 |
|
|
Firefox Provides Increased Security Over Internet Explorer? Not So Much.It's been reported that the Firefox Web browser has been distributing a Trojan horse application with the Vietnamese language pack. No one is sure how many users may have unwittingly downloaded the malware. Continue reading "Firefox Provides Increased Security Over Internet Explorer? Not So Much...." The Most Critical Factor To Attaining Organizational Security: YouAccording to a study just released by consulting firm Frost & Sullivan, you -- that's right: you -- may be the most important factor in the security of your organization. Continue reading "The Most Critical Factor To Attaining Organizational Security: You..." Security Researchers Find Trove of Stolen DataA server used as a "drop site" for stolen and highly sensitive information has been uncovered by security researchers. Continue reading "Security Researchers Find Trove of Stolen Data..." Manhole Covers: Gateways To TerrorismFear mole-men with bombs. That, more or less, is the message from Manhole Barrier Security Systems, which on Monday warned that cities need to do more to protect against assaults on infrastructure launched by underground attackers. Continue reading "Manhole Covers: Gateways To Terrorism..." Security Continues Its Drive Toward The CloudEverything from CRM software to word processors and spreadsheets is now delivered as services. It’s about time that more security vendors do the same. Continue reading "Security Continues Its Drive Toward The Cloud..." Be Careful With Whom You ChatSecurity firm Akonix Systems is warning of a big increase in attacks that target instant messaging systems. Continue reading "Be Careful With Whom You Chat..." Interop: IronPort's S-Series Blocks Suspicious Content At The Web Page Component LevelHere at Interop 2008 in Las Vegas, IronPort (a division of Cisco) is showing off its latest security solutions -- the S650 and the S350 Web Security Appliances. The S-Series was a finalist in this year's Best of Interop competition. In the new security appliance, the company leverages its SenderBase anti-spam reputation management technology to determine what parts of a Web page (if any) to let through to users' browsers. In the video below, IronPort product manager Samantha Madrid tells me more about the S-Series. Continue reading "Interop: IronPort's S-Series Blocks Suspicious Content At The Web Page Component Level..." You're Infected With Malware. And You Don't Care.Could it be true? Could there be thousands, if not more, Internet users infected with botnets, who know they're infected, and don't care enough to do anything about it? Continue reading "You're Infected With Malware. And You Don't Care...." Interop: Palo Alto Networks' Firewall Identifies App Traffic On Content, Not PortsYou've programmed your firewall to block the ports that some unwanted app is using and that app turns up on your net again. Net-enabled applications don't tie themselves down to one port the way the Web (HTTP, port 80) and other apps do. After some firewall shuts their ports down, they find another port. Using traffic profiles instead of ports to identify more than 600 applications, not only did Palo Alto Networks' series win InformationWeek's Best of Interop in the security category, it took the grand prize as well. In the video below, Palo Alto's Lee Klarich walks me through some of the firewall's innovations. Continue reading "Interop: Palo Alto Networks' Firewall Identifies App Traffic On Content, Not Ports..." Will Code Viruses For BeerA controversial contest at this year's Defcon hacker conference promises to reward the most successful virus writers. Continue reading "Will Code Viruses For Beer..." Hello, Would You Like A New Job?When was the last time you got a call from a headhunter? Have those calls cooled down lately? Think it's due to the weak economy, or do you think it's possible that you're just not that "hot" anymore? Continue reading "Hello, Would You Like A New Job?..." Windows XP Service Pack 3While there's not a lot of big news or fanfare surrounding the imminent release of Windows XP Service Pack 3, there are a number of interesting security enhancements. Continue reading "Windows XP Service Pack 3..." Quick! Unplug Your Internet Connection!According to the security vendor Sophos, one Web page is infected with malicious software every five seconds. Yeah, but it's probably mom-and-pop and porn Web sites with all of the infections, you say. Think again. Continue reading "Quick! Unplug Your Internet Connection!..." Focus On Managing Risk, Not GruntworkWith large enterprises sporting hundreds of applications, firewalls, routers, and other networking devices -- and more than 139 newly announced vulnerabilities each week -- how do they know what vulnerabilities actually matter? Continue reading "Focus On Managing Risk, Not Gruntwork..." Physical Security Breaches Trump VulnerabilitiesWhen it comes to publicly disclosed breaches, chances are the root cause was a stolen system, not a hack. Continue reading "Physical Security Breaches Trump Vulnerabilities..." Microsoft's Security