[security] Forum Topics

Security outfit MessageLabs today warns that as the credit crisis worsens so there has been a shift to the online arena for making money via spoofing banks for phishing scams. Between August and September this kind of phishing attack grew by 16 percent, but during September and October it has …

The New York Times ran an in-depth article recently detailing the [URL="http://www.nytimes.com/2008/10/13/technology/business-computing/13thin.html?partner=rssnyt&emc=rss"]impact of thin client technology in the workplace[/URL]. The story takes a look at the reasons why the idea has had trouble getting off the ground during the last 15 years, and why it's suddenly gaining traction now. Author …

Last Saturday, Republican vice presidential nominee and Alaska Governor Sarah Palin held a rally in Los Angeles in the Home Depot Center, and the California Democratic Party rented a giant electronic billboard during the event, and solicited questions from people, via texting, to display during the presentation (exhorting submitters to …

How on earth can you 'lose' the names, addresses, dates of birth, email addresses and, one has to assume, the mobile phone numbers of some 17 million of your customers? It's a good question, and to get the answer you might want to shout it in the direction of T-Mobile …

As unlikely as it may sound, Elvis Presley has been cloned. OK, it's a fair cop, not your actual Elvis Presley but rather his passport. According to reports a gang of Dutch hackers have managed to clone RFID driven e-passports of the type we are always being told are highly …

Peter Wood admits he walked unchallenged into an insurance company and was able to steal all their data. He is not in trouble though, it was part of a security exercise and he was hired to try and steal that data. Of course, as Wood says, very often companies "unwittingly …

On the face of it it's excellent news that Microsoft and the Washington State Attorney General are fighting against web scams. The sort of scam they're looking at is pretty clever if you're an inexperienced user. You're surfing a website or three - never mind what sort, we're not here …

Effective Wednesday, October 1, each business in Nevada must encrypt customers’ personal information when it is transmitted outside the business’ secure network, such as when it's transmitted over wifi. Initially passed in October 2007, it was said to have been the [URL="http://www.privsecblog.com/archives/state-legislation-some-state-data-encryption-requirements-more-effective-than-others.html"]first law[/URL] of this type. The Commonwealth of Massachusetts …

Sun Microsystems managed to fix multiple security vulnerabilities in JDK and JRE months ago now, so why has it taken Apple so long to finally plug pretty much the same Java holes in Mac OS X? Apple has known that its Java implementation has been, quite frankly, screwed since way …

We were all treated this week to a lovely example of why it's a good idea to use standard email for government business (or corporate business, for that matter). First, Republican vice presidential nominee Sarah Palin mentioned that [URL="http://www.washingtonpost.com/wp-dyn/content/article/2008/09/09/AR2008090903044.html"]she used Yahoo Mail[/URL] for some of her email, which is a …

Yesterday I was having breakfast in Madrid, as you do, enjoying the 30 degree heat and the ice cold orange juice. I was also enjoying the opportunity to be my usual grumpy self and throw awkward questions in the direction of my breakfast companion, Con Mallon the Director of Regional …

Microsoft yesterday released a [url=http://support.microsoft.com/kb/954593]security update[/url] intended to fix eight critical vulnerabilities in as many as 42 Windows apps and components, including IE6, Media Player, Office, SQL Server and Visual Studio. The patch was made available before they could be discovered and exploited by malicious hackers, or at least before …

According to [URL="http://www.sophos.com/blogs/gc/g/2008/09/02/sex-spyware"]Sophos[/URL] it seems that cyber-tension between North and South Korea is increasing of late. Not least thanks to allegations from the South that officers of the military command and control centre have been targeted by the North in a spyware attack on the orders of the infamous electronic …

A few days ago, Red Hat, Inc., [URL="https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html"]announced[/URL] that an intruder had broken into some of their systems and possibly compromised some important software packages. The most significant among them is OpenSSH--a secure method of connecting to a remote Linux system. Red Hat quickly took the systems offline to investigate …

There were quite a few interesting stories to come out of the recent [URL="https://www.blackhat.com/"]Black Hat[/URL] security conference in Las Vegas. If all you remember hearing about were the [URL="http://www.periscopeit.co.uk/news/article/web-monitoring-gets-hack-hackers-into-trouble/255"]ejected reporters[/URL] and [URL="http://www.cio.com.au/index.php/id;424905265"]DNS cache poisoning[/URL], then you missed a lot. Network and infrastructure security, the conference's focus, is a vitally important …

