Ad: Manage updates with the Download App
ie8 fix

Security & Privacy

Ask partners with Symantec on security ratings for Web searches

Search engine Ask is partnering with Symantec to offer Web surfers ratings on the safety level of sites in search results, the companies were set to announce on Tuesday.

Sites will be rated with a color-coded icon in one of four colors--green for safe, yellow for risky, red for unsafe, and gray for unknown, said Andrew Moers, president of Ask Partner Network. Moving the cursor over the icon will display more information about the rating.

Unsafe sites are ones that pretend to be something they are not and shopping sites that lack security or where the merchants aren't reputable, … Read more

StopBadware.org, the place to appeal a Google malware warning

If your Web site is one of the more than 170,000 sites on the Internet that Google has tagged as hosting malware, you have a place to turn--StopBadware.org.

On Saturday, an error at Google changed the display of search results so that every site on the Internet was listed as having malware for about an hour. After that happened, StopBadware.org's site was hit with so much traffic--67,000 or 13 times the normal daily number--that it led to a denial of service that had the site offline for nearly an hour and a half.

After … Read more

Sony points to finger veins for gadget security

Sony is taking biometrics from the surface of the finger to the inside with a new vein authentication technology that could show up on mobile devices within the year.

The compact, camera-based system--called "Mofiria," though we're not sure why--uses a CMOS sensor to diagonally capture scattered light inside the finger veins. Data from the pattern is compressed, making it possible for the information to be stored on gadgets like laptops or cell phones.

Sony says vein authentication technology achieves higher accuracy and produces faster reads than other biometric authentication techniques, such as fingerprint or retinal scans. Finger vein patterns differ from person to person and finger to finger, Sony noted, and do not change over the years. Also, they're much easier to remember than passwords.

Sony claims that false rejection rate for the system is less than 0.1 percent and processing time for identification takes only about 0.015 seconds using a personal computer CPU and about 0.25 seconds using a mobile-phone CPU. … Read more

IBM report: Vulnerabilities still going unpatched

More than half of the security vulnerabilities disclosed during 2008 had no patches available from the vendor by the end of the year, according to a report released on Monday by IBM's X-Force research group.

Meanwhile, 46 percent of vulnerabilities from 2006 and 44 percent from 2007 still had no patch by the end of 2008, the 2008 X-Force Trend and Risk report said. X-Force documented a record number of 7,406 new vulnerabilities last year.

Overall, Microsoft is the vendor that tops the list in percentage of vulnerabilities disclosed, the report said. The Macintosh and base Linux kernel … Read more

Data breaches cost $6.6 million on average, survey finds

It costs $6.6 million on average when an organization suffers a data breach, and more than $200 per compromised record, according to a survey conducted by the Ponemon Institute that's due to be released on Monday.

The report, sponsored by PGP Corp., examined the costs incurred by 43 organizations that experienced a data breach. Breaches ranged as high as 113,000 records and the average total cost per company ranged from more than $613,000 per breach to nearly $32 million.

Most of the cost is due to lost business, which averaged nearly $4.6 million, the report … Read more

Windows 7 less annoying, but also less secure?

Microsoft's efforts to make Windows 7 less annoying than Vista may also be making it less secure than its predecessor.

With Windows Vista, the operating system popped up a warning any time a major change was being made to the system, whether by the OS or by a third-party application. With Windows 7, users can choose how often to be notified, with the current default set to notify only when a third-party application is making a change.

Blogger Long Zheng, however, is drawing attention to an apparent shortcoming in that approach. Because changes to the user account control setting … Read more

Report: Justice Department sends hoax e-mail to test workers

A U.S. Department of Justice e-mail that phished for sensitive information from federal workers was a hoax that the agency sent out to test its own security awareness, according to a report.

The e-mail, sent two weeks ago to Justice Department employees, directed recipients to a Web site that prompted them to supply account information related to the federal retirement savings program, the Associated Press reported.

"We have learned that the messages are part of a hoax invented and distributed by DOJ to test employee security awareness," Ted Shelkey, assistant director for information systems security, wrote in … Read more

Microsoft Surface to play defense at Super Bowl

<a href="http://video.msn.com/?mkt=en-US&playlist=videoByUuids:uuids:286ccd43-a8c8-4fd8-be1f-f942d4da016f&showPlaylist=true&from=msnvideo" target="_new" title="Super Bowl: Microsoft Surface helps police monitor security">Video: Super Bowl: Microsoft Surface helps police monitor security</a>

Tampa authorities will utilize Microsoft's Surface touch-screen device, along with other technologies, as part of Super Bowl Sunday security, according to Ars Technica.

For well over a year now, more than 60 federal, state, regional, local, and municipal authorities have been working with the E-Sponder technology partnership to plan … Read more

Spam: You just can't win

This was originally posted at ZDNet's Between the Lines.

For anyone even slightly optimistic about thwarting the never-ending crush of spam I have two words: don't bother.

At the Information Security Best Practices conference at Wharton School of the University of Pennsylvania, I've learned the following from the first panel.

Comcast's Gerard Lewis, senior counsel and chief privacy officer, noted that the Can-Spam act of 2003 "hasn't done anything to curb spam," but is "a well intentioned law." Indeed, almost all e-mail is classified as spam.

Lewis should know since Comcast … Read more

'Obama worm' probably a student prank, experts say

A new Internet worm that displays an image of President Obama is likely a prank by a student, several security experts speculated on Thursday.

Walling Data, a distributor of AVG security software, said the worm it discovered on computers at an Illinois grade school spreads via external devices like USB drives and network shares. Once a week, on Mondays, it displays a photo of President Obama's face in the lower right corner of screens on infected computers, but otherwise appears to be more of a nuisance than a threat.

The worm looks like a variant of MAL_OTORUN code that … Read more

ie8 fix