Find network and information security news, reviews and analysis, covering data protection, privacy, endpoint security, and security management.
  • Microsoft to release six Windows security updates

    Posted November 9, 2006 - 5:08 pm

    Microsoft Corp. will release six groups of security patches next Tuesday as part of Microsoft's regularly scheduled monthly patch release, and will fix critical flaws in Windows and the company's XML parser.
  • Microsoft releases Sony rootkit hunter's tools

    Posted November 9, 2006 - 4:05 pm

    Nearly four months after hiring Sony rootkit whistleblower Mark Russinovich, Microsoft Corp. has moved his company's software to its Web site and has released a new Windows system tool that can help fight hackers.
  • Gartner: Consumers to lose $2.8B to phishers in 2006

    Posted November 9, 2006 - 9:54 am

    Browser makers may have added new antiphishing features to their products in recent months, but the criminals are still gaining ground in their efforts to defraud U.S. consumers, according to the Gartner Inc. research firm.
  • Google accidentally sends out Kama Sutra worm

    Posted November 8, 2006 - 4:33 pm

    Google Inc. accidentally sent out e-mail containing a mass mailing worm to about 50,000 members of an e-mail discussion list focused on its Google Video Blog, the company said Tuesday.
  • PhishTank nets 3,000 scams

    Posted November 8, 2006 - 2:46 pm

    PhishTank collected just over 7,000 submissions in October, with 3,678 validated as scam sites via a total of 93,531 user votes. Users invalidated 878 submitted sites and a further 2,505 went offline before they could be checked. The top sites impersonated were PayPal and eBay, unsurprisingly, followed by a list of banks around the world.
  • Fake YouTube videos lure users to adware

    Posted November 8, 2006 - 2:39 pm

    Fraudsters are attempting to con users into installing a controversial adware engine using fake porn videos from YouTube as bait.
  • FTC settles with e-mail marketer

    Posted November 7, 2006 - 3:40 pm

    Marketer Yesmail Inc. has agreed to pay a $50,717 civil penalty to settle Federal Trade Commission (FTC) charges accusing it of sending unsolicited commercial e-mail after recipients asked it to stop.
  • IBM watchdog system scans digital video

    Posted November 7, 2006 - 12:20 pm

    Early next year, IBM Corp. will start selling advanced video surveillance software that can sift through thousands of hours of digital video in a matter of seconds.
  • DriveSentry offers 'firewall' for storage drives

    Posted November 6, 2006 - 9:35 am

    A Mountain View, California, startup company has developed what it calls a storage "firewall" to prevent computer viruses from wrecking the data on desktop computers.
  • Microsoft vulnerability rooted in ActiveX control

    Posted November 6, 2006 - 9:10 am

    Microsoft Corp. is investigating reports of a vulnerability in a Windows ActiveX control that could allow an attacker to remotely take control of a computer, according to an advisory issued Friday. One security company rated the vulnerability critical, while Microsoft said it allowed only limited attacks.
  • Antiphishing fighters take on malware

    Posted November 3, 2006 - 4:12 pm

    The volunteers behind the Phishing Incident Reporting and Termination Squad (PIRT) have started a new project called the Malware Incident Reporting and Termination Squad (MIRT)to crack down on malware. Users are invited to submit samples of potentially malicious code to a database of "unknown files," which are then analyzed and reverse-engineered by the team of volunteers.
  • Security threat changing, says Symantec CEO

    Posted November 3, 2006 - 9:23 am

    The threat posed to computer users and companies by hackers is shifting from attacks on the computers to attacks on electronic transactions, according to the head of one of the world's largest security software vendors.
  • Security Tip: Three steps toward enclave computing

    Posted November 2, 2006 - 10:24 pm

    Enclave computing is based on the idea of defense-in-depth where organizations apply various levels of network, data and infrastructure segregation. Creating internal "enclaves" for production and data processing systems enables organizations to secure their essential assets from various threats better than they could using more traditional perimeter-centric security implementations. Think of it as creating multiple perimeters around your assets, while beginning to treat general users, partners and others as being in the traditional "DMZ" type of networks. Other names that refer to the same idea are "internal network segregation" and "asset-centric security". To prepare for this transition, organizations and security teams must do three things.
  • Microsoft's Forefront group eying compliance market