Development Life Cycle (SDL) Metrics: Microsoft Can Do BetterMicrosoft can, and should, provide more insight into how well its security development life cycle is working. Continue reading "Microsoft's Security Development Life Cycle (SDL) Metrics: Microsoft Can Do Better..." Ever Lose A Smartphone?I've lost a number of them, and each time I've left behind a smartphone or PDA, I've worried not so much about the device -- but the personal data it holds. Kaspersky Lab is offering what could be a viable solution. Continue reading "Ever Lose A Smartphone?..." Good News: After Breach, Consumers Vote With Their FeetSurvey results show that nearly one-third of consumers terminate their relationship with an organization following a security breach. Continue reading "Good News: After Breach, Consumers Vote With Their Feet..." Is It Time For Security To Go On The Offense?Security researcher Joel Eriksson recently demonstrated how security vulnerabilities within hacker attack tools can be used to turn the tide on online criminals. Continue reading "Is It Time For Security To Go On The Offense?..." CISO: More Strategic Thought NeededThe time has come for chief information security officers to become less tactical, more strategic. Continue reading "CISO: More Strategic Thought Needed..." Security Is No Longer About The Operating SystemNow that Adobe has updated its graphics and video software, a near ubiquitous security vulnerability has been fixed. Continue reading "Security Is No Longer About The Operating System..." Al Gore's Top Secret Speech At RSAIf any RSA Conference attendee wants to loan me his or her RSA badge on Friday afternoon for about an hour, send me an e-mail. I was planning to attend Al Gore's keynote on emerging green technologies that day from 2:15 PM to 3:00 PM, but it turns out that members of the media aren't going to be allowed in. Evidently, Gore will be discussing the ingredients in Soylent Green and only wants a select few to know what goes into those tasty wafers. Continue reading "Al Gore's Top Secret Speech At RSA..." Five New Virtualization Security VendorsThere are plenty of virtualization security vendors leaping out of the shadows. Here are five new players worth a look. Continue reading "Five New Virtualization Security Vendors..." The Cybercrime EconomyDot-coms daunted by the financial downturn would be well advised to look to the cybercrime economy. Cybercriminals "have very sound business models," said Joe St Sauver, manager of Internet2 Security Programs through the University of Oregon at an RSA Conference panel on Wednesday, "better than many corporate business plans I routinely see." Continue reading "The Cybercrime Economy..." Online Storage: Security Risk Is MinimalInformationWeek security reporter Thomas Claburn questions the security of online storage services. Do online storage services pose a grave security risk? Continue reading "Online Storage: Security Risk Is Minimal..." Firewall Startup Lands Fortune 500 CustomerPalo Alto Networks aims to reinvent the firewall. A Fortune 500 customer has bought into this vision. Continue reading "Firewall Startup Lands Fortune 500 Customer..." What Is Virtualization Security?It's RSA week. Which means we're going to be inundated with security news, and the hype is going to be loud. And a number of research firms predict virtualization security will be near the top of the hype-o-meter this year. Continue reading "What Is Virtualization Security?..." The Risk Of Online StorageHP's new entry into the online storage arena, Upline, looks like a reasonably good deal. For $59 per year, a single user gets unlimited online storage, with sharing, publishing, and search capabilities. That's about how much EMC's Mozy charges for its online backup service. Continue reading "The Risk Of Online Storage..." Virtualization SecurityFrom virtual rootkit "aka Blue Pill" attacks to attacks that make it possible to break out of a virtual machine's operating system to the underlying server OS -- there's been plenty of talk about virtual security in the past few years. Yet, the more I look into the issues surrounding virtualization and security, the less I think it's about securing the actual virtualization software itself, such as the hypervisor. Continue reading "Virtualization Security..." Battle Of The Sexes: Internet Fraud EditionThey say girls develop much faster than boys. At the very least, they appear to be quicker on the uptake when it comes to avoiding getting duped on the Internet. Continue reading "Battle Of The Sexes: Internet Fraud Edition..." Microsoft Ready To Patch Eight Security Flaws Next WeekThe software maker's monthly batch even includes important fixes for Microsoft Vista Service Patch (I mean Pack) 1. Continue reading "Microsoft Ready To Patch Eight Security Flaws Next Week..." Only 2% Of Internet Traffic is 'Raw Sewage'This figure, recently touted by Arbor Networks, strikes me as very low. Continue reading "Only 2% Of Internet Traffic is 'Raw Sewage'..." Another Trojan Targets Mac OS XYet another unscrupulous chunk of malicious software is being aimed at unsuspecting Mac