Articles about Security

Microsoft says botnet chief was former antivirus vendor employee

Edge security

Microsoft spent a good deal of time dismantling the Kelihos botnet last year, making it the first takedown where it was able to name actual defendants behind it. On Monday it made the suprising announcement that its latest defendant, Andrey N. Sabelnikov, had previously worked for an antivirus software vendor.

According to information on the Web, Sabelnikov worked for two Russian security vendors: Agnitum, a firm that produces firewall and antvirus software for PCs from September 2005 to November 2008, and Retunil from November 2008 to December 2011.

Continue reading

Get more from Windows Firewall with TinyWall

One common view of the Windows Vista/ 7 firewall is that it’s a toy, almost entirely useless, and you should replace it with something more capable just as soon as you possibly can. But this isn’t entirely fair.

Sure, there’s no easy way to, say, restrict outgoing network connections to the applications you specify, but that’s more to do with the firewall’s awkward configuration options than the underlying technology. And these are easy to fix. Install TinyWall and this compact tool will immediately extend the standard Windows Firewall, giving you far easier control over who gets to go online, and who really shouldn’t.

Continue reading

Don't believe me about the iTunes hack? Just check Twitter

In my most recent story about Apple's hacking problems within iTunes, I was not surprised to see the same criticisms as eight months ago: there's no evidence of it, it's all the users' fault for their crappy passwords, it's a small problem.

Okay, I'll give you the possibility that this could be partially the user's fault in some way. Like saying the guy run down by a speeding vehicle shouldn't have been driving during rush hour. That does not answer how these hackers are getting in -- which from BetaNews' research on this, is mainly an in-app purchase mechanism issue -- nor the true scope of this problem.

Continue reading

Big Data approach pinpoints malware that other solutions miss

Last month, in preparation for a panel, I was asked to put together a list of pros and cons with respect to using Big Data techniques in the context of information security technologies. While Big Data has benefits that span many security disciplines, it’s important to look at this from the perspective of what we call Advanced Malware Protection, which is the ability to discover, analyze and block advanced malware.

With that context in mind, let’s look at the "pros" of Big Data.

Continue reading

What is this mysterious site doing scanning mine?

For you Sherlock Holmes types out there, how would you like a case to crack?

As a software developer I have my own website, and l regularly track my web traffic. I check my web site stats daily. I do analysis of that data to glean everything I possibly can about those who visit my site. So to my surprise, one day recently while checking my web stats I was shocked to see the day's traffic shoot through the roof!

Continue reading

Anonymous launches SOPA strike, takes down Justice Dept.

"The Site is under maintenance. Please expect it to be back shortly". That's the message I found at Universal Music moments ago. The US Justice Department site isn't accessible at all. You can thank hacktavist group Anonymous, which claims responsibility for these and other SOPA blackouts today in response to the Feds shutting down Megaupload.

There's a certain irony to this evening's attacks. Yesterday, tens of thousands of sites supported a voluntary blackout protesting two bills snaking through Congress -- Stop Online Piracy (SOPA) and PIPA (PROTECT IP Act). Anonymous' attacks, presumably denial-of-service, blacked out sites that either support the legislation or would be responsible for enforcing it. We've gone from voluntary blackout protests yesterday to involuntary ones today. As I write, Recording Industry Association of America is down, too.

Continue reading

iTunes hacked! Apple ignores it

It is now over eight months since I first reported to you my experience of getting hacked on iTunes. Last June, hackers found a way into my iTunes account using Sega's Kingdom Conquest -- a game I never downloaded. I was bilked out of $95.30, which the hackers stole from my account through iOS' in-app purchase mechanism.

Within hours of posting that story, I was flooded with dozens -- if not hundreds -- of similar stories. Initially, they were similar to mine and involved Kingdom Conquest, but additional reports indicated other games are being used to break into iTunes accounts worldwide.

Continue reading

Decompile Flash files with HP SwfScan

Pay a visit to HP’s download pages and for the most part you know exactly what you’re going to get: drivers, manuals and all the usual installation software you’d expect from the company’s wide range of products.

Look a little closer, though, and you’ll also find one or two more generally interesting freebies. And so HP’s Web Security Application Group, for instance, has produced a tool called SwfScan, which can both decompile SWF applets and analyze them for security vulnerabilities.

Continue reading

Koobface hackers are easily found on Facebook, elsewhere

The attackers behind the Koobface worm are not doing much to cover their tracks, say security researchers with Facebook and several security firms. Hackers are living a comfortable life in St. Petersburg, Russia, and have been posting freely to social networking sites such as Facebook and Foursquare.

