Bull publicizes bootable USB drive

By Dave Nixon

Bull has a gadget for businesses concerned about the security of data stored on laptops, namely a bootable, portable password-protected hard disk drive with an embedded cryptographic processor that shields data if the device is misplaced or stolen.
Globull is a bright red item about the size and weight of an iPod Classic. It has [...]

Apple improves software download utility for Windows with version 2.1

By Janine de Blois

Apple has responded to critism of its “Software Update” tool for Windows. In version 2.1 users now see a split window with two separate lists for updates and new software.
The complaint from many security (and other) sources had been that users of the old version often ended up with new software they had not [...]

Microsoft warns web-hosting providers of zero-day flaw

By Janine de Blois

The vulnerability affects Windows XP Service Pack 2 as well as all supported versions and editions of Windows Server 2003, Windows Vista, and Windows Server 2008. It allows for elevation of privilege from authenticated user to LocalSystem.
An attack is possible through authenticated user provided code. Internet Information Services (IIS) and SQL [...]

Malware targets Oympic emails

By Brian Turner

MessageLabs has reported that it has identified at least thirteen different Olympic themed attacks, using email to try and fool users into downloading trojans.
With legitimate-sounding email subject titles such as “The Beijing 2008 Torch Relay” and “National Olympic Committee and Ticket Sales Agents”, some attacks purport to be from the International Olympic Committee, based in [...]

UK phishing attacks double

By Dave Nixon

Phishing attacks on UK customers have more than doubled for the first quarter of this year, according to Apacs, the UK payment association.
Apacs recorded more than 10,000 reported phishing incidents in the first quarter of 2008, in excess of 200 percent up from the same period last year.
Online banking victims due to fraud [...]

Zero-day flaw uncovered in Microsoft Works

By Dave Nixon

Chinese-language blogs are specifying a zero-day susceptibility in Microsoft Works, the company’s lower-end office productivity suite, according to security vendor McAfee.
The vulnerability is inside an ActiveX control for the Works’ Image Server, wrote McAfee analyst Kevin Beets. A PC would need to visit a website engineered to exploit the flaw, Beets wrote.
A zero-day [...]

Apple finally fixes $10k fault

By Dave Nixon

Apple has released a security patch for its Safari web browser, fixing the flaw that earned one security researcher $10,000 at the CanSecWest security conference.
The flaw was exploited by Independent Security Evaluators Researcher Charlie Miller to gain access to a MacBook Air computer three weeks ago. It lies in the WebKit open-source HTML rendering [...]

Tibet struggle usurped to install rootkit

By Dave Nixon

A cartoon that mocks the efforts of a Chinese gymnast at the Olympic games is the most recent tactic used by cyber-criminals to infect Windows PCs, according to McAfee’s Avert labs.
While the movie files, which show the cartoon followed by images supporting a free Tibet, are playing, a keystroke logging tool, hidden by a [...]

Vendor claims to nix URL-bypassing sites

By Dave Nixon

Proxy blocking company 8e6 has stated that its software can now curtail the proxy scripts that have lately swamped the Internet as a way of bypassing URL blocking systems.
Such scripts give non-expert users a method to evade the conventional web URL filtering systems employed by government, libraries, universities and companies by initiating private web [...]

Google Apps hit by session-stealing assault

By Dave Nixon

A security researcher has exposed a grave flaw in Google Spreadsheets, which could give an attacker access to all of a user’s Google services.
While the bug, a cross-site scripting (XSS) flaw, has now been fixed by Google, it is a sign of the dangers that can go together with the growing popularity of Software [...]

ISPs accused of tampering with web pages

By Dave Nixon

Approximately one percent of the Internet web pages are being altered in transit, sometimes in a detrimental way, according to researchers at the University of Washington.
In a paper, set to be delivered Wednesday, the researchers document some worrying practices. In July and August they tested data sent to about 50,000 computers and revealed that [...]

Browser attacks becoming more sophisticated say experts

By Janine de Blois

Security experts at the RSA Conference 2008 warn that browser attacks are becoming more sophisticated. Infected websites can allow a browser to be taken over in bot-like fashion.
For example on a virtual world site, an avatar could walk out on the screen, turn off mouse and key controls-making it difficult stop the attack. [...]

New Standards For Credit Card Processing and Collection

By Lashan Clarke

Information released by the PCI Security Council detail the use of a new version of the standards used to process credit cards.
The standards will be known as the Payment Application Data Security Standard or the PA-DSS.
The highlight of the PA-DSS is that is sets out the information needed to merchants to properly process [...]

Only 21% Reveal Passwords

By Lashan Clarke

A wise person will be protective of their password in the times we live in. However, current research has shown that not everyone is as wise to protect their personal information.
Using a survey conducted outside of Liverpool Street Station, the results showed that a little more than twenty percent of people gave up their [...]

Hacker Attacks CCP’s Popular Game

By Lashan Clarke

The source code for another game has supposedly been hacked. A computer hacker has stated that he or she hacked the source for the game EVE Online. In order to prove this was true, the hacker then posted the code to numerous P2P websites.
The hacker has stated it will only remove the hacked source [...]

DOJ Highlights Fight Against Money Laundering

By Lashan Clarke

At the recent RSA Security Conference, two attorneys for the Department Of Justice section that deals with cybercrime, highlighted two online sites that have been used in the past to launder money.
Working with the Computer Crime and Intellectual Property Section (CCIPS), the attorneys stated that Web sites E-gold and Neteller have previously been used [...]

DHS Secretary Hopes To Improve Defense Against CyberCrime

By Lashan Clarke

At a meeting for the Department of Homeland Security (DHS), the Secretary of the DHS spent time emphasising how the government feels about cybrsecurity and what role it plans to take in tackling it in the future.
The federal government would like to continue to see private and public firms develop a sense of togetherness [...]

Rift Caused By Malfunctioning Voting Machines

By Lashan Clarke

There has been a rift that continues to widen between security scientists, and manufacturers of voting machines. The rift has been widening to the point that many at the RSA Security Conference was calling on both industries to consider a “truce”.
Numerous flaws have been found in the softwared used in electronic voting machines, and this [...]

Adobe Issues Flash Update

By Lashan Clarke

After the recent fall of the Windows Vista laptop using a security hole in Adobe Flash, Adobe issued a new update to correct the hole within the software.
This update was issued to correct the compromise that was realised at the CanSecWest Conference. The new update was also issued to correct other problems within the [...]

Fortinet wins Deep Throat Porn filter check

By Dave Nixon

The contentious ‘Deep Throat Fight Club’ test of porn filters held at this week’s RSA security show has affirmed a winner. According to organisers Untangle, the best performer was Fortinet.
Fortinet detected 97.7 percent on the main blocking porn test, only a whisker ahead of rivals Watchguard (97.3 percent), Websense (97.0 percent), SonicWall (96.1 percent), [...]

Next Page »