Linus Torvalds, creator of the Linux kernel, posted a [URL="http://article.gmane.org/gmane.linux.kernel/706950"]nasty smackdown [/URL]on security nerds and their obsession with security in the gmane.linux.kernel newsgroup. Linus is referring to security professionals who feel that security should be the only focus for bug fixes and patches. His argument is that all bugs are …

According to VeriSign, more than half of the Internet using people on the planet can get protection from an EV SSL-enabled web browser. Protection, that is, from data and identity theft. According to Net Applications, as revealed in their latest Web browser market share report, a total of 52.8 percent …

Well, at least as far as getting reasonably unrestricted access to the Internet is concerned it does. It had been [URL="http://www.itwire.com/content/view/19764/53/"]widely reported[/URL] that the Chinese authorities had backtracked on their promises to the IOC that reporters would get free and unrestricted access to the Internet during the games. This, no …

Apple has grabbed lots of headlines this week, some for things it has done, others for things done to it. Of all the major Apple products, only the iPod has escaped mention. With perhaps the potential to affect the most people is the deal announced this week with AT&T to …

I guess you could call it karma. HD Moore's company, BreakingPoint, found that traffic was being diverted to a scammer Google page. This kind of cache poisoning attack on DNS servers is not unusual, however this particular case was because HD Moore is the man who created the Metasploit hacking …

While the full story behind [URL="http://www.daniweb.com/blogs/entry2842.html"]San Francisco city government computer engineer Terry Childs[/URL] hasn't yet come out, one thing is certain: the mainstream media is ignorant about technology. Moreover, either the city government and prosecutors are deliberately painting things in as negative a light as possible in order to force …

According to the [URL="http://www.guardian.co.uk/world/2008/jul/27/internationalcrime.hacking?gusrc=rss&feed=technologyfull"]Observer newspaper this morning[/URL] Gary McKinnon, the British hacker accused of what US prosecutors refer to the biggest military computer hack of all time, has claimed he was threatened with a military tribunal at Guantanamo Bay. His lawyers are using this as part of their defence against …

Claiming he was protecting San Francisco city government's computer system from incompetent coworkers, computer engineer [URL="http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/07/22/BAGF11T91U.DTL"]Terry Childs[/URL] changed the system's passwords and then for more than a week refused to give them to anyone, even after being arrested. Childs was under four felony counts for blocking administrative access to the …

That, my friends, is the message being touted by the latest Security Threat report to emerge from [URL="http://www.sophos.com"]Sophos[/URL] which says that one web page was infected every five seconds (count them) during the first half of 2008. Last year it was only, and I feel bad enough saying only, one …

Halvar Flake is a researcher. Here's how he describes himself on [URL=http://www.blogger.com/profile/12486016980670992738]his blog[/URL]: "I like simple things. And complex things. And drinking beer with people like Fyodor Yarochkin. I like South America. And some parts of Asia, specifically Kuala Lumpur. I like French. I like Spanish. I'd like to like …

It might come as a surprise to some that there is an underground economy online which revolves around the sale of malware. However, with botnets for hire by the hour and rootkits to purchase outright such off-the-shelf security nightmares have been the norm for a number of years now. What …

According to IM services provider [URL="http://www.process-one.net"]ProcessOne[/URL] a staggering 72 percent of UK businesses have banned the use of IM software such as MSN and AIM citing security fears as the main reason. At the same time, some 75 percent of those businesses admit that IM could be a valuable collaboration …

Security researchers within the Marshal TRACE Team have [URL="http://www.marshal.com/trace/traceitem.asp?article=714"]warned[/URL] that malicious spammers are using fake United Parcel Service invoices in order to deliver a malware payload. Always looking for a new and convincing hook to snare the unsuspecting user into downloading malicious components from the web, this new attack utilises …

The Advanced Research Team of security tools vendor Ounce Labs has identified two vulnerabilities in the Spring framework for Java. The vulnerabilities have the potential, the team says, to allow an attacker to “subvert the expected application logic and behavior,” and gain control of an application and access any personal …

According to a [URL="http://www.theregister.co.uk/2008/07/04/iphone_security_patch_lag/"]report[/URL] at The Register Apple is failing to keep iPhone software up to date with security patches. This despite the iPhone 1.1.4 software being nothing more than a "pared-down version of Mac OS 10.5" it says. The Jesus Phone is said to be vulnerable to a number …