Articles about Security

Towards a single, reliable system for identity management

In this age of phishing, hacking, identity fraud, and other forms of cybercrime, answering two simple questions -- "Who are you?" and "How can you prove it?" -- is fast becoming a critical requirement for all online business activities.

Moreover, solving this "identity management" challenge has become quite complex as the increasing need for cross-organization collaboration, concerns about security, and the problem of user password management suggest that the traditional company-issued username and password approach is no longer adequate. As a consequence, federated identity management, in which a third-party identity provider plays a key role, is rapidly emerging as a preferred approach.

Continue reading

Now, the great Facebook security giveaway ...literally

Facebook wants to be your new security maven.

Go ahead. Have a good laugh. I certainly did, after I first learned about Facebook's plan to partner with security provider McAfee to boost end-user security on the often-attacked social media platform.

Continue reading

Russinovich: A possible cure for exploitable heap corruption in Windows 7

The key to a huge plurality, if not a majority, of exploits that have plagued Microsoft Windows over the past two decades has been tricking the system into executing data as though it were code. A malicious process can place data into its own heap -- the pile of memory reserved for its use -- that bears the pattern of executable instructions. Then once that process intentionally crashes, it can leave behind a state where the data in that heap is pointed to and then executed, usually without privilege attached.

Yet it doesn't take a malicious user to craft a heap corruption. Multithreaded applications that make use of collective heaps become like multiple users of a single, distributed database. Without intensive methodologies to maintain vigilance, making sure one thread doesn't corrupt an application's heap for all the other threads, the app collapses into something more closely resembling the more colloquial meaning of the metaphor "heap." Microsoft would like to present its development environments and runtime frameworks as providing these vigilance services on behalf of the developer, so she can concentrate on her application. But in recent years, what developers don't know about what's going on under the hood, has come back to bite them.

Continue reading

Broken Berry: RIM runs out of free passes

Like the other over-50% of smartphone-owning people in North America, I'm quite the fan of my BlackBerry. Even in an era when newer kids on the block -- namely Apple's iPhone and Google's Android -- garner more accolades and headlines for having slicker interfaces and cooler (and more) apps, the BlackBerry platform remains the safe, reliable choice that's good enough for most consumers and businesses. Despite analyst predictions that the BlackBerry will someday be reeled in by the upstarts, Research In Motion continues to grow and dominate the market it practically defined a decade ago.

We may want to revisit the "reliable" bit, though. After a week from hell marked by two highly publicized continent-wide outages, BlackBerry users are asking themselves whether this is the new normal, and why BlackBerry devices seem especially vulnerable to this kind of mass outage when competing platforms like iPhone and Android are not.

Continue reading

Apple's iPhone carrier woes extend to the UK with O2 3G outage

2:30 pm EST December 21, 2009 · UK-based carrier O2 is now saying, through its Twitter feed, that the fault related to iPhone data service outages throughout Britain has been fixed. Customers may continue to see some delay, however, before their service is fully restored.

As of late Monday afternoon in the UK (late Monday morning in the US), a data network outage continues to impact O2 network customers -- specifically those using Apple iPhone 3G and 3G S models. O2 acknowledged the problem yesterday via Twitter, and once again this morning.

Continue reading

Privacy group urges FTC to stop Facebook from sharing 'Everything'

When Facebook implemented changes to its privacy system last week, users were invited by way of a "wizard"-like control panel to change their current privacy settings. But the only option they were given besides leaving privacy where it was to begin with, was an option called "Everyone." And what many users may not have been aware of, was that the "Everyone" setting effectively turned privacy controls off.

"Facebook's 'Everyone' setting overrides the user's choice to limit access by third-party applications and Web sites," reads the text of a complaint today filed before the US Federal Trade Commission (PDF available here) by the Electronic Privacy Information Center -- the same group that filed a complaint against Google's cloud-based privacy policy last March. EPIC is urging the FTC to charge Facebook with unfair and deceptive trade practices -- perhaps emboldened by the FTC's unexpectedly bold charges against Intel, filed yesterday.

Continue reading

Google, Facebook, and our privacy: We're all in denial

What does it mean to have a "right to privacy?" We have a right to vote, and too few of us use it. I heard it explained to me once, a human right is like a vegetable garden. You have to nurture it, take care of it, and harvest it. Otherwise you have a plot of dirt.

The Internet is not like a vegetable garden. Perhaps that test is appropriate, then, for lawmakers worldwide considering whether the "right to Internet access" follows from the right to free speech -- there are places in the world where is this actively being considered. If a person is denied access to the Internet, the argument goes, her free speech rights are being violated, or at least abridged.

Continue reading

Betanews Podcast: Transportation security, Facebook sensitivity, and you

Click here to listen to What Are We Learning Today? Betanews podcast (MP3 format, approx. 20:00 min.)

On our second edition of the Betanews podcast, we take a look at the ongoing effort to keep stuff that we share on the Internet from not being shared so much. The Transportation Safety Administration and the American citizen are very much in the same bucket today, as both are being faced with a new and intriguing privacy and sensitivity debacle...essentially the same one, just in two different respects.

