Posted by on Tuesday, March 22, 2011,
In :
Security
To get around phishing blacklists in browsers, scammers are luring
people by using HTML attachments instead of URLs, a security firm is
warning. 
Chrome and
Firefox
are good at detecting phishing sites and warning Web surfers via a
browser notice when they are about to visit a site that looks dangerous.
So good, in fact, that scammers are resorting to a new tactic to lure
victims into their traps via e-mails--attaching HTML files that are
stored locally when they are opened, according ... Continue reading ...
Posted by on Tuesday, March 22, 2011,
In :
Security
In every disaster scammers see an opportunity, and the crisis in Japan
is no exception. Already there have been fake Red Cross e-mails
circulating and there will no doubt be more scams coming. Those
e-mails appear to come from the British Red Cross. They provide some
news on the earthquake and tsunami in Japan and urge people to donate to
a Yahoo e-mail address on a Moneybookers account, a money transfer
service that enables recipients to remain anonymous, according to App River, an e-m... Continue reading ...
Posted by vijai on Thursday, September 16, 2010,
In :
Security
This pie chart shows the different threats that
can come from visiting Web sites that advertise unauthorized content.
(Credit:
McAfee)
It's common knowledge that you can catch computer viruses on porn Web
sites. But did you know it's also risky to surf the Web searching for
free movies or music? A study from McAfee to be released on
Tuesday finds that adding the word "free" when looking for entertainment
content in search engines greatly increases the chances of landing on a
site hos...
Posted by Elinor Mills (CNET Writer) on Thursday, September 16, 2010,
In :
Security
Access to an e-mail account opens up access to all sorts of other information that could be used to steal someone's identity and drain bank accounts, open up credit cards, and even take out loans in their name.
It's not just personal information at stake in e-mail accounts. Use of weak password-reset security questions is believed to have allowed someone to access the Yahoo e-mail account of a Twitter employee last year and then use that to access the person's Google Docs account where there w... Continue reading ...
Posted by Oyya-Info on Thursday, August 26, 2010,
In :
Security
Accessing the Internet via an open Wi-Fi network is risky because you have no idea who is the hot spot provider or who is connected to it. At the airport it may seem more secure to use a terminal to check your e-mail or update your Facebook status; however, according to Symantec, these terminals might not be secure at all.
In a recent article on the company's Web site, Nick Johnston, senior software engineer of Symantec Hosted Services, wrote that at one Internet terminal at a large airport ... Continue reading ...
Posted by Oyya-Info on Friday, July 16, 2010,
In :
Security
Cryptography expert Bruce Schneier used to write his passwords down on a
slip of paper and keep it in his wallet. Today, he uses a free
Windows password-storage tool called Password
Safe that he designed five
years ago and released into the open-source community.
The desktop application lets users remember only one master password to
access their password list. But Schneier still recommends the
paper method for people who don't have their computers with them at all
times like he doe... Continue reading ...
Posted by Oyya-Info on Thursday, January 14, 2010,
In :
Security
Perhaps Google's announcement that Chinese cyber attackers went after human rights activists' Gmail accounts has made you skittish about just how private your own messages are on the Google e-mail service.
Well, if you want to take a significant step in keeping prying eyes
away from your electronic correspondence, one good encryption
technology that predates Google altogether is worth looking at. It's
called public key encryption, and I'm sharing some instructions on how
to get it working i... Continue reading ...
Posted by Oyya-Info on Thursday, December 3, 2009,
In :
Security
For about the 4,000th time in the last five years, I tried to sign
up for a new Web service, but it wouldn't accept my proposed password.
Apparently, the site operators decided that passwords should contain
only letters and numbers. Aarrrrgh! This isn't the first time I've seen this idiocy, and it won't be the last. But it should be.
Guidelines on how to construct a strong password almost uniformly
recommend using a mixture of upper and lower case letters, numbers, and
symbols. Tools for gene... Continue reading ...
Posted by Oyya-Info on Tuesday, November 24, 2009,
In :
Security
With most computers threatened by attacks coming through Web
applications, it's no surprise that security would be a key piece of
Chrome OS, Google's browser-based operating system that stores data in
the cloud.
Google showed off its new lightweight operating system designed for Netbooks and cloud computing on Thursday. As anticipated, it will rely on many of the same security features and concepts used by the Chrome browser.
"The browser is the operating system. We've expanded the browser to... Continue reading ...
