m. PST Microsoft: Know your network to stop fraud The past six months, anti-virus companies Symantec and McAfee have engaged in a full-on proxy war with Microsoft, appealing to the media and the European Commission about the threats to competition and innovation as the world’s largest software maker steps into the security software space. October 23, 3:00 a.m. PDT IBM buys bolster security, ECM IBM Corp. won stockholder approval of a buyout bid and closed another acquisition deal in two recent developments that will bolster its product and service offerings. October 16, 10:31 a.m. PDT Symantec targets crimeware with Security 2.0 Republican Congress members who have spent much of the past two weeks trying to change the subject from lurid e-mail and IMs could take a page out of Symantec’s playbook. October 16, 3:00 a.m. PDT Storm clouds on AV horizon Leave it to the world’s biggest software maker to bust up a good party. Every year for more than a decade the world’s top virus and malicious code experts have gathered for the Virus Bulletin conference to talk about what’s hot in the world of computer threats. October 16, 3:00 a.m. PDT Vista's DRM features could bedevil AV A security researcher is raising concerns about a digital rights management feature in Microsoft's new Vista operating system that he claims may make it easy for malicious code authors to block anti-virus programs from removing their wares. October 13, 5:30 a.m. PDT Microsoft revokes MVP status of adware distributor The Lord giveth, the Lord taketh away. One week after it named the creator of a Windows Messenger add-on to its list of Most Valued Professionals (MVPs), Microsoft has revoked the award after critics pointed out that the program is used to distribute adware. 4:34 a.m. PDT Dunn, Others Charged in HP Scandal The windup to criminal charges stemming from Hewlett-Packard’s shameful leak investigation has taken weeks. Then, just as the Major League Baseball playoffs got under way, California Attorney General Bill Lockyer delivered his pitch: felony charges against HP Chairwoman Patricia Dunn, Kevin Hunsaker, a former senior lawyer at HP, and three outside investigators. 3:00 a.m. PDT Microsoft awards MVP to 'adware' distributor Microsoft has come under fire for naming the developer of a program that can install adware on user's PCs as one of its Most Valued Professionals. October 6, 11:59 a.m. PDT McAfee buys Citadel McAfee Inc. will pay US$60 million to acquire Citadel Security Software Inc., a producer of security compliance products that ensure corporate employees are using assigned IT policies. October 3, 9:51 a.m. PDT UK gov't security expert: Balance cybersecurity risks Governments and businesses face a variety of cybersecurity threats, but they also need to allow for increasing demands from computer users across the globe, the former information security advisor for the U.K. Ministry of Defense said Wednesday. September 27, 9:46 a.m. PDT Trend Micro launches anti-botnet service Trend Micro announced a new service to help large organizations and Internet service providers (ISPs) fight networks of zombie machines, known as "botnets." September 25, 5:02 a.m. PDT Ben Fathi: looking beyond Vista It’s not easy being Ben Fathi. As corporate vice president of Microsoft’s Security Technology Unit, Fathi took the place of longtime STU leader Mike Nash in March amid a larger management shake-up just days after Microsoft announced that the shipment date for Vista was slipping yet again. After Nash’s high-profile tenure, Fathi’s charge is more subtle: building what he calls a “trust ecosystem” around Vista and its new security features and promoting the company’s secure development practices. But first he must help get Vista out the door. Fathi sat down to talk with InfoWorld Senior Editor Paul Roberts at the recent Security Standard Conference in Boston about Vista’s progress, and the world after Vista. September 25, 3:00 a.m. PDT Antispyware groups: Legislation still needed Even though security technology is improving, spyware legislation is still needed from the U.S. Congress because many consumers don't use all the tech tools available to them, antispyware groups said Thursday. September 21, 12:20 p.m. PDT Watching out for our own security Security pros know that there’s no perfect defense against a determined attacker. So when an identity thief strikes, it’s vital to detect the theft. But who’s going to be the detective? September 20, 3:00 a.m. PDT Porn sites exploit IE bug to install spyware Hackers are taking advantage of a newly discovered vulnerability in Internet Explorer to install spyware on PCs that visit a number of Russian porn sites. September 19, 1:46 p.m. PDT HP "pretexting" scandal keeps chugging Huge, ugly scandals have a way of planting new terms in the lexicon. Consider the way the Watergate affair of the early 1970s made -gate an all-purpose suffix denoting scandal, or the way last year’s Sony digital rights management imbroglio made “rootkit” an unlikely term heard around the dinner table. September 18, 3:00 a.m. PDT