The InformationWeek -- Blogs
InformationWeek's Security Weblog

   Subscribe to the RSS feed

Firefox Provides Increased Security Over Internet Explorer? Not So Much.


By George Hulme | 08:09 PM ET, May 8, 2008

It's been reported that the Firefox Web browser has been distributing a Trojan horse application with the Vietnamese language pack. No one is sure how many users may have unwittingly downloaded the malware.

Continue reading "Firefox Provides Increased Security Over Internet Explorer? Not So Much...."

Comment on this blog entry


The Most Critical Factor To Attaining Organizational Security: You


By George Hulme | 07:27 PM ET, May 7, 2008

According to a study just released by consulting firm Frost & Sullivan, you -- that's right: you -- may be the most important factor in the security of your organization.

Continue reading "The Most Critical Factor To Attaining Organizational Security: You..."

Comments(1)


Security Researchers Find Trove of Stolen Data


By George Hulme | 08:24 PM ET, May 6, 2008

A server used as a "drop site" for stolen and highly sensitive information has been uncovered by security researchers.

Continue reading "Security Researchers Find Trove of Stolen Data..."

Comment on this blog entry


Manhole Covers: Gateways To Terrorism


By Thomas Claburn | 04:05 PM ET, May 6, 2008

Fear mole-men with bombs. That, more or less, is the message from Manhole Barrier Security Systems, which on Monday warned that cities need to do more to protect against assaults on infrastructure launched by underground attackers.

Continue reading "Manhole Covers: Gateways To Terrorism..."

Comments(2)


Security Continues Its Drive Toward The Cloud


By George Hulme | 03:16 PM ET, May 5, 2008

Everything from CRM software to word processors and spreadsheets is now delivered as services. It’s about time that more security vendors do the same.

Continue reading "Security Continues Its Drive Toward The Cloud..."

Comment on this blog entry


Be Careful With Whom You Chat


By George Hulme | 06:53 PM ET, May 1, 2008

Security firm Akonix Systems is warning of a big increase in attacks that target instant messaging systems.

Continue reading "Be Careful With Whom You Chat..."

Comments(2)


Interop: IronPort's S-Series Blocks Suspicious Content At The Web Page Component Level


By David Berlind | 05:56 PM ET, May 1, 2008

Here at Interop 2008 in Las Vegas, IronPort (a division of Cisco) is showing off its latest security solutions -- the S650 and the S350 Web Security Appliances. The S-Series was a finalist in this year's Best of Interop competition. In the new security appliance, the company leverages its SenderBase anti-spam reputation management technology to determine what parts of a Web page (if any) to let through to users' browsers. In the video below, IronPort product manager Samantha Madrid tells me more about the S-Series.

Continue reading "Interop: IronPort's S-Series Blocks Suspicious Content At The Web Page Component Level..."

Comment on this blog entry


You're Infected With Malware. And You Don't Care.


By George Hulme | 09:36 PM ET, Apr 30, 2008

Could it be true? Could there be thousands, if not more, Internet users infected with botnets, who know they're infected, and don't care enough to do anything about it?

Continue reading "You're Infected With Malware. And You Don't Care...."

Comments(4)


Interop: Palo Alto Networks' Firewall Identifies App Traffic On Content, Not Ports


By David Berlind | 01:10 AM ET, Apr 30, 2008

You've programmed your firewall to block the ports that some unwanted app is using and that app turns up on your net again. Net-enabled applications don't tie themselves down to one port the way the Web (HTTP, port 80) and other apps do. After some firewall shuts their ports down, they find another port. Using traffic profiles instead of ports to identify more than 600 applications, not only did Palo Alto Networks' series win InformationWeek's Best of Interop in the security category, it took the grand prize as well. In the video below, Palo Alto's Lee Klarich walks me through some of the firewall's innovations.

Continue reading "Interop: Palo Alto Networks' Firewall Identifies App Traffic On Content, Not Ports..."

Comment on this blog entry


Will Code Viruses For Beer


By George Hulme | 03:03 PM ET, Apr 29, 2008

A controversial contest at this year's Defcon hacker conference promises to reward the most successful virus writers.

Continue reading "Will Code Viruses For Beer..."

Comments(6)


Hello, Would You Like A New Job?


By Marianne Kolbasuk McGee | 02:39 PM ET, Apr 29, 2008

When was the last time you got a call from a headhunter? Have those calls cooled down lately? Think it's due to the weak economy, or do you think it's possible that you're just not that "hot" anymore?

Continue reading "Hello, Would You Like A New Job?..."

Comments(6)


Windows XP Service Pack 3


By George Hulme | 12:34 PM ET, Apr 28, 2008

While there's not a lot of big news or fanfare surrounding the imminent release of Windows XP Service Pack 3, there are a number of interesting security enhancements.

