|
|
Free Newsletters
|
|
|
|
|
|
IT trainer offers master's degree for hackers In an effort to produce the next generation of chief security officers and IT systems defense experts, an online training company is offering a new master's degree program in security science. Security analysts closer to improved antivirus software test Antivirus vendors are closer to agreeing on a new way to test their software after widespread agreement that older antivirus tests can be misleading. October 5, 9:13 a.m. PDT Security vendors bring zombie fighters to life Data leakage prevention might currently be the hottest IT security submarket, but vendors are also tuning up their product offerings to help customers ward off the presence of botnet-infected zombie computers.  October 4, 3:41 p.m. PDT Malware boom puts pressure on second-tier AV labs Over the first six months of 2007, anti-virus applications market leader Symantec found a total of 212,101 new malware variants, an astonishing 185 percent increase over the second half of 2006, totaling an average of well over 1,100 unique samples arriving per day. October 3, 7:08 a.m. PDT Google adds Postini e-mail services to Apps Premier suite Google will add e-mail security, compliance, and recovery services to Google Apps Premier edition at no extra charge, boosting an area of this hosted communications and collaboration suite that is key for its adoption by large organizations. October 3, 3:58 a.m. PDT Survey: Consumers only think they're cybersafe Most U.S. consumers believe they're protecting their computers against cyberattacks, but their actions indicate they aren't as safe as they think, according to a study released Monday. October 1, 9:09 a.m. PDT Cool tools for hacker trackers If you want to keep up with the latest criminal exploits without having to collect malware yourself, take a look at SRI International's Cyber-Threat Analytics BotHunter Malware Analysis Web page. Reporting on information and statistics collected from a research honeynet, the BotHunter Malware Analysis page makes daily infection logs from high-interaction honeypots available for anyone to view. Although the scale of the project and information collected is fairly small, this is a useful site for gaining more insight into crimeware and the world of bots. September 28, 3:00 a.m. PDT Tech giants chart research goals Power consumption, parallelism, and the rapidly-expanding world of mobile communications are among the leading areas of research and development currently being investigated within some of the IT world's largest companies. September 26, 2:53 p.m. PDT PayPal claims gains against phishers PayPal security chief Michael Barrett isn't ready to claim a victory in the fight against phishing schemes, but he said that his company is slowly turning the tide using a set of new partnerships and technological means. September 20, 4:23 a.m. PDT Fear of insider threats hits home The more money that companies spend on securing their IT operations from external attack, the more it seems they become aware that the potential threat posed by their own employees remains their most significant risk. September 18, 10:42 a.m. PDT Infrastructure threats: Botnets show DoS who's boss Malware-infected botnet PCs have overtaken DoS attacks as the top security issue facing Internet service providers and other Web infrastructure hosting players, according to a new survey of the organizations. September 18, 3:54 a.m. PDT Insiders overtake viruses as biggest security worry Company insiders have overtaken viruses as the most reported security incident, according to the annual report from the respected U.S. Computer Security Institute (CSI). September 14, 9:28 a.m. PDT Badware hunters tame wild Webmasters, hosts If hijacked sites and hosting companies that fail to police malware distribution sources represent two of the most serious threats to Internet security, there may be hope for improvement, according to researchers working with Harvard Law School's StopBadware.org. September 14, 3:45 a.m. PDT Trust key to Internet security A few of my previous columns discussed my vision of creating a more secure Internet. It involved replacing the Internet's default anonymity with pervasive authentication, from the hardware initialization, through the OS and all applications, the user, and ending with a verifiable network stream. It is my strong belief that without a complete overhaul of default authentication, malicious hacking is going to continue indefinitely. September 14, 3:00 a.m. PDT Online thugs assault security help sites The good guys are taking a hit in the ongoing online war between the thugs who profit from phishing and malware, and those who work to stop them. September 12, 9:22 a.m. PDT Cisco says acquisitions don't impede best-of-breed Cisco executives speaking at the ongoing Security Standard Conference claim that the networking giant hasn't sapped innovation in the security companies it has