Posted by Oyya-Info on Tuesday, November 10, 2009,
In :
Security
Apple on Monday released a large security update for Mac OS X that
fixes dozens of vulnerabilities and provides protection against
potential attacks exploiting a weakness in the protocol used to verify
that a domain is legitimate. There are 43 specific issues addressed in the 2009-006 update, released the same day as Mac OS X v.10.6.2.
It plugs a variety of holes for the Mac OS X v10.5.8, 10.6, 10.6.1, and
Mac OS X Server v10.6 and 10.6.1, many of which could lead to arbitrary
code execution... Continue reading ...
Posted by Oyya-Info on Thursday, October 29, 2009,
In :
Security
More midsize companies are being attacked by cybercriminals at the
same time they're spending less on security, says a McAfee report
released Wednesday.
Across the world, more than half of the 900 midsize businesses (51 to 1,000 employees) surveyed by McAfee for its report, The Security Paradox,
said they've seen an increase in security breaches over the past year.
Despite the threat, the recession has caused most of these companies to
freeze their IT security budgets.
M... Continue reading ...
Posted by Oyya-Info on Friday, October 9, 2009,
In :
Security
Comcast is launching a trial on Thursday of a new automated service
that will warn broadband customers of possible virus infections, if the
computers are behaving as if they have been compromised by malware.
For instance, a significant overnight spike in traffic being sent from
a particular Internet Protocol address could signal that a computer is
infected with a virus taking control of the system and using it to send
spam as part of a botnet.
Comcast is launching a trial of a service that... Continue reading ...
Posted by Oyya-Info on Thursday, October 8, 2009,
In :
Security
With security and cloud-computing both hot-button topics, Verizon
Communications and McAfee are joining forces to offer customers a
combination of the two.
Verizon's business unit and McAfee announced Thursday a new joint
venture to sell cloud-based security products and services to large
businesses and government agencies. With more companies tapping into
the "cloud" to lower costs and outsource administration, McAfee and
Verizon will sell a new suite of cloud-based security products,
expandi... Continue reading ...
Posted by Oyya-Info on Tuesday, September 29, 2009,
In :
Security
A rise in malware has caused the number of infected PCs worldwide to
increase 15 percent just from August to September, says a report
released Tuesday from antivirus vendor Panda Security.
Across the globe, the average number of PCs hit by malware now
stands around 59 percent, an all-time high for the year. Among 29
countries tracked, the U.S. ranked ninth with slightly more than 58
percent of its PCs infected. Taiwan hit first place with an infection
ratio of 69 percent, while Norway came i... Continue reading ...
Posted by Oyya-Info on Wednesday, September 9, 2009,
In :
Microsoft
Microsoft issued a formal security advisory late Tuesday on a reported zero-day flaw
in Windows Vista and Windows Server 2008. However, the software maker
also said that the flaw does not affect the final version of
Windows 7, contrary to earlier reports.
"Microsoft is investigating new public reports of a possible
vulnerability in Microsoft Server Message Block (SMB) implementation,"
Microsoft said in the advisory. "We are not aware of attacks that try to use the reported vulnerabilities o... Continue reading ...
Posted by Oyya-Info on Monday, August 31, 2009,
In :
Security
It used to be that an IT administrator could warn employees about
opening attachments from unknown sources or clicking on links from
unknown e-mail senders as the first line of defense against spam,
malware, and other bad stuff on the Internet.
Today, the seedy side of the Internet comes in many different
forms and from many different sources. Stop for a moment and think
about the new places where malware might be buried, hidden, released,
and shared--a legitimate site that's been hacked, a b... Continue reading ...
Posted by Oyya-Info on Friday, August 14, 2009,
In :
Security
One of the best ways to protect your online security is to have
strong passwords that you change periodically. But that's easier said
than done. Coming up with hard-to-guess passwords is hard enough, but
it's even harder to have separate passwords for different sites and to
remember new ones after you change them.
One way to create a password that's hard to guess but easy to remember
is to make up a phrase. You could type in the entire phrase (some sites
let you use spaces, others don't) or y... Continue reading ...
Posted by Oyya-Info on Sunday, July 26, 2009,
In :
Security
Two researchers for Hewlett-Packard have created a browser-based
darknet, an idea that could make it easier for businesses to keep
eavesdroppers from uncovering confidential information.
