Security Vendor Patches IE Bug 03/28/2006

With Microsoft Corp. saying that it may wait until April 11 to patch a critical vulnerability in its Internet Explorer browser, security vendor eEye Digital Security Inc. has released what it calls a "temporary" patch to address the problem. The bug, which concerns the way IE processes Web pages using the createTextRange() method, is now being exploited by attackers on hundreds of malicious Web sites

Security Spending in Asia to Double 03/28/2006

Security spending is set to double by 2010, as businesses in the Asia-Pacific region snap up more integrated security appliances, according to a new report by research analyst IDC. The overall security appliance server market in the region excluding Japan is expected to grow at a compound annual growth rate of 15.6 percent over five years, to reach over US$1.1 billion in 2010, IDC noted in a statement on Monday.

Verisign Security Assessment 03/26/2006

VeriSign has launched a risk profiling service that gives companies an overall picture of how good their security setup is. The service ties together risk profiling from Skybox Security with threat research from VeriSign's own iDefense, and explains how well a company can meet current threats, as well as explaining how changes - such as altering a firewall or installing a patch - will affect the picture. Complete Article

Microsoft Slams Apples Security 03/27/2006

A Microsoft security manager has called on Apple to appoint a head of security and change how it handles vulnerabilities and updates. A security program manager at Microsoft Corp. has scolded rival Apple Computer for claiming that its security updates are just as transparent, informative, and detailed as those that come out of the Redmond, Wash. developer every month. Stephen Toulouse, a program manager for the Microsoft Security Response Center and often the MSRC's spokesman, has used several entries in his personal blog to take Apple to the woodshed. Complete Article

UN Security Councils Security 03/27/2006

According to Reuters: The U.N. Security Council has too often failed to act swiftly and effectively to contain international crises and needs to be reformed, the head of the U.N. nuclear watchdog said on Saturday. "Too often, the Security Council's engagement is inadequate, selective, or after the fact," said Mohamed ElBaradei, last year's Nobel Peace Prize winner.

Homeland Security Undersecretary Hale resigns 03/23/2006

Janet Hale, the Homeland Security Department’s first undersecretary for management, will leave her post in early May. In a March 22 statement announcing her resignation, Homeland Security Secretary Michael Chertoff called her a pioneer and commended her for merging the management and budget functions of 22 agencies into the mammoth department.

Other Important Security Sites 03/22/2006

Security Protection - Locate RSS feeds specific to security related issues. From homeland security warnings to virus alerts. Get RSS feeds to notify you of status changes. Security Software - Finding the balance between George Orwell's 1984 and assuredness that your privacy is protected, has become a more difficult balance with the emergence of new technologies. Security Software is a resource that will assist you in protecting your privacy without going to the extremes. Alarm Tools - Alarm solutions directory including security alarms, burglar alarms, companies, emergency response solutions and fire alarms.

GM Security Guard Accused of Hacking 03/20/2006

A former security guard at General Motors Corp.'s (GM) Warren technical center is accused of taking employee Social Security numbers and using them to hack into the company's employee vehicle database. James S. Green II, 35, of Washington Township, found out what company cars the employees drove and sent them bogus e-mails asking them their thoughts on the vehicles, Macomb County sheriff's Capt. Anthony Wickersham said Tuesday. Complete Article

RFID Tags To Spread Viruses 03/19/2006

Radio frequency identification tags can be used to spread computer viruses and attack middleware applications and the databases behind them, a group of Netherlands-based scientists said Wednesday. At an IEEE' conference on pervasive computing in Pisa, Italy, Melanie Rieback, a third-year PhD student at Amsterdam's Vrije Universiteit, presented a paper that outlined the threat to RFID systems and laid out how the small amount of memory in a tag -- in some cases as little as 128 bytes -- could be used to corrupt databases.

Failing Grades for Security 03/19/2006

For the fourth consecutive year, a large percentage of federal agencies flunked their annual network security review under the Federal Information Security Management Act (FISMA), including the Department of Homeland of Security (DHS) and the Department of Defense (DOD). Out of 24 reporting agencies, 13 either scored an F or a D in the annual report card scores required under FISMA.

New Denial of Service Attack 03/17/2006

A new type of denial of service attack has emerged, with an impact right across the internet, security experts have warned. The new style distributed denial of service attack hits target organisations by flooding their e-mail systems with queries bounced off domain name system (DNS) servers.

International Conference on Energy Security Opens in Moscow 03/14/2006

Representatives of G8 countries and international organizations have gathered in Moscow for a two-day international conference on energy security. The main session of the conference will be dedicated to the problems of energy safety and security. Participants will also take part in the round table discussion titled “The current state and perspectives of nuclear power generation”. The conference drew participation from the representatives of state authorities, business circles, scientific and technological organizations of G8 countries, as well as from international bodies and organizations.

Tech Companies Focus on Security 03/14/2006

Security is never far off the mind of most people, and the companies that make money from fear are here in abundance at the CeBIT technology trade fair. And that is not such a bad thing. Software vendors like Symantec and SAP are showing users how to protect their data without having such high fire walls that no-one can communicate with customers. And Hitachi has launched a laptop which stores the vein patterns of the user's middle finger.

BigFix Security Software 03/14/2006

BigFix on Monday announced support for Macs that use Intel processors with a Universal Binary release of its eponymouse security configuration management software. BigFix is a policy-based system that provides enterprise network managers and IT staff with the ability to manage, audit and track computers connected to their network.