acquired in its efforts to add to its own expanse of IT systems-defense products, while some customers clearly feel otherwise. September 10, 4:38 p.m. PDT Skype warns users of Windows worm Skype users are under attack from a new worm that spreads through the peer-to-peer Internet phone application's chat feature. September 10, 7:05 a.m. PDT Best of open source in security In areas such as CRM software and portals, open source gained a foothold because users were willing to compromise -- less could be more, because the price was right. In security, open source rushed in because commercial vendors fell down on the job. As security problems in the enterprise outstripped the capabilities of commercial solutions, a number of talented security researchers stepped into the breach via the open source model. September 10, 3:00 a.m. PDT Introducing the 2007 InfoWorld Bossies Not too long ago, open source meant starving developers; scant documentation; an ugly, outdated Web site; and software that lived in perpetual beta. Now open source software is becoming big business. “Now hiring” is a common sight on project home pages, and .org and SourceForge sites that used to point straight to source code archives are redirected to .com URLs that celebrate the commercial success of what started out as collaborations among unpaid coders of like mind. September 10, 3:00 a.m. PDT Financially motivated malware thrives Financially motivated malware attacks are on the rise, with automated software packages making it easy for unskilled hackers to earn a living by sending out spam, researchers at messaging security vendor Secure Computing say. September 7, 9:19 a.m. PDT Nokia, Intel beef up new network security appliance Nokia added a new appliance to its network security range that has more processing muscle -- the first product to come out of its collaboration with Intel. September 6, 4:43 a.m. PDT Forrester security show stresses risk management Enterprise security decision makers have long been more likely to be swayed by flashy new technologies than by the notion of comprehensive IT restructuring to protect data and other corporate assets, but the situation is evolving rapidly, according to experts participating in Forrester Research's ongoing Security Forum. September 5, 11:33 a.m. PDT Germany implements security plan to protect IT infrastructure with The German government has agreed to implement a sweeping set of security measures aimed at protecting critical IT infrastructure in the country. September 5, 9:35 a.m. PDT FBI: Enterprises need counterintelligence The Chinese government has denied involvement in a series of hacks carried out against IT systems at the Pentagon in June this week, but the threat of technology-driven espionage has forced the FBI to push businesses and academic institutions to better prepare for such attacks. September 4, 3:45 p.m. PDT Malicious Web: Not just porn sites The New Zealand Honeynet Project, which produced Capture-HPC (mentioned here last week), also produced an excellent white paper about using Capture-HPC to identify malicious Web servers. On the group's Web site, you'll find that paper, the captured data, and the tools for anyone to inspect and replicate. August 31, 3:00 a.m. PDT Intel's vPro chips in more security for businesses With the introduction of its latest vPro microprocessors on Monday, Intel contends it is injecting a heavy dose of new security capabilities for the benefit of business customers and third-party technology providers alike. August 27, 8:00 a.m. PDT 10 reasons to be paranoid The truth is out there ... and so is your data. And just because there are no virtual black helicopters following you doesn't mean somebody somewhere doesn't have a bead on who you are and what you are doing. August 27, 3:00 a.m. PDT Clearswift makes a clean sweep of Web threats Mitigating network-borne threats has been an imperative to companies of all sizes and statures. As if malware and viral infestation weren’t enough, today’s corporations must contend with even bigger bugs, including regulatory compliance, information leaks, and intellectual property theft. August 22, 3:00 a.m. PDT SMB technology: Replacing in-house software with applications in the cloud In the near future, there's only one way to go for SMBs when it comes to purchasing business software -- and that's out of house. Whether it's full-on SaaS (software as a service), where users access all facets of the application through a browser, or a hosted product (including hosted Exchange, where only the server component is off-site and users employ a standard desktop client such as Outlook), either model is simply too cost-effective for SMBs to ignore. August 20, 3:00 a.m. PDT Processors: Dividing chips into many virtual cores The current approach taken by x86 CPUs -- to stuff as many processor cores and as much cache memory as will fit on one chip -- will prove impossible to scale beyond a certain point. And