Security
2006.10.19 Daily Security Reading
by Rodney Campbell on Oct.19, 2006, under Security
Security Suite Smackdown, Part I
Eight of the biggest names in security go head-to-head in this roundup of the best–and worst–of the apps that aim to keep you safe.
Study – Workers often jot down passwords
One in three people write down computer passwords, undermining their security, and companies should look to more advanced methods, including biometrics, to ensure their systems are safe.
How well do you know your network?
Content control products tell of leaks, misuse. The information security officer for a network of healthcare centers in New York found an employee sending confidential payroll information to a recruiter. A California-based semiconductor manufacturing technology provider caught a worker e-mailing PowerPoint slides detailing product plans to a former colleague at a competitor to show off the “cool things” he was working on.
Network Security – Not With a Peer-to-Peer Network!
Most small business networks are setup in a peer-to-peer (P2P) format. In contrast, large corporate networks are setup in a domain format. What does this mean to you?
New Hacker Toolkit Cloaks Browser Exploits
Designed to disguise any browser exploit from detection by signature-based defenses.
2006.10.18 Daily Security Reading
by Rodney Campbell on Oct.18, 2006, under Security
If you check Microsoft’s IE security web site, the first thing you’ll see is Microsoft’s statement regarding IE security: Internet Explorer comes with improved security features that help online users protecting their computer and information. This security tweak will introduce the reader to a different side of IE security.
Lawsuit threatens Spamhaus with shutdown
After winning a US$11.7 million judgment against the Spamhaus Project Ltd., e-mail marketer e360 Insight LLC is asking a federal court to shut down the anti-spam service.
Hacking Tor, the anonymity onion routing network (pdf)
A worrying analysis of what appeared to be traffic modification on the part of the Tor network.
2006.10.17 Daily Security Reading
by Rodney Campbell on Oct.17, 2006, under Security
In this week’s OnSecurity podcast, eWeek Senior Writer Matt Hines speaks with Katie Moussouris, founder and leader of Symantec’s Vulnerability Research group, about her work subverting companies’ physical and network security protections, and new developments in the bug detection arena.
MySpace Predator Caught By Code
Wired News editor and former hacker Kevin Poulsen wrote a 1,000-line Perl script that checked MySpace for registered sex offenders. Sifting through the results, he manually confirmed over 700 offenders, including a serial child molester in New York actively trying to hook up with underage boys on the site, and who has now been arrested as a result. MySpace told Congress last June that it didn’t have this capability.
Microsoft Caves on Vista Security
Will the security companies making trouble for Microsoft be appeased by the changes the company has agreed to make? They should be, but that’s no guarantee.
Latest release of Firefox 2.0 browser code out
The latest release candidate 3.0 (RC3) for the new Mozilla Firefox 2.0 Web browser has been posted for free download as the project’s developers finish last-minute code checks and tie up loose ends.
2006.10.16 Daily Security Reading
by Rodney Campbell on Oct.16, 2006, under Security
I’m back! It was an interesting (although very long) trip away – I’m still trying to catch up on all my outstanding emails and other reading…
The future of malware: Trojan horses
Widespread worms, viruses or Trojan horses spammed to millions of mailboxes are typically not a grave concern anymore, security experts said at the Virus Bulletin conference here Thursday. Instead, especially for organizations, targeted Trojan horses have become the nightmare scenario, they said.
ICSA Labs introduces Anti-Spam certification (pdf)
ICSA Labs has announced that it is now accepting anti-spam products for evaluation and certification testing. The goal of ICSA Labs’ anti-spam product testing and certification is to evaluate product effectiveness in detecting and removing spam, as well as how proficiently it recognizes messages from legitimate sources.
Top Malware Threats: Cached malicious code and Web 2.0 platforms
Finjan, the provider of proactive web security solutions for businesses and organizations, has announced its findings on the latest web security trends as uncovered by its Malicious Code Research Center.
Hacking Web 2.0 Applications with Firefox
Some of the methods, tools and tricks to dissect web 2.0 applications.
Here’s what one guy does for fun when a telemarketer calls
From The Bob & Tom Show Radio Program.
Security vs. usability – No one’s winning
Experts say wretched usability is scaring crypto newbies away.
Windows CE is extremely vulnerable, says Kaspersky
Internet security company, Kaspersky Lab, highlights the vulnerabilities of mobile operating systems in the second part of its ‘Mobile Malware Evolution’ report, out today.
Dangerous Terms: A User’s Guide to EULAs
We’ve all seen them – windows that pop up before you install a new piece of software, full of legalese. To complete the install, you have to scroll through 60 screens of dense text and then click an "I Agree" button. Sometimes you don’t even have to scroll through to click the button. Other times, there is no button because merely opening your new gadget means that you’ve "agreed" to the chunk of legalese.
One anti-virus engine is not enough, says GFI
GFI has issued a stark warning to businesses across Europe about the dangers of deploying a single anti-virus engine. GFI’s new white paper, ‘Why one virus engine is not enough, reveals that organizations relying on the protection of a single anti-virus engine are actually leaving themselves exposed to a severe and constant threat from all forms of malware.
The advantages of Distributed Vulnerability Scanning
Organizations with large networks can enhance their vulnerability scanning efforts by deploying multiple Nessus vulnerability scanners. This blog entry discusses the advantages of using multiple scanners for both Nessus users and Security Center operators.
Microsoft’s big patch day fixes 26 flaws
Microsoft released ten patches on Tuesday to plug 26 security holes in its Windows operating system and Office productivity suite, giving 15 of the vulnerabilities its most severe threat rating of "critical."
Prepare for Internet Explorer 7
After one of the most widely tested beta products in Microsoft’s history and trial downloads by millions of users, Internet Explorer 7 Version 1.0 is finally ready. The tentative release date is Oct. 18, followed by Windows Update and Automatic Updates availability on Nov. 2.
2006.09.29 Daily Security Reading
by Rodney Campbell on Sep.29, 2006, under Security
I’m going to be away on holidays for the next two weeks so this may be my last blog entry for a little while – I’ll see you all when I get back 🙂
Testing for Security in the Age of Ajax Programming
Ajax programming is one of the most exciting new technologies in recent history. Ajax (Asynchronous Javascript and XML) allows a web page to refresh a small portion of its data from a web server, rather than being forced to reload and redraw the entire page as in traditional web programming.
Another zero-day exploit for MS
Business users are being encouraged to be more cautious when opening PowerPoint files following the discovery of an as yet unpatched flaw in Microsoft’s office application.