Continue reading "Windows XP Service Pack 3..."

Comments(1)


Quick! Unplug Your Internet Connection!


By George Hulme | 10:20 PM ET, Apr 24, 2008

According to the security vendor Sophos, one Web page is infected with malicious software every five seconds. Yeah, but it's probably mom-and-pop and porn Web sites with all of the infections, you say. Think again.

Continue reading "Quick! Unplug Your Internet Connection!..."

Comment on this blog entry


Focus On Managing Risk, Not Gruntwork


By George Hulme | 09:43 PM ET, Apr 23, 2008

With large enterprises sporting hundreds of applications, firewalls, routers, and other networking devices -- and more than 139 newly announced vulnerabilities each week -- how do they know what vulnerabilities actually matter?

Continue reading "Focus On Managing Risk, Not Gruntwork..."

Comment on this blog entry


Physical Security Breaches Trump Vulnerabilities


By George Hulme | 09:40 PM ET, Apr 22, 2008

When it comes to publicly disclosed breaches, chances are the root cause was a stolen system, not a hack.

Continue reading "Physical Security Breaches Trump Vulnerabilities..."

Comment on this blog entry


Microsoft's Security Development Life Cycle (SDL) Metrics: Microsoft Can Do Better


By George Hulme | 04:46 PM ET, Apr 21, 2008

Microsoft can, and should, provide more insight into how well its security development life cycle is working.

Continue reading "Microsoft's Security Development Life Cycle (SDL) Metrics: Microsoft Can Do Better..."

Comment on this blog entry


Ever Lose A Smartphone?


By George Hulme | 05:55 PM ET, Apr 17, 2008

I've lost a number of them, and each time I've left behind a smartphone or PDA, I've worried not so much about the device -- but the personal data it holds. Kaspersky Lab is offering what could be a viable solution.

Continue reading "Ever Lose A Smartphone?..."

Comments(1)


Good News: After Breach, Consumers Vote With Their Feet


By George Hulme | 10:55 PM ET, Apr 16, 2008

Survey results show that nearly one-third of consumers terminate their relationship with an organization following a security breach.

Continue reading "Good News: After Breach, Consumers Vote With Their Feet..."

Comments(2)


Is It Time For Security To Go On The Offense?


By George Hulme | 03:53 PM ET, Apr 15, 2008

Security researcher Joel Eriksson recently demonstrated how security vulnerabilities within hacker attack tools can be used to turn the tide on online criminals.

Continue reading "Is It Time For Security To Go On The Offense?..."

Comments(7)


CISO: More Strategic Thought Needed


By George Hulme | 10:52 PM ET, Apr 14, 2008

The time has come for chief information security officers to become less tactical, more strategic.

Continue reading "CISO: More Strategic Thought Needed..."

Comment on this blog entry


Security Is No Longer About The Operating System


By George Hulme | 09:43 PM ET, Apr 10, 2008

Now that Adobe has updated its graphics and video software, a near ubiquitous security vulnerability has been fixed.

Continue reading "Security Is No Longer About The Operating System..."

Comments(5)


Al Gore's Top Secret Speech At RSA


By Thomas Claburn | 04:08 PM ET, Apr 10, 2008

If any RSA Conference attendee wants to loan me his or her RSA badge on Friday afternoon for about an hour, send me an e-mail.

I was planning to attend Al Gore's keynote on emerging green technologies that day from 2:15 PM to 3:00 PM, but it turns out that members of the media aren't going to be allowed in.

Evidently, Gore will be discussing the ingredients in Soylent Green and only wants a select few to know what goes into those tasty wafers.

Continue reading "Al Gore's Top Secret Speech At RSA..."

Comments(10)


Five New Virtualization Security Vendors


By George Hulme | 09:06 PM ET, Apr 9, 2008

There are plenty of virtualization security vendors leaping out of the shadows. Here are five new players worth a look.

Continue reading "Five New Virtualization Security Vendors..."

Comments(1)


The Cybercrime Economy


By Thomas Claburn | 08:33 PM ET, Apr 9, 2008

Dot-coms daunted by the financial downturn would be well advised to look to the cybercrime economy.

Cybercriminals "have very sound business models," said Joe St Sauver, manager of Internet2 Security Programs through the University of Oregon at an RSA Conference panel on Wednesday, "better than many corporate business plans I routinely see."

Continue reading "The Cybercrime Economy..."

Comments(11)


Online Storage: Security Risk Is Minimal


By George Hulme | 06:47 PM ET, Apr 8, 2008

InformationWeek security reporter Thomas Claburn questions the security of online storage services. Do online storage services pose a grave security risk?

