Security & Privacy

Gary McKinnon, the man accused by U.S. prosecutors of "the biggest military hack of all time," has won the right to a judicial review of a Home Office decision to extradite him to the U.S.

Lord Justice Maurice Kay made the ruling at the High Court in London on Friday. The Home Office had refused to halt the extradition proceedings, despite McKinnon having been diagnosed with Asperger's Syndrome, a condition on the autistic spectrum.

McKinnon's solicitor Karen Todner told ZDNet UK on Friday that she was "very pleased" about the High Court … Read more

Recent Enterprise Strategy Group data indicates that security spending should maintain its current pace in 2009. There will be spending increases in some vertical sectors, like the U.S. federal government, but overall, things should remain relatively flat.

As they say on Wall Street these days, "flat is the new up." Large organizations will continue to bolster network defenses and focus on protecting confidential and private data. Given the frightening security threat landscape, this is good news.

Unfortunately, there is a caveat here. Under constant pressure to "do more with less," some chief security officers I … Read more

Apple has issued a critical security update for QuickTime media player, aimed at resolving vulnerabilities that could potentially allow a malicious attacker to take control of a person's computer, according to an Apple advisory released this week.

People running QuickTime 7 for Windows and for Mac OS X, are affected, as well as those who are using Mac OS X 10.4 or Mac OS X 10.5, according to Apple.

Apple is advising people to update to QuickTime 7.6 for Windows, QuickTime 7.6 for Leopard, or QuickTime 7.6 for Tiger.

The update seeks to address … Read more

It is a hoax, Wired reported Thursday -- an article that looks like a story on Wired.com and that claims Apple CEO Steve Jobs has had a heart attack.

"A widely-circulated URL which points to an image that purports to be a wired.com story about Steve Jobs health is a hack job," Wired.com said. "We won't provide the URL here but the Twitterverse quickly surmised that the item was not correct." It appears to have first been reported by Mashable.

Someone created a legitimate-looking Web page using Wired's public upload image … Read more

Internet security firm Intego said on Thursday that it has discovered a new Trojan horse in pirated copies of Apple's iWork '09 productivity software that could allow an attacker to take control of the infected computer.

The Trojan horse, OSX.Trojan.iServices.A, discovered circulating in copies of the software on BitTorrent trackers and other pirate sites, is rated serious, according to Intego's security alert.

When iWork is installed, the Trojan is installed as a start-up item as a part of iWorkServices. It has read-write-execute permissions for root control of the computer, Intego said. The malware connects to … Read more

The administration of President Barack Obama will be hiring a new national cyber adviser, according to the agenda for homeland security released on his first full day in office.

The Agenda for Homeland Security, released Wednesday, lists goals for defeating terrorism and improving intelligence gathering, as well as for protecting the nation's information networks and critical infrastructure.

The top item under protecting information networks is to strengthen leadership on cyber security by establishing a "position of national cyber advisor who will report directly to the president and will be responsible for coordinating federal agency efforts and development of … Read more

There is a change brewing in information security and information management. In the early days, this discipline really came down to event detection. Security information management systems scanned a bunch of data looking for needle-in-the-haystack events that indicated trouble. All other data was considered "noise" and thrown away.

With the onset of regulatory compliance a few years ago, this model went through an initial change. The "noisy" data was now necessary information to demonstrate security controls for compliance audits. Still, event data and compliance data remained separate entities.

Now things are changing yet again. In today'… Read more

TJX stores, including T.J. Maxx and Marshalls, are holding a one-day 15-percent-off sale on Thursday as a way to show appreciation for customers after a data breach at the company.

TJX disclosed in 2007 that 45.7 million customer accounts were compromised

"TJX has chosen to hold a previously planned, one-time Customer Appreciation Day to express our appreciation to customers for their continued support and patronage following the criminal attack(s) announced on our computer systems two years ago," TJX spokeswoman Sherry Lang said in a statement. "TJX remains committed to providing our customers a safe … Read more

Updated 3:25 p.m. PST with comment from Heartland.

Heartland Payment Systems, which processes payroll and credit card payments for more than 250,000 businesses, reported Tuesday that consumer credit card data was exposed in what may be the largest security breach ever.

In a statement that coincided with President Barack Obama's inauguration events, Heartland said the breach occurred last year but that it found evidence of the intrusion last week and immediately notified law enforcement and credit card companies.

Robert H.B. Baldwin Jr., president and chief financial officer of Heartland, told CNET News he did not … Read more