Continue reading

The PDF redaction problem: TSA may have been using old software

The problem with the release of a Transportation Security Administration security screening manual was not, as many news outlets reported yesterday, the fact that it appeared "out there on the Internet." As US Homeland Security Secretary Janet Napolitano told reporters this morning, according to the Washington Post, the TSA manual was supposed to have been posted on the Internet -- it was part of a cache of documents intentionally posted to a government procurement Web site.

The real problem is that the portions of the PDF document that were supposed to have been redacted -- or removed from the file and replaced with blackouts -- were not actually removed. Sec. Napolitano said this morning that disciplinary action may be taken against the TSA employees responsible, and at one point implied that only one person may inevitably be to blame.

Continue reading

Betanews Podcast: Rupert Murdoch and the buying stuff online problem

Click here to listen to the inaugural What Are We Learning Today? Betanews podcast (MP3 format)

We inaugurate our first Betanews podcast today with a look at two serious problems -- the quandary over how publishers can make the online news business sustainable long-term, and the problem with securing the Web's transaction layer. From the top of the cliff, to borrow an Arlo Guthrie analogy, they look like two little piles; but up close, they're one big one: We haven't really solved how to pay for things online, and the TLS problem is an illustration of that.

Continue reading

The Black Screen Syndrome, or, Tech news in search of the apocalypse

Was the "Black Screen of Death" issue (KSoD) covered by Betanews earlier this week a real story? This is a serious question, especially in the wake of security firm Prevx's admission that it was very premature in its conclusions that KSoD incidents had been triggered by last month's round of Patch Tuesday updates.

Let's discuss this rationally. Although it does not appear to be an exploitable security problem by malicious users, and we have reason to believe it cannot become one, the KSoD problem (differentiated from BSoD, the "Blue Screen of Death," something else entirely) is a strange symptom that has cropped up on some machines over the years -- in our experience, some Vista-based systems. Some. It is a significant enough problem that when Betanews encountered it first-hand last June, and I discovered a way for users to fish themselves out from being stuck with it (without installing any new software), I wrote about it and presented a solution that, at least, worked for me.

Continue reading

Security firm: Windows patches not responsible for 'Black Screen of Death'

When Betanews reported last June about occurrences of the infamous "Black Screen of Death" (KSoD) in Windows Vista, a reader wrote to suggest to us that we might have only considered the matter so important this late in the game because suddenly it happened to us. A similar opinion may be appropriate for British security firm Prevx, which now says it has "exonerated" last month's set of Patch Tuesday updates from Microsoft as the cause of what it called last night a "crop" of KSoD incidents.

Early Tuesday evening, Prevx director of malware research Jacques Erasmus reported on his company's blog that he and his team have made "significant progress in determining specific triggers of the black screen event." Specifically, it determined that a side-effect accidentally discovered over three years ago by none other than SysInternals' Mark Russinovich (now with Microsoft), led to instances where Windows' product activation inadvertently triggered the black screen. When a System Registry entry of String type is supposed to be terminated by a null character (0) but isn't, the result is that the entry itself may disappear from REGEDIT, Windows' well-known Registry Editor. Such an entry may also trigger KSoD conditions.

Continue reading

Microsoft denies latest 'Black Screen of Death' claims

A spokesperson for Microsoft told Betanews early this afternoon that it has officially investigated claims that its latest security updates are the cause of an alleged "crop" of "Black Screen of Death" incidents, for which British security firm Prevx hurriedly released something billed as a possible fix. The claims, the company says, are unfounded.

"Microsoft has investigated reports that its latest release of security updates is resulting in system issues for some customers due to changes made by the security updates to the registry," the spokesperson told us. "Our comprehensive investigation has shown that the November security updates, the Microsoft Malicious Software Removal Tool, and the non-security updates we released through Windows Update in November do not make any changes to the registry as claimed. We do not believe Microsoft Updates are related to the behavior described in these reports."

Continue reading

The fallacy of Facebook privacy

Natalie Blanchard is either the most naïve Facebook user in the history of the social networking service, or an incredibly unlucky woman who just can't seem to get back on her feet. Whatever title she ends up wearing, she's quickly becoming the poster child for caution in the social media age. Unless you belong to a mysterious sect that specifically bans any form of online activity, either learn her difficult lesson or risk suffering a similar fate.

The resident of Bromont, Quebec, Canada suffers from severe depression and has been on long-term disability leave from her job at IBM for over a year-and-a-half. She had been receiving benefits from her company's insurer, Manulife, until earlier this fall when the checks suddenly stopped coming. When she called her insurance agent to find out why, she was told the company had looked up her supposedly private Facebook account, and found pictures of her posing with Chippendale dancers at a bar, attending a birthday party, and enjoying a beach vacation.

Continue reading

Where there's smoke: Apple warranty stance raises troubling questions

I'm the last person who would ever come out in support of smoking. It's a noxious, nasty habit that according to the US Centers for Disease Control kills 443,000 Americans every year. The CDC says smoking is the root cause of over 30% of all cancer-related deaths, 80% of all lung cancer-related deaths, and 80% of deaths due to chronic obstructive pulmonary disease.

These are big, ugly numbers, for sure. But I'll be selfish and focus only on one: My father was a secret smoker for years -- a secret that ultimately landed him in hospital with a compromised heart, and a secret that ultimately killed him.

Continue reading

© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.