Continue reading "Online Storage: Security Risk Is Minimal..."

Comments(2)


Firewall Startup Lands Fortune 500 Customer


By Andrew Conry-Murray | 05:55 PM ET, Apr 8, 2008

Palo Alto Networks aims to reinvent the firewall. A Fortune 500 customer has bought into this vision.

Continue reading "Firewall Startup Lands Fortune 500 Customer..."

Comment on this blog entry


What Is Virtualization Security?


By George Hulme | 11:17 PM ET, Apr 7, 2008

It's RSA week. Which means we're going to be inundated with security news, and the hype is going to be loud. And a number of research firms predict virtualization security will be near the top of the hype-o-meter this year.

Continue reading "What Is Virtualization Security?..."

Comment on this blog entry


The Risk Of Online Storage


By Thomas Claburn | 11:13 PM ET, Apr 7, 2008

HP's new entry into the online storage arena, Upline, looks like a reasonably good deal. For $59 per year, a single user gets unlimited online storage, with sharing, publishing, and search capabilities. That's about how much EMC's Mozy charges for its online backup service.

Continue reading "The Risk Of Online Storage..."

Comments(1)


Virtualization Security


By George Hulme | 05:39 PM ET, Apr 6, 2008

From virtual rootkit "aka Blue Pill" attacks to attacks that make it possible to break out of a virtual machine's operating system to the underlying server OS -- there's been plenty of talk about virtual security in the past few years. Yet, the more I look into the issues surrounding virtualization and security, the less I think it's about securing the actual virtualization software itself, such as the hypervisor.

Continue reading "Virtualization Security..."

Comments(2)


Battle Of The Sexes: Internet Fraud Edition


By Tom LaSusa | 01:47 PM ET, Apr 4, 2008

They say girls develop much faster than boys. At the very least, they appear to be quicker on the uptake when it comes to avoiding getting duped on the Internet.

Continue reading "Battle Of The Sexes: Internet Fraud Edition..."

Comments(14)


Microsoft Ready To Patch Eight Security Flaws Next Week


By George Hulme | 10:26 PM ET, Apr 3, 2008

The software maker's monthly batch even includes important fixes for Microsoft Vista Service Patch (I mean Pack) 1.

Continue reading "Microsoft Ready To Patch Eight Security Flaws Next Week..."

Comment on this blog entry


Only 2% Of Internet Traffic is 'Raw Sewage'


By George Hulme | 10:06 AM ET, Apr 2, 2008

This figure, recently touted by Arbor Networks, strikes me as very low.

Continue reading "Only 2% Of Internet Traffic is 'Raw Sewage'..."

Comments(2)


Another Trojan Targets Mac OS X


By George Hulme | 04:11 PM ET, Mar 31, 2008

Yet another unscrupulous chunk of malicious software is being aimed at unsuspecting Mac users.

Continue reading "Another Trojan Targets Mac OS X..."

Comments(1)


Griefers Post Seizure-Inducing Graphics On Epilepsy Board


By Mitch Wagner | 02:11 PM ET, Mar 31, 2008

Attackers targeted a messaging board for the nonprofit Epilepsy Foundation and posted JavaScript code and flashing computer animation to trigger migraine headaches and seizures in some users.

Continue reading "Griefers Post Seizure-Inducing Graphics On Epilepsy Board ..."

Comments(8)


Security Showdown: OS X Caves First, Vista Buckles (Due To Flash), Ubuntu Wins


By David Berlind | 09:10 AM ET, Mar 31, 2008

At the 2008 edition of the PWN to OWN security showdown at CanSecWest (Canada Security West) in Vancouver, an Ubuntu distribution of GNU Linux took top honors after Apple’s Mac OS X and Microsoft’s Windows Vista eventually caved under hacker pressure. All OSes were up-to-date with the latest patches.

Continue reading "Security Showdown: OS X Caves First, Vista Buckles (Due To Flash), Ubuntu Wins..."

Comments(33)


CA Customers Newly Targeted


By George Hulme | 08:44 PM ET, Mar 28, 2008

While most software exploits target end users and end-point applications, this one is aiming squarely at corporate users.

Continue reading "CA Customers Newly Targeted..."

Comment on this blog entry


Hundreds Of Servers Compromised In Hannaford Breach


By Andrew Conry-Murray | 03:44 PM ET, Mar 28, 2008

More details about the credit breach at the Hannaford grocery chain are becoming known, and they aren’t pretty.

Continue reading "Hundreds Of Servers Compromised In Hannaford Breach..."

