Articles about Security

Malware infection strikes US Justice Department

A virus infection of unknown type and origin necessitated the partial shutdown of computer networks belonging to the US Marshals Service on Thursday. The FBI was also believed to have been infected, and other Justice Department agencies were taking precautions Thursday as well.

Nikki Credic, a spokesperson for the US Marshals Service, provided very little data about the nature of the problem, but she did state that no data was known to have been compromised. The agency took down its net access and shut down some parts of its e-mail service while tech folk got to the source of the problem.

Continue reading

In the battle to balance budgets, security is losing

Information security doesn't have the easiest time in the budget process even under the best of circumstances, but many observers had hoped that the threat of greater risk in tough times would shield security budgets from cost-cutting moves that could prove dangerous in the long run. Sadly, that's not what Deloitte's recent Global Security Survey for the Technology, Media & Telecommunications Industry is seeing out there.

There's not a lot of optimism afoot when you feel compelled to call the Key Findings synopsis of your report "Losing Ground," but the information Deloitte's researchers turned up is actually more nuanced than that -- it's not just that the budgets are getting smaller, but that the threats are getting bigger. (Last year's report, for the record, was titled "Treading Water"; before that we had "Protecting the Digital Assets.")

Continue reading

Apple, Java, and the Ravenous Bugblatter Beast of Traal

The Ravenous Bugblatter Beast of Traal, as fans of Douglas Adams know, is a creature so mind-bogglingly stupid that it assumes that if you can't see it, then it can't see you. They are natives of the planet Traal, but on Earth are often found in Cupertino, address One Infinite Way. (Leave it to an RBB to name its lair after a programming error.)

On Traal, one fends off attacks of the Ravenous Bugblatter Beast by wrapping a towel around one's own head. As nearly as I can tell, that's Apple's actual security strategy. How otherwise would you explain the company's non-response to CVE-2008-5353, known these past nine months and patched by everyone but Apple?

Continue reading

Microsoft releases Security Development Lifecycle process template, with free docs

On Tuesday, Microsoft released its Security Development Lifecycle (SDL) Process Template and documentation on the new 4.1 SDL version free to all applications developers -- including those who aren't using the company's development tools.

Microsoft's not the first company to think about incorporating security scrutiny somewhere in the development process, but there's no industry-wide standard for doing so; even the IEEE's SESC Framework hasn't provided any significant mention of security concerns. Microsoft's idea is to integrate security concerns into every step of the development process, and Microsoft counts six of them: setting project requirements, design, implementation, verification, release, and response (support and service).

Continue reading

The latest BSA report: More educated consumers will thwart piracy

Twitalyzer, one of those wonderful sites that makes Twitter feel just a little bit more like a high-school popularity contest, has a sense of humor about what they do: "Having worked with numbers for over a decade we are well aware of the fact that most people don't understand them, even when put in context." After which they proceed to at least try to provide a bit of context for their usage statistics, because what else can you do?

Numeracy is on my mind this week here in Seattle, where the geek contingent failed to block the adoption of a set of high-school math textbooks that spotlights "inquiry-based" or constructivist learning, as opposed to the type of learning where you learn how to do math. The idea of the new curriculum is that if you let students "discover" mathematical concepts on their own, they'll all turn into little Newtons or Leibnizes. And their self-esteem will be exquisite!

Continue reading

Adobe delivers a patch for JavaScript-related PDF vulnerability

Adobe this week delivered a patch for a highly critical PDF vulnerability that's been hanging open since late April -- 14 days of potential mayhem, but a lot faster than their previous month-long delay on a critical-level hole earlier this year.

Though Adobe has denied knowledge of exploits in the wild for the problem, which stems from a JavaScript memory corruption error, at least one security firm says they're out there if you look. Speaking to SCMagazineUS.com, a representative of Arizona-based Lumension says the firm has spotted infected PDF files on China-based Web servers.

Continue reading

Panda lofts its antivirus protection into the cloud

Download Panda Cloud Antivirus 0.9 from Fileforum now.

If the prospect of keeping important data out in the cloud still makes you slightly uneasy, you might get positively lightheaded at the thought of keeping your anti-malware protection up there. But Panda Cloud Antivirus, which entered beta recently, did a decent job of protecting a test system from the bad stuff -- without shoveling our data into the ether, and without slowing our system down.

Continue reading

RealNetworks lets Facet glitter, briefly

One day before closing arguments are scheduled in the Hollywood suit against RealNetworks and its RealDVD product, RealNetworks' CEO gave out some tantalizing information about its Facet set-top box -- both confirmation of what it is and financial numbers that indicate how much it means to the company.

Glaser described Facet to analysts on the company's quarterly earnings call as Linux-based hardware running a software stack "designed to be the successor to the consumer DVD player." We knew that. In fact, it's generally thought that Facet represents a consumer-ready DVD jukebox -- rip once, watch forever, and with control equivalent to a decent DVR (at least).

Continue reading

Is your privacy anyone's priority?