Microsoft, EC tangle over Vista security The European Commission warned Microsoft again Tuesday that planned security features in the upcoming Windows Vista operating system could run afoul of EU antitrust laws, prompting Microsoft to say that an adverse ruling from European regulators could further delay Vista's ship date. September 12, 12:58 p.m. PDT HP back on the couch over phone record hacks Like a good friend who has just gotten out of a terrible relationship, Hewlett-Packard seemed to be on the rebound and all the happier for it in recent months. After the departure of controversial CEO Carly Fiorina, the company has as of late shown newfound confidence and focus under new CEO Mark Hurd. But all’s still not well in the higher echelons of HP, as revealed in a filing the company made to the U.S. Securities and Exchange Commission. September 11, 3:00 a.m. PDT Paller: Government cybersecurity gets an F As director of research at the SANS Institute, Alan Paller has a unique window from which to view the U.S. government’s efforts to secure its vast computer networks. An original member of the National Infrastructure Advisory Council, Paller has had the ear of high-level White House officials. Paller has also been a reliable critic of the government’s cybersecurity plans, which he says are ineffective and mired in bureaucracy. September 11, 3:00 a.m. PDT Cisco, Microsoft to announce NAC progress Cisco Systems and Microsoft will announce progress on a 2-year-old effort to link their separate technologies for network client health screening, commonly known as "network access control," according to sources familiar with the companies' plans. September 6, 7:15 a.m. PDT Group will unveil mobile security open specs I search, therefore I am. That was the rude lesson AOL subscribers learned last month when the Internet giant thoughtlessly released reams of data on searches that its users conducted. Sure, the users’ identities were removed, but as people quickly figured out, you can tell a lot about who somebody is by looking at what they’re looking for. September 4, 3:00 a.m. PDT Microsoft downplays latest malware warnings With security vendors warning of new malware that exploits a recently patched flaw in Windows, Microsoft Corp. is saying that attacks are not on the rise. September 1, 12:32 p.m. PDT BearingPoint awarded agency smart-card contract The U.S. General Services Administration (GSA) has awarded IT systems integrator BearingPoint Inc. a five-year contract worth up to $104.6 million to help U.S. agencies move to mandated smart-card identity systems. August 18, 2:13 p.m. PDT AOL security tools raise adware questions Just days after posting details of searches made by hundreds of thousands of subscribers, AOL is in hot water again with consumer advocates. This time the issue is with the company's Active Virus Shield anti-virus software, released last week. August 18, 4:14 a.m. PDT Update: Microsoft updates fix PowerPoint, Windows flaws Microsoft has issued nine security updates addressing critical flaws in its Office and Windows products. The updates patch two worrisome PowerPoint flaws that could allow attackers to seize control of a PC, the company said Tuesday. August 9, 4:20 a.m. PDT Roam the Net naked For readers’ convenience, I’d like to summarize the long list of present best practices in client-system security implemented by all InfoWorld readers. When you sit down at a client computer that’s not hooked into a locked-down corporate network, you know the drill. You have e-mail rules that block potentially hazardous attachments, including JPEGs and Office documents. You’ve always got your firewall cranked up to maximum vigilance, getting your clearance for every attempt by every application to open an outbound TCP/IP connection. Your anti-virus software runs constantly and stays constantly updated. You set aside temporary mail accounts for use in forums, Usenet posting, and online shopping to avoid phishers and spammers. You have cookies, Javascript, auto-fill and plug-ins disabled in your browser and you never, never use IM or peer-to-peer networks. You regularly clean out your Windows registry or sweep out the detritus of installed but unused Linux or OS X software, and you weed through files that have piled up in Firefox’s cache and download directories. August 9, 3:00 a.m. PDT Wireless, NAC holes on display at Black Hat One year after an ISS researcher’s presentation set off a press firestorm, the Black Hat Briefings Conference in Las Vegas was back to its old form last week: poking holes in enterprise sacred cows such as NAC (network access control) and wireless technology. August 3, 3:00 p.m. PDT Researchers: Management apps could pose security risk Insecure coding and loose deployments of enterprise management applications could turn anti-virus, patch management and systems management applications into powerful and malicious botnets, according to research presented at the Black Hat Briefings Conference in Las Vegas. August 3, 3:00 a.m. PDT > Security > Malware |
|
|
||||||||||||||||||