    Posted November 2, 2006 - 5:04 pm

    Security vendors Symantec Corp. and McAfee Inc. may soon find Microsoft Corp. competing with them in a new market. Microsoft has developed network-scanning technology, internally known as Spider, that scans PCs for security vulnerabilities, ensures that the latest patches are installed and that PCs have the required software to put them in compliance with corporate IT policy.
  • Hacker project puts spotlight back on Mac security

    Posted November 2, 2006 - 12:22 pm

    The security of Apple Computer Inc.'s wireless drivers is under scrutiny again, thanks to a new hacker project. On Wednesday HD Moore posted code that exploits a flaw in the Proxim Wireless Corp. Orinoco wireless cards used by PowerBook and iMac computers built between 1999 and 2003.
  • Mozilla pledges to fix second minor Firefox 2.0 bug

    Posted November 2, 2006 - 11:53 am

    A second minor bug found in the Firefox 2.0 Web browser will be fixed, but users shouldn't encounter much of a problem in the mean time, a Mozilla Corp. official said Thursday.
  • Symantec CEO encouraged by MS moves on Vista

    Posted November 2, 2006 - 10:31 am

    The head of Symantec Corp. said Thursday that he is encouraged by recent statements from Microsoft Corp. that it plans to work with security software companies and provide them with more access to the Windows Vista operating system.
  • Groups call for investigation of Microsoft ad service

    Posted November 1, 2006 - 6:07 pm

    Two consumer advocacy groups have filed a complaint with the U.S. Federal Trade Commission (FTC), saying Microsoft Corp. and other Web-based companies are using "unfair and deceptive" business practices to collect data about their customers.
  • Symantec releases support for Vista, 64-bit computing

    Posted November 1, 2006 - 3:56 pm

    In the next few weeks, Symantec Corp. will roll out products aimed at early adopters of the Windows Vista OS and 64-bit computing, while also expanding the capabilities of its backup software.
  • IronPort to buy Postx

    Posted November 1, 2006 - 2:58 pm

    Looking to expand its security appliance offerings, IronPort Systems Inc. plans to acquire PostX Corp., a vendor of e-mail encryption software.
  • Hackers break into water system network

    Posted November 1, 2006 - 2:36 pm

    An infected laptop gave hackers access to computer systems at a Harrisburg, Pennsylvania, water treatment plant earlier this month. The plant's systems were accessed in early October after an employee's laptop computer was compromised via the Internet, and then used as an entry point to install a computer virus and spyware on the plant's computer system, according to a report by ABC News.
  • New alliance puts crosshairs on spam

    Posted November 1, 2006 - 10:33 am

    The StopSpamAlliance Web site launched on Tuesday, the result of a plan hatched at the World Summit on the Information Society meeting in Tunisia in November 2005. The alliance brings together several organizations to better coordinate efforts to stop spammers, who frequently frustrate law enforcement efforts by running operations across borders.
  • A peek inside a security consultant's backpack

    Posted October 31, 2006 - 6:05 pm

    A peek inside Brent's Huston pack
  • New Windows attack can kill firewall

    Posted October 30, 2006 - 5:36 pm

    Hackers have published code that could let an attacker disable the Windows Firewall on certain Windows XP machines. The code, which was posted on the Internet early Sunday morning, could be used to disable the Windows Firewall on a fully patched Windows XP PC that was running Windows' Internet Connection Service (ICS).
  • Tricky new malware challenges security vendors

    Posted October 30, 2006 - 2:58 pm

    A malicious program (called "Warezov," "Stration" and "Stratio") that has become more prevalent in spam has been rated as a low risk by many security vendors, but they also say that it is tricky to deal with.
Join us:






Join today!

See more content
Ask a Question