EMC Buys Security Software 03/14/2006

EMC has quietly acquired Authentica, a privately-held maker of security software that helps companies and government agencies protect critical information, for an undisclosed sum.

Panda Platinum 2006 Internet Security Named Best 03/14/2006

Panda Platinum 2006 Internet Security takes first place, ahead of nine other solutions, in a comparative review carried out by the Dutch national consumer organization magazine, De Digitale Consument. The technical analysis focused on the antivirus and anti-spyware potential of the products, as well as the firewall performance. The test used samples of about 3,500 threats, including viruses.

Homeland Security News 03/13/2006

Free News Submission Available for Homeland Security Companies and Organizations at the National Homeland Security Knowledgebase The NHSK site now offers a free news submission section where Homeland Security companies and organizations can submit relevant news for free. The site audience targeted to Homeland Security creates a platform for a valuable PR and marketing venue. Additionally, companies, government and organizations can post job offerings within the industry sector for a fee in the newly created "Homeland Security Job Posting" section. The National Homeland Security Knowledgebase also includes comprehensive Homeland Security information resources, news, Homeland Security newsletter, investment research, technology sectors, and a collection of links on Homeland Security related topics.

Hacker Teaches 03/10/2006

He can find George Bush senior's social security number and Leonardo DiCaprio's mother's maiden name in under 15 seconds, and led the FBI on a three-year manhunt as he hacked his way into the world's biggest firms. "Computer terrorist" Kevin Mitnick is one of the world's most famous computer hackers and became a cause celebre after breaking into networks and stealing software at companies including Sun Microsystems and Motorola. Now Mitnick, from the United States, travels the world teaching companies how to guard against people just like him.

Apple OS X Withstands University Student Hacking Attempts 03/10/2006

The University of Wisconsin has ended its OS X hacking contest with no successful hacking attempts. The challenge was cut short after the University's Chief Information Officer found out about it and deemed that it was unauthorized. The competition's website has since been removed.

Security Researchers Terminate Sites Selling Trojans 03/10/2006

Several Web sites selling made-to-order Trojan horses to hackers have been shut down, the two cooperating security companies who led the investigation said Wednesday. U.S.-based RSA Security and Spain's Panda Software collaborated in the effort to identify, locate, and shutter five sites. Three were marketing la carte Trojans for launching targeted identity theft attacks against users of specific financial institutions, while two were sites where the buyers could monitor the infections the malware caused.

Two Security Updates From Microsoft Next Week 03/10/2006

Microsoft said today it plans to issue two software updates next week to patch a couple of security holes in its Windows operating system and its Office productivity suite.

Mac Hacker Mocks Security 03/07/2006

It took the winner of the 'rm-my-mac' competition 30 minutes to gain root control of a Mac Mini using an unpatched OSX exploit. Gaining root access to a Mac is "easy pickings", according to an individual who won an OS X hacking challenge last month by gaining root control of a machine using an unpublished security vulnerability. On 22 February, the Sweden-based Mac enthusiast set up his Mac Mini as a server and invited hackers to break through the computer's security and gain root control, which would allow the attacker to take charge of the computer and delete files and folders or install applications.

Port Security Seen As Serious Issue 03/06/2006

Political turmoil over the Bush administration's decision to allow an Arab government-owned company to operate shipping terminals at U.S. ports has sparked new efforts in Congress to tighten port security. With loud public criticism concerning the deal to allow Dubai Ports World, a firm owned by the United Arab Emirates government, to operate six East Coast and Gulf seaports, lawmakers are dusting off proposals to tighten maritime cargo security this election year. "We took care of aviation pretty well, we beefed up rail, but ports haven't had the attention they should," said Sen. Kay Bailey Hutchison, R-Texas. "I think there is momentum for a broader look at port security. We have the attention of the rest of Congress" as the result of the Dubai debate.

RSA Adaptive Authentication 03/06/2006

RSA Security on March 1 announced a new risk-based authentication product and said that ETrade Financial would use the program to secure log-ins for all its online brokerage customers. RSA Adaptive Authentication is a multi-tiered authentication scheme that combines RSA's SecurID tokens and tokenless "risk-based" authentication from Cyota. The new service will allow banks and financial services companies to extend more security to the masses of online banking customers. Complete Article

George Orwell's Thoughts 03/06/2006

What would George Orwell think of the U.S. government's inquiry of search data to see a snapshot of just what people are searching for? Amid the fallout of the inquiry, industry experts convened at the Search Engine Strategies 2006 Conference ? Complete Article

Researchers Not Sharing Virus Details 03/05/2006

Researchers are wondering why a group claiming to have found the first PC-to-mobile Trojan is unwilling to play by the gentleman's rules of security researchers. Normally, new viruses are shared by the discoverers, so vendors can verify the find and update their own anti-virus software. But MARA, a non-commercial collection of malware researchers, will only share the alleged Trojan within its membership. This has caused a problem for anti-virus researchers who find MARA's stand puzzling.

Mobile Anti-Virus 03/04/2006

As anti-virus researchers have discovered evidence of the first mobile phone Trojan (Redbrowser.A) targeting J2ME (Java 2 Platform, Micro Edition) devices, Finnish anti-virus vendor F-Secure has issued updated the virus definitions for their Mobile Anti-Virus to combat this threat.

Apple Releases Security Patch 03/04/2006

Apple Computer releases its first security update of 2006 to patch 17 bugs, including a critical flaw in the Safari browser and a gaffe in iChat that was used by the first Mac OS X worm to infect Macintosh machines.

Blog Archive
March Archive
February Archive
January Archive