adding more, big, hot processor cores may not be the best fit for server roles that call for managing large workloads over long periods of time. August 20, 3:00 a.m. PDT Pundits on parade: What’s next in tech You’ve heard of Christmas in July, that classic advertising gimmick designed to lure shoppers into stores despite the oppressive heat and humidity. We’ll, we’ve got New Year’s in August, which invites you to stay indoors and read “The next big things in IT” -- 15 predictions about the future of technology. August 20, 3:00 a.m. PDT Sourcefire acquires ClamAV open-source anti-malware project Network security specialist Sourcefire announced Friday that it has acquired ClamAV, an open-source gateway anti-malware project whose technologies are used in the products of a number of other vendors. August 17, 8:58 a.m. PDT Hospital undergoes wireless surgery For years, wireless technologies have only shown up in many U.S. hospitals in the form of rolling computers with Wi-Fi network access, but as evidenced at Chicago's Northwestern Memorial Hospital, times are changing. August 13, 2:37 p.m. PDT Novell buys endpoint security firm Senforce Novell announced on Monday that it has acquired Senforce Technologies, a provider of endpoint and network security tools, for an undisclosed sum. August 13, 9:40 a.m. PDT AOL drops free Kaspersky anti-virus, offers McAfee AOL has quietly stopped offering its free Active Virus Shield software in favor of a competing alternative from vendor McAfee. August 9, 4:20 a.m. PDT Update: Dateline NBC 'mole' outed, booted at Defcon Dateline NBC Producer Michelle Madigan was publicly outed at the Defcon security conference in Las Vegas Friday after show organizers were tipped off that she was trying to film show attendees with a hidden camera. August 3, 6:00 p.m. PDT Mozilla shares scanning tool, Firefox 3 features Open source browser maker Mozilla has developed a wide array of secure coding analysis tools as part of its internal development process, and now it's beginning to share those programs with the outside world. August 3, 2:28 p.m. PDT Virus attack on single e-voting machine could tilt election Diebold Election Systems voting machines are not secure enough to guarantee a trustworthy election, and an attacker with access to a single machine could disrupt or change the outcome of an election using viruses, according to a review of Diebold's source code. August 3, 4:32 a.m. PDT W32.Deletemusic worm hunts down and deletes MP3 files Security experts have discovered a worm that might just be the recording industry's dream application: it hunts down and deletes MP3s on infected PCs. August 2, 4:30 a.m. PDT Black Hat: Security researchers show how corporate intranets are ripe for emerging attacks Companies looking to improve their overall security posture may want to look for vulnerabilities in a place where they never might have expected to be attacked -- their corporate intranets. August 1, 8:56 p.m. PDT Black Hat: Security researchers exercise AJAX attacks The presence of AJAX code in Web applications continues to grow at a rapid pace, but many of the programs built using the language remain extremely vulnerable to various forms of attack, according to researchers with applications testing specialists SPI Dynamics. August 1, 8:37 p.m. PDT Apps security to dominate Black Hat Black Hat kicks off this week in Las Vegas with a big shift in focus from Internet viruses to application security. July 31, 3:00 a.m. PDT New 'Glamour' Trojan demands ransom The two most prominent ransomware Trojans of recent times could be the work of the same people, or a related group of criminals, an analysis has suggested. July 30, 7:09 a.m. PDT McAfee sets Rootkit Detective free On July 26, McAfee will begin offering a new application called Rootkit Detective, designed to detect and remove dangerous rootkit attacks. The software will also help end-users ward off the threats, as well as funnel new intelligence into the company's ongoing research operations. July 25, 1:12 p.m. PDT Much ado over click-fraud statistics The battle between advertisers and online search networks over the pervasiveness of click-fraud continues to grow more heated with researchers claiming rapid growth of automated ad impressions and outside observers noting an overall lack of transparency in the space. July 19, 4:18 p.m. PDT Mac OS X worm maker raps Apple on security The anonymous researcher who claims to have crafted a Mac OS X worm said Tuesday that he or she will report his findings to Apple Inc., but added that the Cupertino, Calif. company "has a very long way to go" on security. July 17, 2:53 p.m. PDT Critical IM bugs hit Yahoo, Trillian Security researchers Monday disclosed critical vulnerabilities in two popular Windows instant messaging clients, Yahoo Messenger and Trillian. July 17, 12:17 p.m. PDT Anonymous researcher boasts of building Mac worm An anonymous security researcher claimed this weekend