Articles about Security

DoD responds to elderly worm by yanking removable media

The Department of Defense has allegedly responded to an infection by a variant of the elderly W32.Silly worm by banning the use of removable media -- thumb drives, flash memory cards for cameras, and all.

SillyFDC, to give it perhaps more attention than it's worth, installs itself in the Windows registry and watches for removable storage to infect, copying itself to "Lcass.exe" and dropping a file called "autorun.inf" on the removable drive. The version affecting Armed Forces machines, however, is rumored to be a variant of Agent-EMB, which also installs itself in the registry but has no particular interest in removable drives -- a hint that SillyFDC might merely be the delivery device, not the true problem.

Continue reading

Microsoft says it 'has always preferred' DRM-free content

REDMOND, WASH. - Microsoft has been working for years to be your TV-time buddy, while yearning also to forge deep relationships with Hollywood and other content providers. But Microsoft wants you to know it's always liked you better.

At a Media Center-centric event here Wednesday, Microsoft's new Media Center marketing manager Mike Seamons, charged with demonstrating the charms of the Windows 7 version of Media Center, said that "Microsoft has always preferred DRM-free" content, adding that the company nonetheless understands the need for protections.

Continue reading

IRS hires its first-ever CTO; who will be Obama's?

Terence V. (Terry) Milholland started a new job as the Internal Revenue Service's chief technology officer on Monday. No worries; he's already been CTO of organizations handling your money.

Milholland, a graduate of the University of Maryland and George Washington University, was previously executive vice president and CTO of Visa International. Before that, he served as CTO and CIO of EDS, around for the early days of the just-completed EDS-HP merger; before that, he was a 21-year veteran of Boeing, finishing his time there in 1999 as chief information officer.

Continue reading

Free 24-hour ZoneAlarm Pro 2009 download

Need a firewall freshener? Tuesday marks Check Point Software's 15th anniversary, and to celebrate, it's offering free copies of Check Point ZoneAlarm Pro 2009 to all comers.

Check Point's anniversary promotion runs from 9:00 am EST today until 9:00 am on Wednesday, and includes a one-year license for one PC running Windows XP or Vista. The company will also offer an assortment of discounts on ZoneAlarm Antivirus, ZoneAlarm Pro, and ZoneAlarm Internet Security Suite.

Continue reading

DHS proposes funky 'fix' for RFID security

A proposal by the Department of Homeland Security attempts to address one potential security problem with RFID-chipped passports, but leaves more obvious problems hanging fire.

In an effort to detect attempts to clone the data stored on RFID chips used on US Passport Cards, DHS on Wednesday announced that it is recommending that manufacturers supplying these RFID chips include a "unique identifier number," or Tag Identifier (TID).

Continue reading

Malware, mayhem, and the McColo takedown

The takedown of the McColo hosting service led to a gratifying, if temporary, decrease in spam this week -- but it could also portend a rise in malware infections.

As with the September takedown of Atrivo (nee Intercage), users around the net are currently enjoying the kind of respite from spam that comes when a major "evil ISP," as MessageLabs senior anti-spam technologist Matt Sergeant puts it, bites the dust.

Continue reading

Public officials give 700 MHz network deals the skeptical eye

Plans to open up the 700 MHz band of the electromagnetic spectrum include a serious swath of bandwidth for public-safety concerns. So why were some public-security officials saying Saturday that they hesitate to get on board?

If that old saying about investing in land ("Good investment, since they ain't making any more of it") is sort of true for physical real estate, it's even more on-point for the electromagnetic spectrum. So when the 700 MHz band is released from its UHF-channel duty after the switch in 2009 to digital-only TV broadcasting...well, you expect a bidding frenzy.

Continue reading

Malware testing gains some structure

An international group formed in May to lay some ground rules for anti-malware testing has delivered a pair of documents setting forth basic principles.

The Anti-Malware Testing Standards Organization (AMTSO), which includes representatives from most of the major vendors on its membership roster, has published two documents setting forth fundamental principles (PDF available here) and best practices for dynamic testing (PDF available here).

Continue reading

Spammers break BlogSpot CAPTCHA, load up on garbage sites

The weary war against net scum continues, as Google's much-abused BlogSpot service finds its CAPTCHA tech hamstrung and malicious Web sites spread like stinkweed.

The October report from MessageLabs (PDF available here) confirms what blog aficionados had suspected for several weeks: Spammers have figured out a way to get around certain implementations of CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) and thus abuse BlogSpot as well as CAPTCHA-guarded e-mail services such as MobileMe.

Continue reading

E-voting machines, registration databases have a mixed Tuesday

Though no reports of substantial problems have emerged, the tech behind Tuesday's election didn't necessarily cover itself in glory.

OurVoteLive.org blogged that it had received over 75,000 calls since Tuesday, though causes varied and only a minority of calls received concerned e-voting trouble -- 1,730 since yesterday. The VoterAction hotline reported 16,000 calls, with as many as 3,000 in just one hour, again with a fraction of those reflecting machine problems.

Continue reading

Debug the vote? Looking out for trouble on Tuesday

With unprecedented turnout expected for Tuesday's elections, a number of efforts are underway to use the net and allied technologies to monitor voting glitches or irregularities.

Individuals connected with many vote monitoring efforts have already gotten their marching orders. Calls went out this summer for geeks of all sorts to step up as election site workers and e-voting machine technicians; Premier, Hart InterCivic, ES&S, and Sequoia all posted multiple calls for tech folks to serve as on-site tech support on November 4. As for observers, groups such as Mobilize.org were signing up younger and perhaps more tech-aware poll workers. And outspoken BlackBoxVoting.org has published a 78-page guide (PDF available here) to monitoring every step of the current elections.

Continue reading

Glitch reports mount for e-voting machines

It's six days until the American elections. Do you know whether your electronic voting machines are behaving?

The overwhelming majority of voters on Tuesday will encounter machines from Premier Election Systems, Hart InterCivic, Sequoia Voting Systems, or Election Systems and Software (ES&S). For your consideration, we present a roundup of problems currently known to be manifesting or to have recently manifested in testing and early voting, sorted by vendor.

Continue reading

Scareware worm stretches out to Picasa, Google Reader

A Facebook worm wending its way through the address books of unwary users is gaining trust by pointing to two equally trusted sites, researchers warned on Wednesday.

The worm aims to trick the unwary into installing malware on their own systems. That malware is disguised as a new ActiveX video codec.

Continue reading

Google moves to address OpenID confusion among users

Acting on concerns that OpenID's a great idea but a miserable user experience, Google on Wednesday announced an API based on usability research for OpenID identity providers.

OpenID-accepting sites (aka "relying parties") using the new API can allow visitors to log in using only their Google account, with no need to figure out a new username and password. In the example given on Google Code Blog, if a visitor to an OpenID-accepting has a gmail.com address, they'd be temporarily taken back to Google and asked if she or he wished to sign into the new site using that address.

Continue reading

OpenID adds Microsoft's Live ID to its list of providers

Microsoft announced on Monday that the company's Windows Live ID will support the OpenID digital identity framework, releasing a Community Technology Preview (CTP) at this week's Professional Developers Conference in Los Angeles.

The CTP allows relying-party sites and the developers of relying-party libraries to test their setups against the Windows Live ID OpenID provider endpoint. Testing now will help them to knock out bugs before the system goes live, most likely sometime next year.

Continue reading

© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.