So I'm launching a security column on the anniversary of the Hindenberg disaster. Seems right.

Speaking of things that blow up and embarrass political figures: Did you enjoy the excitement recently when a Fordham law-school class tested Supreme Court Justice Antonin Scalia's assertion that consumers don't really need more personal-privacy protections? If you missed it, Joel Reidenberg's class went online to see how much free, publicly available information it could turn up on the justice, who has stated previously that he doesn't see a need for greater legal protections for privacy.

Continue reading

Google Chrome grows up, joining the realm of everyday exploitability

When the first public beta of Google Chrome arrived on the scene last September, it was given a rather rude welcome: It immediately faced the problem of averting a vulnerability. But this was only by virtue of the fact that it uses the open source WebKit rendering engine, whose exploitability had been discovered in Apple Safari just a few weeks earlier.

Now, however, Chrome is coming unto its own, but in a good way: Developers discovered some serious vulnerabilities in the browser apparently before malicious users did. In perhaps the most potentially serious dodged bullet, one of the Chromium project's lead contributors discovered a buffer overflow condition that occurs when a bitmap is copied between two locations in memory. The pointers to those locations may point to different-sized areas without any type or size checking, theoretically enabling unchecked code to be copied into protected memory and then potentially executed without privilege.

Continue reading

Microsoft's deep-rooted Vine isn't just another social network

Let's get something clear up front: Whatever you've heard elsewhere, Microsoft doesn't intend for their Vine service to take over your Twitter or your Facebook or your texting or any of your other social networking tools. They've got bigger fish to fry.

Back in 2005, as we watched Hurricane Katrina upend our faith in America's emergency response system, some Microsoft folk started asking what software development might bring to the table in future crises. Tammy Savage, general manager for Microsoft's public safety initiatives, says that the original Vine team spent a lot of time thinking about "all aspects of crisis, from preparation to recovery -- all kinds of organizations, asking what Microsoft might uniquely be able to provide."

Continue reading

Dear Time Magazine: Know when you're pwned

The editors of Time's current "World's Most Influential Person" poll would like you to think that their online poll wasn't owned hard by the denizens of 4chan's /b/ realm: "TIME.com's technical team did detect and extinguish several attempts to hack the vote," says the overview. Maybe, if by "extinguish" they mean "were kitten-helpless against." If you doubt the power of /b/, check out the first letters of the first 21 entries on the list.

Maybe the editors were making a meta-statement about the power of creative hacking, because the collection of exploits run against the poll are a nifty little set. Music Machinery's got a nice overview of how the multipart effort came off. So was Time asking for it by including 4chan founder moot (Christopher Poole) on their nominees list and implementing such slack security, or did they just include him for the lulz and get the excitement as a big /b/onus?

Continue reading

Quit swining and get the flu facts

If everyone will just calm down for a few minutes, there's plenty of good information out there on what's happening with the swine flu. (Yes, it's more fun to freak out, and your humble reporter wishes to report that children of her acquaintance are already using breathless news reports concerning the flu to beg for a day off from school. Note to children: When operating in pairs, try to get your story straight re your symptoms. I digress.)

First rule: Remember that the plural of "anecdote" is not "data," and resist the urge to gorge on me-too mainstream coverage or strained local angles on the situation. Instead, get your propagation information from the World Health Organization and the Centers for Disease Control. Who's got a dedicated swine-flu page in place. So does the CDC, and they also have tips for keeping yourself and your overwrought friends and co-workers safer -- hand washing is recommendation #1. Their Travelers' Health page (on which the organization currently warns against nonessential travel to Mexico) is a good site for practical folk in any case. (WHO, by the way, advises no restriction of regular travel or closure of borders.)

Continue reading

EC's Reding: Europe needs a 'Mr. Cyber Security'

After an apparent victory in her efforts to prevent the UK from establishing a central database for private citizen communications, European Commissioner for Information Society and Media Viviane Reding said she wants her government to create a post for a point-man for the continent's cybersecurity.

"Although the EU has created an agency for network and information security, called ENISA, this instrument remains mainly limited to being a platform to exchange information and is not, in the short term, going to become the European headquarters of defense against cyber attacks. I am not happy with that," stated Comm. Reding (PDF available here). "I believe Europe must do more for the security of its communication networks. Europe needs a 'Mister Cyber Security' as we have a 'Mister Foreign Affairs,' a security tsar with authority to act immediately if a cyber attack is underway, a Cyber Cop in charge of the coordination of our forces and of developing tactical plans to improve our level of resilience. I will keep fighting for this function to be established as soon as possible."

Continue reading

Full Disk Encryption for notebooks launches in beta

Security company Check Point Software has begun accepting testers for its ZoneAlarm Full Disk Encryption for Laptops beta program, a program designed to make sensitive data saved on notebooks more difficult to extract if the computer is stolen.

While Full Disk Encryption is turned on, the user must enter an additional password before Windows starts up. Once in Windows, the software encrypts unused files, including even deleted and temporary ones, and decrypts only the files currently in use.

Continue reading

© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.