to have created a worm that exploits a vulnerability in the Mac OS X operating system which Apple missed in a May round of patches. July 17, 7:58 a.m. PDT Report: 90 percent of companies fail compliance An overwhelming percentage of businesses still fall far short in their efforts to comply with industry data-handling regulations and reduce their likelihood of experiencing a serious leakage incident, according to a new survey. July 16, 1:51 p.m. PDT Symantec declares Chinese compensation offer a success Symantec declared its compensation offer for Chinese users who saw their computers damaged by a bad software update a success Sunday, but declined to say how many users had accepted the deal. July 16, 5:13 a.m. PDT Mounting scrutiny for Google security Much as the ubiquity of Microsoft's Windows operating system and Office productivity tools has made the software giant a focal point of security research, search giant Google is facing new scrutiny as it diversifies its products and moves further into the business environment. July 12, 4:24 p.m. PDT Microsoft launches OneCare 2.0 beta Microsoft released a beta version of its next-generation Windows Live OneCare 2.0 desktop security and management package on July 11, touting a number of improvements made to the product, including the ability to monitor multiple PCs on a local network. July 11, 3:01 p.m. PDT Kaspersky sues Chinese anti-virus rival Security vendor Kaspersky Lab has sued a Chinese anti-virus software company for allegedly making false claims about Kasperky's products and business practices. July 11, 5:53 a.m. PDT Who's to blame for browser bug? IE or Firefox? A security researcher has found a security bug that could be attacked in Internet Explorer. Mozilla said it plans to patch the problem in its next Firefox software update. July 11, 4:56 a.m. PDT Average zero-day bug has 348-day lifespan, exec says The average zero-day bug has a lifespan of 348 days before it is discovered or patched, but some vulnerabilities live on for much longer, according to security vendor Immunity's chief executive officer. July 9, 5:10 a.m. PDT Security company launches eBay for bugs Psst. Want to buy a zero-day? A Swiss startup called WabiSabiLabi has some for sale, but to qualified buyers only. July 6, 4:43 a.m. PDT Beijing scores number one spot for malware China is proving to be a mighty force not only economically, but also as the launching point for malicious software and spam. July 3, 4:54 a.m. PDT Policy experts split on spyware laws CAMBRIDGE, Mass. -- Two of the agencies most actively involved in bringing cyber-criminals to justice in the United States have expressed opposing opinions over pending anti-spyware legislation. June 28, 5:45 a.m. PDT Security vendors question accuracy of AV tests Antivirus software is frequently tested for performance, so picking a top product should be straightforward: Select the No. 1 vendor whose software kills off all of the evil things circulating on the Internet. You're good to go then, right? Not necessarily. June 26, 7:56 a.m. PDT Symantec takes heat over Chinese compensation offer Symantec's attempt to make amends with Chinese users who saw their computers crippled by its antivirus software is off to a rocky start, with critics saying the company's compensation offer isn't good enough. June 26, 5:12 a.m. PDT Update: Symantec compensates for bad software update More than a month after Symantec knocked out 50,000 Chinese PCs with a bad software update, the company is ready to offer compensation. But Chinese users eligible for the offer have to act fast; it's only good for a couple of weeks. June 25, 4:33 a.m. PDT The struggle to protect enterprise data Long ago, when businesses kept sensitive information locked away in file cabinets and safes, it was relatively cheap and easy to store valuable data and control who had access to it. Today, enterprises invest millions in security, storage, and compliance technologies -- all in the name of increasing visibility into where vital electronic information lives and how it is being defended. June 25, 3:00 a.m. PDT Cisco pushes IronPort smarts to firewalls Cisco Systems will begin offering IronPort's security filtering tools to its firewall customers after the networking giant's acquisition of the company closes on June 25. June 22, 10:05 a.m. PDT McAfee puts Total Protection 2.0 into beta McAfee has released beta version of its next-generation Total Protection 2.0 consumer security software. June 20, 4:23 a.m. PDT Homeland Security to detail IT attacks Officials from the U.S. Department of Homeland Security will hold a hearing on Capitol Hill on June 20 to discuss the findings of an investigation into the agency's own problems in battling electronic attacks and IT systems intrusions. June 15, 11:26 a.m. PDT Global co-op feeds FBI's botnet fight Officials with the FBI claim that global law enforcement partnerships are playing a significant role in its ongoing