Facebook and law enforcement have reportedly known their identities for several years. At least one of the members of the gang has repeatedly broadcast the location of the group's offices via Foursquare, including pictures of members at work -- presumably spreading Koobface around the world.

Continue reading

Security lessons Zappos' 24 million customer breach should teach us

security hand

Another major breach is in the headlines. Zappos, an online shoe and apparel retailer owned by Amazon, disclosed Sunday night that more than 24 million of its customer accounts had been compromised. Hackers accessed customer names, email addresses, phone numbers, the last four digits of credit card numbers and cryptographically scrambled passwords.

To its credit, Zappos moved quickly, resetting the passwords for all the affected accounts. But it was cold comfort for those who may still be in danger of having their data exposed if they used the same or similar credentials on other websites. This concern prompted Zappos CEO Tony Hsieh to warn customers of possible phishing scam exposures in an email to affected customers. It’s another reminder of the sad state of security today.

Continue reading

Will your website go dark to protest SOPA?

Jan. 18, 2012 is designated SOPA blackout day, with prominent websites planning to go dark in protest of two bills working through Congress -- Stop Online Piracy Act and PROTECT IP Act (PIPA). If you've got a big school project due Thursday and plan on using Wikipedia, get your research done today. The community-based encyclopedia plans to go dark tomorrow, and it's not alone.

The proposed legislation has generated gigabytes of negative responses, which included a Go Daddy boycott for supporting SOPA (since retracted) and culminates in tomorrow's blackout. Two months ago, I posed poll: "US Congress is considering two new copyright bills: PROTECT IP and Stop Online Piracy Act. Do you support them?" More than 3,500 responses later, 95 percent answered "No". You're not alone.

Continue reading

Zappos hack exposes personal information of 24 million customers

Hacker keyboard

Data on up to 24 million customers of online shoe retailer Zappos was compromised according to an email sent by its CEO Tony Hsieh on Sunday. While Hsieh says that full credit card information is safe, hackers may have the last four digits of the cards.

Hackers accessed names, email addresses, physical addresses, and phone numbers. Passwords were also compromised, however in encrypted form. As a result, the company sent out an email to all its customers, advising them to change their passwords as a protective measure. Zappos is also asking customers to reset their passwords elsewhere where it may be the same.

Continue reading

10 years after Bill Gates' Trustworthy Computing memo: What it meant for Microsoft and why every tech company needs one

I joined the Microsoft Security Response Center (MSRC) in April 2001 and left the company in December 2010. During that time I was involved in security and privacy at Microsoft, culminating in my role handling worldwide crisis communications for security and privacy incidents. I am one of a handful of people who knows what the security world was like at Microsoft before Chairman Bill Gates' Trustworthy Computing memo on Jan. 15, 2002. I was also part of the growth and transformation that memo brought about over the years.

As Microsoft marks the tenth year anniversary of that memo, it seems a good time to share a former insider’s view of what it really meant and accomplished. As well, I'll share thoughts on why, in the next 10 years, it’s critical that other technology companies follow Gates’ lead.

Continue reading

Save big on security software and system utilities

dollar keyboard

January is traditionally a tight month for finances after all of the expenses of Christmas, but it is also the time of year when there are great bargains to be grabbed. Head over to the Downloadcrew store and you’ll find all manner of great deals with huge savings to be made on big name software.

You may have decided to put yourself through a new health regime for 2012 and there’s no reason your computer shouldn’t be given the same treatment. Look no further than TuneUp Utilities 2012 [3-PC, 1-Year], which will help you to keep your system optimized and you can save 62 percent off the MSRP when you buy the software for just $18.95. Small businesses can make an even greater 75 percent savings when buying TuneUp Utilities Business Edition 2012 [5-PC, 1-Year] for just $19.95.

Continue reading

Add another layer of security with Smart PC Locker Pro

If you’re working on a PC in a crowded area, and need to move away for a moment, then the system can easily be locked simply by holding down the Windows key and pressing L. You’ll return to the login screen, and only someone who knows your user account password will be able to restore normal operations.

Of course is this is a shared PC then there may be several people who know the password. And Windows account passwords offer only limited security, anyway; there are ways to bypass them. So if you’re concerned about privacy then it may be wise to add another layer of security, courtesy of the free Smart PC Locker Pro.

Continue reading

© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.