users. Continue reading "Another Trojan Targets Mac OS X..." Griefers Post Seizure-Inducing Graphics On Epilepsy BoardAttackers targeted a messaging board for the nonprofit Epilepsy Foundation and posted JavaScript code and flashing computer animation to trigger migraine headaches and seizures in some users. Continue reading "Griefers Post Seizure-Inducing Graphics On Epilepsy Board ..." Security Showdown: OS X Caves First, Vista Buckles (Due To Flash), Ubuntu WinsAt the 2008 edition of the PWN to OWN security showdown at CanSecWest (Canada Security West) in Vancouver, an Ubuntu distribution of GNU Linux took top honors after Apple’s Mac OS X and Microsoft’s Windows Vista eventually caved under hacker pressure. All OSes were up-to-date with the latest patches. Continue reading "Security Showdown: OS X Caves First, Vista Buckles (Due To Flash), Ubuntu Wins..." CA Customers Newly TargetedWhile most software exploits target end users and end-point applications, this one is aiming squarely at corporate users. Continue reading "CA Customers Newly Targeted..." Hundreds Of Servers Compromised In Hannaford BreachMore details about the credit breach at the Hannaford grocery chain are becoming known, and they aren’t pretty. Continue reading "Hundreds Of Servers Compromised In Hannaford Breach..." Internet Evolution Reports On Test-Shy Peer-To-Peer FiltersMore than two dozen vendors say they can help ISPs filter unwanted P2P traffic. But only two were willing to put marketing claims on the line in an in-depth test of P2P filtering technology. Continue reading "Internet Evolution Reports On Test-Shy Peer-To-Peer Filters..." Startup Flips On Its Virtual SwitchA growing number of security startups aim to bring visibility to the network traffic of virtual systems. Today, Montego Networks officially came out of stealth mode. Continue reading "Startup Flips On Its Virtual Switch..." Web App Threats RisingGreat news: 1 out of 10 Web sites you visit may actually be secure. Continue reading "Web App Threats Rising..." Medical Records For 2,500 Study Participants Are StolenOnly after a laptop is stolen from the trunk of a car owned by a researcher at the National Heart, Lung, and Blood Institute (NHLBI) does this organization promise to do better when it comes to security. Why does it always go down this way? Continue reading "Medical Records For 2,500 Study Participants Are Stolen..." SnooperGate: Two Fired Over Illegal Obama Passport SnoopingIt’s the second time in a week where workers improperly accessed electronic records of the rich, powerful, or famous. Continue reading "SnooperGate: Two Fired Over Illegal Obama Passport Snooping..." The Start Of NAC Market Consolidation?Lockdown Networks has closed its doors and is looking for someone to buy it's IP. Is this just the beginning of the NAC market consolidation, or an isolated event? Continue reading "The Start Of NAC Market Consolidation?..." In Massive Patch, Apple Mends Roughly 90 Security VulnerabilitiesIn one swing, Apple unleashes a tally of security updates that nearly surpasses all of the patches it released last year. Continue reading "In Massive Patch, Apple Mends Roughly 90 Security Vulnerabilities..." 4.2 Million Credit Cards LeakedA New England-based supermarket, Hannaford Bros., said Monday that a system breach may have given criminals access to more than 4 million credit and debit cards. It's a significant event, and while the facts aren't out yet, it looks unlike most other breaches. Continue reading "4.2 Million Credit Cards Leaked..." New Credit Card Breach Will Test PCIThe latest exposure of more than 4 million credit and debit card numbers may strain the validity and stability of the credit card industry's controversial security rules. Continue reading "New Credit Card Breach Will Test PCI..." Hospital Workers Busted For Snooping On Britney Spears’ Medical RecordsThe Los Angeles Times reported over the weekend that medical workers violated the star's privacy when she visited the UCLA Medical Center in late January and early February of this year. They're all getting fired. Continue reading "Hospital Workers Busted For Snooping On Britney Spears’ Medical Records..." The Clock Is Ticking For Retailer Web Application SecurityIn a few months time, what is now considered merely an advisable best practice will become mandatory for any business accepting credit card payments over the Web. Problem is, the mandate is ill conceived. Continue reading "The Clock Is Ticking For Retailer Web Application Security..." T.J. Maxx To Hold 'We Got Hacked' SaleAs part of class-action settlement for one of the most egregious breaches of consumer credit cards in U.S. history, T.J. Maxx plans to hold a special one-day sales event. Seriously? Continue reading "T.J. Maxx To Hold 'We Got Hacked' Sale..." Air Force Sheds (Some) Light On A Strategic Cyberspace VisionBut after reading the Air Force Cyber Command Strategic Vision, I'm still not clear on what the strategy actually is ... or if it's just PR posturing. Continue reading "Air Force Sheds (Some) Light On A Strategic Cyberspace Vision..." Go on to the weblog archives... |
||
