Norton Internet Security 2010 won't be available for a few more months, but the beta version is available now. In it, Symantec continues to build on the rejiggering it did last year. Built upon the dramatic performance improvements are deeper integration with other security tools like OnlineFamily. Norton, and the new Norton Insight for judging threats by community behavior as well as file definitions.
CEOs and their senior executives don't see eye to eye on key security issues, according to a new survey.
Many CEOs don't consider their own companies vulnerable to security attacks and are confident in their ability to combat those attacks, says a survey released Wednesday. However, those findings contrast with the opinions of senior executives who report to the CEO. They see their companies as more vulnerable and are not confident they can stop data theft. The survey was sponsored by security company Ounce Labs and conducted by security researcher Ponemon Institute.
The survey sought to determine how … Read more
Twitter's latest security hole has less to do with its users than it does with its staff, but lessons can be learned on both sides.
In the case of Jason Goldman, who is currently Twitter's director of product management, the simplicity of Yahoo's password recovery system was enough to let a hacker get in and gain information from a number of other sites, including access to other Twitter staff's personal accounts.
The aftermath of the hack, which took place in May, is just now coming to fruition. Documents that a hacker by the alias of Hacker Croll recovered from Goldman's account and others (including Twitter co-founder Evan Williams) could be a treasure trove of inside information about the company and its plans.
While Croll was planning to release the entire batch publicly (and at once), tech blog TechCrunch posted news late Tuesday that it had received them and was considering posting the details of at least some of them.
Although it seems that Twitter has been thrust into this situation a bit unfairly, a hack along these lines could have happened to the executives of more Web companies than anybody would like to admit. What it really highlights is the extreme interconnectedness of the social Web: with the likes of e-mail contact importing and data-portability services like Facebook Connect now commonplace, a savvy hacker can have access to multiple accounts simply by accessing one.
A post Wednesday on Twitter's official blog highlights just how far-reaching this can be.
"About a month ago, an administrative employee here at Twitter was targeted and her personal email account was hacked," the post from co-founder Biz Stone read. "From the personal account, we believe the hacker was able to gain information which allowed access to this employee's Google Apps account which contained Docs, Calendars, and other Google Apps Twitter relies on for sharing notes, spreadsheets, ideas, financial details and more within the company."
Following that attack, Twitter conducted a security audit, and Stone's post says that there was not a security vulnerability in Google Apps and that Twitter continues to use the suite internally. A separate hack targeted the account of CEO Evan Williams' wife, and from that some of Williams' personal accounts were accessed as well, Stone explained.
But Twitter is front and center in the news these days, and is now talked about as a communications protocol as much as a Web start-up. Not only does that make it a particularly appealing target, but also… Read more
Most people may think they're smart enough not to answer an obvious spam message. But is that really the case?
Almost one third of consumers questioned admitted answering e-mails they suspected were spam, says a survey released Wednesday by the Messaging Anti-Abuse Working Group (MAAWG).
Among those who responded to spam, 17 percent said they clicked on it by mistake, 13 percent said they sent a note to the spammer to complain, while 12 percent said they were interested in the product or service.
The MAAWG's survey study, "A Look at Consumers' Awareness of Email Security and … Read more
The hole could allow a hacker to launch a "drive-by" attack, according to Mozilla. That means an attacker may be able to execute malicious code on a target machine, if … Read more
Microsoft on Tuesday issued patches to fix critical vulnerabilities in DirectShow and Video ActiveX that have been targeted in attacks, as well as fixes for holes in Embedded OpenType Font Engine and Microsoft Publisher that could allow someone to remotely take control of the PC.
Overall, the six "Patch Tuesday" updates fix nine vulnerabilities in Windows, Microsoft Office, Internet Security and Acceleration Server, Virtual PC, and Virtual Server.
The three DirectShow vulnerabilities could allow an attacker to remotely run code on the machine if a user opened a specially crafted QuickTime file. Microsoft warned of exploits against one … Read more
Cyber scammers are banking on the notion that many people who might not fall for a phishing scam via e-mail may still be easy targets through their mobile phone, according to security report released Tuesday from Cisco Systems.
Text message scams are on the rise, particularly fake messages that appear to come from a legitimate bank, said the report, which covers a wide variety of cybercrime topics.
The denial-of-service attacks launched on Web sites in South Korea and the United States earlier this month appear to have come from a master server in the United Kingdom, according to security researchers in Vietnam.
The master server controls all of the eight command and control servers involved in the series of distributed denial-of-service attacks that started on the July 4 weekend, security firm Bkis said in a blog posting on its Web site on Monday. Bkis said it gained control of two of the servers.
The Vietnamese firm estimated the number of compromised PCs involved in the attacks to … Read more
Attackers are exploiting a new critical ActiveX hole in Microsoft Office to take control of PCs by luring Internet Explorer users to malicious Web sites, Microsoft said on Monday.
The zero-day hole, the third one announced by Microsoft in less than two months, is in Office Web Components ActiveX controls used to display and publish spreadsheets, charts, and databases to the Web.
It affects Office XP, Office 2003, Internet Security and Acceleration Server 2004 and 2006, as well as Office Small Business Accounting 2006.
FORT BAKER, Calif.--As data moves to the cloud, attackers and thieves will follow, a federal prosecutor said on Friday.
The days of tracking down software counterfeiters in other countries who are selling pirated CDs are numbered as companies increasingly distribute software and store data online via hosted computing services, Matthew Parrella, an assistant U.S. attorney based in San Jose, Calif., said at Symantec's Norton Cyber Crime Day.
"That model of importation of software is becoming obsolete because we're seeing on the horizon cloud computing where so many of these operations are pushed from a user'… Read more