Darknets are encrypted peer-to-peer networks normally used to
communicate files between closed groups of people. Most darknets
require a certain level of technological literacy to set up and
maintain, including taking care of the necessary servers. However, HP
researchers Billy Hoffman and Matt Wood plan nex... Continue reading ...
Posted by Oyya-Info on Wednesday, July 22, 2009,
In :
Security
The techniques Google uses to protect Chrome users from browser-based
attacks have taken on new importance with the company's plan to make
the software the centerpiece of a Netbook operating system.
Two weeks ago, Google announced plans for the open-source Chrome OS
designed for people who spend most of their time on the Web. The Google
Chrome operating system is a "natural extension" of the Chrome browser,
Sundar Pichai, vice president of product management, and Linus Upson,
engineering d... Continue reading ...
Posted by Oyya-Info on Saturday, July 18, 2009,
In :
Security
The Symbian Foundation has acknowledged that its process for keeping
malicious applications off Symbian OS-based phones needs improvement,
after a Trojan horse program passed a security test.
The botnet-building Trojan,
which calls itself "Sexy Space," passed through the group's
digital-signing process, Symbian's chief security technologist Craig
Heath said Thursday. Heath said the group is working on improving its
security-auditing procedure.
"When software is submitted, we do try to filt... Continue reading ...
Posted by Oyya-Info on Friday, July 17, 2009,
In :
Google
New versions of Google Chrome are out, fixing bugs and patching security holes in both the stable build and the beta build.
Two serious security flaws have been plugged. One had allowed for
malicious code exploitation within the Chrome tab sandbox. Found by the
Google security team, the threat was serious enough that Google has
declined to be more specific until "a majority of users are up to date
with the fix," the company said in a blog post.
A second security risk caused by memory corru... Continue reading ...
Posted by Oyya-Info on Wednesday, July 15, 2009,
In :
Security
There is a critical JavaScript vulnerability in the
Firefox 3.5 Web browser, Mozilla has warned.
The zero-day flaw lies in Firefox 3.5's Just-in-time (JIT)
JavaScript compiler. Proof-of-concept code to exploit the vulnerability
has been posted online by a security research group, Mozilla said in a post on its security blog on Wednesday. Security company Secunia rated the vulnerability as "highly critical" on Wednesday.
The hole could allow a hacker to launch a "drive-by" attack,
according to... Continue reading ...
Posted by Oyya-Info on Wednesday, June 24, 2009,
In :
Security
Microsoft on Tuesday released its latest foray into security software as a limited beta. Microsoft Security Essentials,
known in development as Morro, is limited to 75,000 downloads in four
countries: the United States, Israel, Brazil, and China.
Security Essentials
contains all the basic features that users have come to expect from
free security software: multiple built-in and customizable scan
options, a scheduler, automatic definition file updates, a real-time
defense shield, and rootkit... Continue reading ...
Posted by Oyya-Info on Friday, June 19, 2009,
In :
Security
Microsoft will launch a public beta of its anti-malware service,
Microsoft Security Essentials, on Tuesday as it phases out its Live
OneCare suite in favor of a simpler free consumer security offering.
Microsoft Security Essentials, which will run on Windows XP, Vista, and
Windows 7, will be available in the U.S., Brazil, and Israel in English
and Brazilian Portuguese. A public beta version for Simplified Chinese
will be available later in the year.
The service works like traditional antivi... Continue reading ...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
Jeff Moss, founder of the Black Hat and Defcon hacker and security conferences, was among 16 people sworn in on Friday to the Homeland Security Advisory Council.
The HSAC members will provide recommendations and advice directly to Secretary of Homeland Security Janet Napolitano.
Moss' background as a computer hacker (aka "Dark Tangent") and role as
a luminary among young hackers who flock to Defcon in Las Vegas every
summer might seem to make him an odd choice to swear allegiance to the...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
You might have heard about online "phishing" scams designed to steal
money from unsuspecting Web users, but now criminals are using another
type of scam called "vishing" to commit the same crimes.
Last week, the Federal Trade Commission filed lawsuits
against two telemarketing firms in Florida and a company claiming to
sell extended automobile warranties for violating the Do Not Call
registry and fraud for selling bogus warranties for between $2,000 and
$3,000 a pop. Since 2007, the compan... Continue reading ...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
Microsoft on Tuesday released a patch aimed to fix a critical vulnerability in PowerPoint that had already led to exploits.
