Security & Privacy

High insecurity at LockCon

Once again I made the annual trek to a little town in the northern Netherlands, Sneek, to meet with about 75 colleagues to discuss the latest security issues and bypass techniques for locks, safes, and access control systems. LockCon, the new name for "The Dutch Open" is organized by Barry Wels and Han Fey. For the past six years, they have put together a three-day event, replete with lock picking contests, safe cracking demonstrations, and briefings on new security technologies.

More importantly, the conference provides a forum for serious discussions and presentations about design flaws in security hardware, … Read more

Guns-for-cameras program aimed at Toronto shooters

Toronto police launched an innovative gun amnesty program on Wednesday. It's dubbed Pixels for Pistols, and through it, police are offering to give out a Nikon digital camera to anyone turning in a firearm.

A handgun or assault rifle is worth a $400 Nikon Coolpix S52 and a shotgun nets a $250 Nikon Coolpix P60. The deal includes free photography lessons.

The amnesty program will run for four weeks, according to Henry's camera store, which is providing the cameras.

This might be a good idea for U.S. cities with a lot of street crime. Other amnesty programs … Read more

Microsoft issues 'critical' patch outside normal cycle

Microsoft will issue a patch for a "critical" security flaw in Windows, the company said Thursday. The patch comes outside of its normal monthly patching cycle due to the severity of the issue.

The vulnerability can result in a remote code execution, in which malicious attackers could take control of a user's computer to launch code.

According to Microsoft's bulletin, the vulnerability is found in Windows 2000 with Service Pack 4, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

Microsoft will hold a Webcast at 1 p.m. PDT to address the issue. … Read more

English-speakers more at risk of identity fraud

People in English-speaking countries are targeted for identity fraud at twice the rate of many Europeans, according to a new study released by PayPal on Wednesday.

Ten percent of online shoppers in the U.S., the U.K. and Canada--not-surprisingly, places with high percentages of e-commerce transactions--reported being victims of identity fraud, compared with only 5 percent in France, Germany and Spain, the study conducted by Ipsos found.

The Germans had the lowest rate of identity fraud of the countries, with 3 percent reporting problems.

Meanwhile, the Germans were also found to be more cautious with their passwords. Only about … Read more

Keystrokes can be recovered remotely

Wired keyboards, like those found on desktop PCs, emit electromagnetic waves that can be read remotely, according two Swiss researchers.

Researchers Martin Vuagnoux and Sylvain Pasini of the Swiss Security and Cryptography Laboratory at LASEC/EPFL, were able to recover keystrokes from wired keyboards at a distance up to 20 meters (about 65 feet), even through walls, simply by reading the electromagnetic emanations of the peripheral device. The experiments focused on wired keyboards attached to a computer either by PS/2 or USB connections.

In two videos, Vuagnoux demonstrates the attacks.

In the first video, he shows how only the … Read more

Report: As stock market drops malware rises

Here's more evidence of a connection between the economic crisis and cybercrime. PandaLabs reported on Wednesday about a direct correlation between the recent stock market declines and increases in targeted cyberattacks.

For instance, while the U.S. stock market saw declines between September 1 and October 9, the volume of malware threats grew, doubling to more than 24,000 per day between September 8 and September 10 alone and to more than 30,000 per day on September 16.

The recent malware spikes could be due to the fact that cybercriminals now have fewer possible targets with the consolidation … Read more

Study: Malware risks are growing exponentially

A new report from security services provider ScanSafe finds that companies are at increasing risk of having employees inadvertently download backdoors and password stealers onto corporate computers from Web sites that have malicious software hidden on them.

A company in ScanSafe's focus group faced a nearly 500 percent greater risk of exposure to those threats in September than was faced in January of this year, according to ScanSafe's Global Threat Report released on Tuesday.

Companies in the energy sector are at greater risk from Web-based malware than other industries, the report concludes. The energy sector, worldwide, faces a … Read more

Webroot launches consumer security suite

Webroot, the maker of SpySweeper, on Tuesday announced a new security suite for Windows XP and Vista. The product, Webroot Internet Security Essentials (WISE), provides antivirus, antispyware, a personal firewall, along with a few utilities. It includes up to 2GB of online file storage for backup. It does not include Parental Controls.

The product includes Webroot's own Spysweeper and Windows Washer products. Antivirus support comes from a licensing agreement with Sophos. For the personal firewall, Webroot uses a custom version of PWI's PrivateFirewall product. And for online backup, Webroot has partnered with SOS Online Backup.

Priced at $59.… Read more

Microcosm of a massive security problem

A few weeks ago, I gave a presentation to a number of companies about the future of endpoint security. During this presentation, I had the opportunity to ask these folks a number of questions about their IT infrastructure and their plans for it.

There were only about 20 organizations represented, so this was far from a statistically significant research project. Nevertheless, there were some interesting trends:

1. Only one of the organizations was upgrading its endpoint to Vista. It turns out that the one company is a Microsoft business partner so it has to do so. Others said they have … Read more