Comments(6)


Internet Evolution Reports On Test-Shy Peer-To-Peer Filters


By Andrew Conry-Murray | 08:06 AM ET, Mar 27, 2008

More than two dozen vendors say they can help ISPs filter unwanted P2P traffic. But only two were willing to put marketing claims on the line in an in-depth test of P2P filtering technology.

Continue reading "Internet Evolution Reports On Test-Shy Peer-To-Peer Filters..."

Comments(8)


Startup Flips On Its Virtual Switch


By George Hulme | 08:56 PM ET, Mar 26, 2008

A growing number of security startups aim to bring visibility to the network traffic of virtual systems. Today, Montego Networks officially came out of stealth mode.

Continue reading "Startup Flips On Its Virtual Switch..."

Comment on this blog entry


Web App Threats Rising


By George Hulme | 09:47 PM ET, Mar 25, 2008

Great news: 1 out of 10 Web sites you visit may actually be secure.

Continue reading "Web App Threats Rising..."

Comments(13)


Medical Records For 2,500 Study Participants Are Stolen


By George Hulme | 10:05 PM ET, Mar 24, 2008

Only after a laptop is stolen from the trunk of a car owned by a researcher at the National Heart, Lung, and Blood Institute (NHLBI) does this organization promise to do better when it comes to security. Why does it always go down this way?

Continue reading "Medical Records For 2,500 Study Participants Are Stolen..."

Comments(2)


SnooperGate: Two Fired Over Illegal Obama Passport Snooping


By George Hulme | 12:18 PM ET, Mar 21, 2008

It’s the second time in a week where workers improperly accessed electronic records of the rich, powerful, or famous.

Continue reading "SnooperGate: Two Fired Over Illegal Obama Passport Snooping..."

Comments(2)


The Start Of NAC Market Consolidation?


By Mike Fratto | 02:38 PM ET, Mar 20, 2008

Lockdown Networks has closed its doors and is looking for someone to buy it's IP. Is this just the beginning of the NAC market consolidation, or an isolated event?

Continue reading "The Start Of NAC Market Consolidation?..."

Comments(4)


In Massive Patch, Apple Mends Roughly 90 Security Vulnerabilities


By George Hulme | 11:38 AM ET, Mar 19, 2008

In one swing, Apple unleashes a tally of security updates that nearly surpasses all of the patches it released last year.

Continue reading "In Massive Patch, Apple Mends Roughly 90 Security Vulnerabilities..."

Comments(17)


4.2 Million Credit Cards Leaked


By George Hulme | 08:37 PM ET, Mar 18, 2008

A New England-based supermarket, Hannaford Bros., said Monday that a system breach may have given criminals access to more than 4 million credit and debit cards. It's a significant event, and while the facts aren't out yet, it looks unlike most other breaches.

Continue reading "4.2 Million Credit Cards Leaked..."

Comments(2)


New Credit Card Breach Will Test PCI


By Andrew Conry-Murray | 10:58 AM ET, Mar 18, 2008

The latest exposure of more than 4 million credit and debit card numbers may strain the validity and stability of the credit card industry's controversial security rules.

Continue reading "New Credit Card Breach Will Test PCI..."

Comments(15)


Hospital Workers Busted For Snooping On Britney Spears’ Medical Records


By George Hulme | 03:54 PM ET, Mar 17, 2008

The Los Angeles Times reported over the weekend that medical workers violated the star's privacy when she visited the UCLA Medical Center in late January and early February of this year. They're all getting fired.

Continue reading "Hospital Workers Busted For Snooping On Britney Spears’ Medical Records..."

Comments(1)


The Clock Is Ticking For Retailer Web Application Security


By George Hulme | 09:51 PM ET, Mar 16, 2008

In a few months time, what is now considered merely an advisable best practice will become mandatory for any business accepting credit card payments over the Web. Problem is, the mandate is ill conceived.

Continue reading "The Clock Is Ticking For Retailer Web Application Security..."

Comments(3)


T.J. Maxx To Hold 'We Got Hacked' Sale


By Andrew Conry-Murray | 01:08 PM ET, Mar 14, 2008

As part of class-action settlement for one of the most egregious breaches of consumer credit cards in U.S. history, T.J. Maxx plans to hold a special one-day sales event. Seriously?

Continue reading "T.J. Maxx To Hold 'We Got Hacked' Sale..."

Comments(4)


Air Force Sheds (Some) Light On A Strategic Cyberspace Vision


By George Hulme | 11:28 PM ET, Mar 13, 2008

But after reading the Air Force Cyber Command Strategic Vision, I'm still not clear on what the strategy actually is ... or if it's just PR posturing.

Continue reading "Air Force Sheds (Some) Light On A Strategic Cyberspace Vision..."

Comment on this blog entry



Go on to the weblog archives...