efforts to stomp out botnets and other computer-borne crimes. June 14, 3:09 p.m. PDT Stupid hacker tricks The annals of crime are rife with tales of heists pulled off by enterprising criminal minds. But for every caper carried out with style and smarts, there are hundreds of imprisoned examples of the boneheaded desperado -- guys too greedy, too hasty, or just too brain dead to pull off their nefarious deeds without getting caught. June 11, 3:00 a.m. PDT Symantec tests revamp of corporate anti-virus client Symantec will kick off its annual Symantec Vision conference next week with the first public release of its next-generation corporate anti-virus software, Symantec Endpoint Protection 11.0. June 7, 12:56 p.m. PDT Experts: Botnets add fault tolerance Security experts contend that a growing number of operators of compromised computer networks (or "botnets") are finding new ways to grow their networks and make them immune to potential shutdowns, including sophisticated fault-tolerance planning to help ensure that their networks can't be easily wiped out. June 7, 12:00 a.m. PDT 2007 InfoWorld CTO 25: Paul Judge When online technology evangelists began chatting up Dr. Paul Judge about the promise of e-commerce in the late 1990s, he couldn't get one thought out of his head: With all that money trading hands, criminals were sure to come knocking. June 6, 3:00 a.m. PDT Microsoft unveils integrated security Microsoft shared details of its long-term security product strategy as part of its ongoing TechEd 2007 training conference on June 4, lifting the lid on plans to deliver an integrated suite of its software by mid-2009. June 4, 7:24 a.m. PDT Spammers' use of AI only just begun Though security industry experts were openly referring to the death of spam several years ago, the arrival of image-based attacks has resulted in a stunning renaissance in the volumes of unwanted e-mail reaching end-users' inboxes. May 31, 5:03 p.m. PDT Attackers get chatty on VoIP The recent spate of malware attacks propagating throughout the user base of the Skype Internet calling system illustrates a broader trend toward cyber-criminals moving to take advantage of VoIP platforms as they become increasingly popular. May 30, 12:18 p.m. PDT Google digs in against malware Google's acquisition of security company GreenBorder Technologies is a sign the search giant wants to bolster confidence in its browser-delivered applications amid growing threats from malicious software on the Internet. May 30, 10:16 a.m. PDT Symantec mobile security client delayed Symantec has delayed the release of its first security suite for Windows Mobile devices. May 30, 4:46 a.m. PDT Google buys into security, acquires GreenBorder Google has jumped into the anti-malware market, snatching up browser-based security software maker GreenBorder Technologies for an undisclosed amount of money. May 29, 9:32 a.m. PDT Skype worm jumps to ICQ, MSN A new variant of the Stration worm, which has been plaguing Windows users for the past year, has made the jump from Skype to the ICQ and MSN Messenger networks. May 24, 1:40 p.m. PDT Unpatched Symantec flaw leads to university data breach An unpatched flaw in a Symantec anti-virus management console resulted in the compromise of a server containing the names and Social Security numbers of nearly 45,000 students at the University of Colorado at Boulder. May 24, 9:12 a.m. PDT Code Green gives red light to data leaks Reports of corporate data leaks, lost laptops, and misplaced backup tapes are so commonplace that many no longer warrant a mention in the press. So common are corporate data leaks of one form or another that only the multimegaton events -- TJX, the Veterans Administration, or DuPont -- get covered. May 24, 3:00 a.m. PDT Companies open wallets for secure data An annual VanDyke Software-sponsored survey of IT network and systems administrators finds that businesses have increased their spending on secure data communications technologies and also have undertaken significant work to improve their internal processes to benefit security. May 22, 11:42 a.m. PDT Microsoft tools keep bad Office files at bay Microsoft released a pair of tools on Monday that help protect computers from Office 2003 files containing malicious software code. May 22, 4:09 a.m. PDT Microsoft, TCG get closer on NAC The Trusted Computing Group (TCG) is tying its authentication software standard to Microsoft's proprietary network access protection platform -- a move that leaders in the network access control (NAC) segment tout as a major step toward getting products made by different vendors to work together. May 21, 8:20 a.m. PDT Chinese PC users still dealing with Symantec foul-up Millions of Chinese PCs running Symantec antivirus software have been incapacitated by a faulty virus signature distributed last week, government media reported Sunday. May 21, 7:22 a.m. PDT Symantec: Chinese hackers grow in number, skills China's hacking