The vulnerability is listed as critical
for Office 2000, but rated only as important for Office XP, Office
2003, and Office 2007. However, the hole had already formed the basis
of targeted attacks, prompting Microsoft to issue a warning last month.
Although Microsoft says the hole is now patched in the Windows version
of P...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
The Conficker Internet virus has infected important computerized
medical devices, but governmental red tape interfered with their
repair, an organizer of an antivirus working group told Congress on
Friday.
Rodney Joffe, one of the founders of an unofficial organization
known as the Conficker Working Group, said that government regulations
prevented hospital staff from carrying out the repairs.
Joffe, who also is the senior vice president for the telecom
clearinghouse Neustar, told a panel of ... Continue reading ...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
In the wake of the Conficker worm spreading via removable storage
devices among other methods, Microsoft said on Tuesday it is making a
change to the way Windows 7 handles USB drives.
As a result of the change, most USB drives will not be able to
automatically launch a program using a Windows feature known as
AutoRun, Microsoft said in a post on its Security Research & Defense Blog.
So, if an infected USB drive is inserted on a machine then the AutoRun task will not be displayed, Microso...
SAN FRANCISCO--The federal official overseeing a 60-day review of the
U.S. government's cybersecurity efforts indicated Wednesday that the
final report recommends shifting more responsibilities to the White
House.
"It provides the president with recommendations for a White House
organizational structure that can effectively address
cyberspace-related issues," Melissa Hathaway, acting cyberspace
director for the White House's National Security and Homeland Security
councils, said at the RS...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
In past years, I looked at the RSA security conference
as a high-tech flea market staffed by the world's best security
carnival barkers. Yes, important security topics were discussed, but
the real focus of the show was selling products and doing deals. This year's event has its share of tacky presentations and
booth babes, but I'm hearing a lot of chatter about a far more
important topic: the state of information security and its impact on us
all. Finally, the combination of unending dat...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
With all the Internet attacks that exploit Adobe Acrobat Reader people
should switch to using an alternative PDF reader, a security expert
said at the RSA security conference on Tuesday.
Of the targeted attacks so far this year, more than 47 percent of them
exploit holes in Acrobat Reader while six vulnerabilities have been
discovered that target the program, Mikko Hypponen, chief research
officer of security firm F-Secure, said in a briefing with journalists.
Just last month,
Adobe iss...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Microsoft
SAN FRANCISCO--Microsoft's operating systems are still vulnerable to
attacks, but more often than not it's older versions that are taking
the big hits.
That was the message from Scott Charney, corporate vice
president in Microsoft's Trustworthy Computing group, when he sat down
with me on Tuesday. We chatted about the latest threats, including
Conficker. The much-maligned
Windows Vista, he noted, wasn't hit in the way that older versions of the operating system were.
"Some of those widesp... Continue reading ...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
Windows 7 makes remote connectivity to corporate networks seamless,
protects data on thumb drives, and offers fewer user account control
prompts to bug users compared to Vista, Microsoft said on Monday.
The software giant began an education blitz about the security features
of the newest version of its operating system at the start of the RSA
2009 security conference.
Windows 7, which was released in public beta in January, will have 29 percent fewer user account control (UAC) prompts ...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
Be careful who you give your
mobile phone
number out to. An attacker with the right toolkits and skill could
hijack your phone remotely just by sending SMS messages to it,
according to mobile security firm Trust Digital.
 In
the Trust Digital demo on YouTube, an attacker sends an SMS message to
the victim phone (on the left) which opens up a Web browser and
downloads an executable file that directs it to send an SMS to the
attacker's phone (on the right). (Credit: Trust Digital)
In what it ... Continue reading ...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
With the Conficker worm still hot and Microsoft patching multiple software vulnerabilities last week, it might be reasonable to assume the bad guys are winning the battle to get control over Internet-connected computers.
That's not necessarily the case. Developers are increasingly equipped
with tools to shore up their products and vendors are collaborating in
unprecedented ways to not only close holes in software, but also make
sure they aren't in there in the first place, according to se... Continue reading ...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Microsoft
Microsoft will begin offering its first hosted security service under
the Forefront brand on Thursday, dubbed Forefront Online Security for
Exchange and designed to help keep malware and spam out of e-mail
in-boxes.
The hosted service, which will cost $20 per user per
year or less based on volume licensing, targets enterprise Exchange
customers and includes a Web-based console for setting up policies for
virus and spam protection, said Doug Leland, general manager of
Microsoft's Identity and S... Continue reading ...
| |
