Security & Privacy

Since joining McAfee from EMC, CEO Dave DeWalt has taken the company on an industry shopping spree, grabbing security companies like Onigma, Reconnex, and SafeBoot. Recent economic turmoil hasn't dissuaded the company from continuing this trend. Monday morning, McAfee announced that it will acquire venerable Secure Computing in a transaction valued at approximately $465 million.

So what do all these acquisitions bring? Diversification. In spite of its size and brand visibility, McAfee was never a niche product company in the past--strong in endpoint security, intrusion detection/prevention, and vulnerability scanning, weak or invisible in everything else. Through acquisitions, McAfee … Read more

Clarification, Sept. 23, 4:42 a.m. PDT: This story originally omitted mention that the $465 million total includes consideration of cash held by Secure Computing.

Security specialist McAfee on Monday announced that it has a deal in place to acquire Secure Computing.

The merger offer is pegged at $5.75 per common share in cash, which McAfee says represents a total equity value of about $413 million. The deal also includes a cash offer for outstanding shares of Secure Computing preferred stock, valued at about $84 million. Those components, less cash held by Secure Computing, bring the total value … Read more

A new study found that 85 percent of malware is being distributed through Web applications, which is creating a growing threat for corporations as employees increasingly do online social networking, video watching, and personal e-mail at work.

Other findings of the survey, conducted by security firm Webroot, are:

•Web-borne malware increased more than 500 percent in 2007.

•One-quarter of companies report that data has been compromised by a Web-based threat.

•Nearly one-third say their Web security was compromised as a result of employees using computers at work to access social networks, Web-based e-mail, and video sites.

•15 percent enforce Internet … Read more

A new hole in Facebook allows members to see the fan pages of people on the networking site who they aren't friends with, an outside researcher revealed on Friday.

In verifying the hole, CNET News--signing onto the site as someone who is not a designated "friend" of Facebook founder Mark Zuckerberg--was still able to see that he is a fan of Barack Obama, the Dalai Lama, Green Day, Nirvana, Central Park, the Monterey Bay Aquarium, and Apple Students.

All a would-be spy has to do is go to anyone's profile page, click on the "Info&… Read more

There are mixed reports on Friday whether or not the son of a Tennessee state representative has been contacted by the FBI or Secret Service in connection with Sarah Palin's hacked Yahoo Mail account.

The father, Democratic Rep. Mike Kernell has told Knoxville News Sentinel and The Tennessean that despite a lot of online chatter, no formal contact has been made.

The person who gained access to Palin's e-mail account did so by guessing details of her life, then changed the e-mail password to "popcorn."

Using the online nickname Rubico, someone posted details of the hack … Read more

Details describing how someone hacked into Sarah Palin's Yahoo Mail account emerged on Thursday, and it appears to have been done with little more than social engineering, the process of acquiring personal information through social manipulation.

Meanwhile, the Knoxville News Sentinel is reporting that a 20-year-old University of Tennessee student has been contacted in connection to the federal investigation of the break-in. Further details are not known.

Since Tuesday, anonymous posters using a forum on the 4Chan.org Web site have been circulating password-protected zip files containing the contents of the now-deleted e-mail account once belonging to the Republican … Read more

A serious new flaw was disclosed on Thursday that affects the latest versions of Apple's QuickTime and iTunes applications.

The National Vulnerability Database entry CVE-2008-4116 describes a heap-based buffer overflow vulnerability within Apple's QuickTime 7.5.5 and iTunes 8.0 programs.

To infect a computer, a maliciously coded long-type attribute within a QuickTime tag might be placed on a Web page, or within a .mp4 or .mov file. This could allow remote attackers to crash the applications (known as a denial of service) or possibly execute arbitrary code on a compromised computer.

The announcement comes one week … Read more

Security firm Sophos warned on Thursday that e-mails being circulated on the Web that purport to offer a free iPhone game instead are carrying a Trojan horse that can take control of infected Windows machines.

The e-mails have subject lines like "Virtual iPhone games!" and "Apple: The most popular game!" The attachment is called "Penguin.Panic.zip," which refers to the iPhone game of the same name.

The Trojan has been identified as Troj/Agent-HNY, Sophos said.

Sophos has not yet seen versions that run on Mac OS X, the Apple iPhone, or other … Read more

There has historically been a clash between security researchers who find security flaws in software products and the companies that make those products.

But two recent examples of cooperation between researchers and vendors show hope for future truces.

Leading by example was Dan Kaminsky, director of penetration testing for IOActive, who warned security software vendors about a fatal flaw in the DNS (Domain Name System) months before going public so vendors could release patches.

"What he and others he took into his confidence did over the last few months was not only responsible but extraordinary," my colleague Robert … Read more