scene appears poised for growth, as the number of Internet users rise with a commensurate interest in criminal hacking and government spying, according to a new Symantec study. May 18, 5:15 a.m. PDT IBM pitches risk management strategy IBM unveiled a new IT governance and risk management strategy on May 15 that it will market to enterprise customers as a means to weave together security and compliance projects to ease planning and help drive down related expenses. May 15, 12:42 p.m. PDT Social Security, spyware bills go to House vote The House Energy and Commerce Committee unanimously approved a pair of bills on May 10 that aim to bolster consumers' protection against misuse of their social security numbers and computer-borne spyware. May 11, 11:23 a.m. PDT Building trust in downloads no simple feat The Truste group's goal of creating an online ecosystem through which software makers are held accountable for the functions of their programs and end users are given the power to keep unwanted applications off their devices won't be achieved easily, according to security researchers and participants in the nonprofit's Trusted Downloads project. May 10, 5:04 p.m. PDT Symantec pitches rootkit tech as Veritas validation Some industry watchers may still question why Symantec moved to acquire storage software maker Veritas for $10.2 billion in 2004, but the fruits of the companies' combined labors are already proving the deal as a winner, according to executives with the massive security firm. May 9, 4:26 p.m. PDT Infrastructure security powers up He may not have known it at the time, but Lonnie Charles Denison helped prove the need for tighter security at many infrastructure businesses when he launched a multifaceted attack against California Independent System Operator, a quasi-governmental agency responsible for management of the state's power grid. May 9, 4:17 a.m. PDT Document shell code attacks loom large Targeted attacks that utilize vulnerabilities in popular document file formats and execute via hard-to-find shell code are becoming an increasingly popular menace, according to researchers at IBM's Internet Security Systems division. May 2, 12:37 p.m. PDT Symantec closes in on delivery of major AV update Symantec is slipping on its target delivery time for the next major upgrade of its security product for enterprises, code-named Hamlet, while it irons out final code wrinkles during beta testing. May 2, 9:42 a.m. PDT Making sense of Websense's SurfControl buyout Websense's $400 million buyout offer for rival network filtering specialist SurfControl should help position the two companies for short-term growth and possible acquisition in the future, according to market watchers. May 1, 11:27 a.m. PDT Nokia expands security appliance line Nokia introduced two new network security appliances on April 30, adding high- and low-end models that aim to help companies filter out malware traffic before it penetrates their IT systems. April 30, 2:17 p.m. PDT Rootkits: The next big enterprise threat? Late at night, a system administrator performed a routine check of a crashed server, one of 48 systems comprising a major online infrastructure that generated about $4 million per month in revenue. He was a bit surprised that the system had gone down, as it had been humming for months without any indication of being prone to crashing. The check uncovered three encrypted files. The administrator called on MANDIANT to analyze them. April 30, 3:00 a.m. PDT Startup pitches smarter AV With a name like Robot Genius you wouldn't expect the company's leaders to be modest, but the more you hear the firm's Chairman Stephen Hsu talk about his startup's new approach to anti-malware, the more you believe the name might fit. April 25, 9:12 a.m. PDT Microsoft business client security to debut at last The business client security product Microsoft has been working on since 2003 will finally make its debut in May, Microsoft CEO Steve Ballmer said Monday. April 24, 9:52 a.m. PDT Europe considers network security portal for SMBs The European Union is considering a system that would alert small and medium-size businesses to network and information security threats. April 23, 5:43 a.m. PDT Spammers, hackers seize on Virginia Tech shootings Spammers and hackers are using the slayings at Virginia Tech as a gory lure to infect computers with malicious software, security experts noted Thursday. April 19, 9:14 a.m. PDT Microsoft: DNS patch to come by May 8... maybe Microsoft hopes to fix by May 8 a critical flaw in Windows Domain Name System (DNS) servers that is being exploited by online criminals, the company said late Tuesday. April 18, 8:18 a.m. PDT Large enterprises still serving up spam Well-known enterprise companies are still having their IT systems hijacked by spammers despite investing in many different types of technologies aimed at stopping the problem. April 17, 3:04 p.m. PDT > Security |
|
|
|||||||||||||||||||||
