Security & Privacy

Want to download a Brad Pitt screen saver? What about images of Beyonce? If you're using a site you're not familiar with, you may want to reconsider.

According to McAfee's new "riskiest celebrities in cyberspace" list, when searching for "Brad Pitt," "Brad Pitt downloads," or Brad Pitt wallpaper, screen savers, and pictures, Internet users experience an 18 percent chance of stumbling upon sites containing malicious code. This includes drive-by malware that can infect your PC without asking you to download anything. Such social engineering, once reserved for e-mail, is now being … Read more

Historically, Microsoft was bashed for security holes in its software that led to worm outbreaks on desktops and servers around the globe and other problems. In 2002, the company saw the light and launched its Trustworthy Computing initiative, elevating security to the top priority, and began designing and building products with security in mind.

Six years later, the company's conversion seems to have worked with vulnerabilities dropping by about half from Windows XP to Windows Vista by 90 percent between SQL Server 2000 and SQL Server 2005.

But the environment has changed--Web applications have eclipsed desktop applications as people … Read more

With the release of Mac OS X 10.5.5 on Monday, the Cupertino, Calif., computer company provided patches for almost three dozen software flaws. Some of the fixes are specific to Apple features, such as image processing and Finder. Other fixes are updates to various open-source projects including Bind, ClamAV, OpenSSH, and Ruby.

Version 10.5.5 can be obtained from the Apple Software Downloads page.

ATS This patch affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.4, and Mac OS X Server v10.5 through v10.5.4. The update addresses the issue in CVE-2008-2305 in which viewing a document containing a maliciously crafted font may lead to arbitrary code execution. Apple credits Chris Ries of Carnegie Mellon University Computing Services for reporting this vulnerability.

BIND This patch affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.4, and Mac OS X Server v10.5 through v10.5.4. The update upgrades users to BIND version 9.4.2-P2, which addresses performance issues associated with BIND version 9.4.2-P1.

ClamAV This patch affects users of Mac OS X Server v10.4.11 and Mac OS X Server v10.5 through v10.5.4. The update addresses the vulnerabilities detailed within CVE-2008-1100, CVE-2008-1387, CVE-2008-0314, CVE-2008-1833, CVE-2008-1835, CVE-2008-1836, CVE-2008-1837, CVE-2008-2713, and CVE-2008-3215 by updating Mac OS users to ClamAV version 0.93.3.

Directory Services This patch affects users of Mac OS X v10.5 through v10.5.4 and Mac OS X Server v10.5 through v10.5.4. The update addresses the vulnerability detailed in CVE-2008-2329, in which a person with access to the log-in screen may be able to list user names. Apple says an information disclosure issue exists in Log-in Window when it is configured to authenticate users with Active Directory. "By supplying wildcard characters in the user name field, a list of user names from Active Directory may be displayed."

Directory Services II This patch affects users of Mac OS X Server v10.4.11, Mac OS X Server v10.5 through v10.5.4. The update addresses the insecure file operation vulnerability within CVE-2008-2330, in which a local user may obtain the server password if an OpenLDAP system administrator runs slapconfig. … Read more

Updated at 2:25 p.m. PDT with "BusinessWeek" comment.

Hackers have broken into BusinessWeek's online site and set up an attack scenario in which visitors to a section of the site could have their own computers compromised and their data stolen, a security researcher said on Monday.

It's unclear how long the site has been compromised and there is no evidence that BusinessWeek.com readers have been affected, but also no evidence that they haven't, said Graham Cluley, senior technology consultant at Sophos.

The hackers used an increasingly common form of attack called SQL … Read more

After booting applications from Facebook this summer for violating user privacy, the social-networking company is gearing up to vet apps for trustworthiness as part of a voluntary validation program.

The validation badge will give Facebook members a gauge to use in deciding whether to add a particular app or not. Experts praise Facebook's effort, but say apps posing security risks will still be around despite that, partly because of the popularity of the network.

Facebook gives a tremendous level of access to its APIs, which has enabled developers to create more than 24,000 apps for the platform since … Read more

Apple on Friday issued an update for iTunes 8 that specifically addresses problems experienced by Windows Vista users, and issued general recommendations for Windows XP and Vista users experiencing sync issues with iPhone and iPod touch devices.

Since its release earlier in the week, iTunes 8 has bedeviled some Windows Vista users with the so-called blue screen of death, or BSOD, and other issues. Speculation has focused on an incompatibility with USB devices, such as Webcams and printers.

In a support post, Apple recommends that Windows Vista users experiencing difficulty should uninstall iTunes 8 and, after rebooting the computer, reinstall … Read more

Hackers broke into a computer system at CERN's Large Hadron Collider, targeting a system that was "one step away" from a control computer, but otherwise appear to have done no major damage, according to a report on Friday in the British newspaper The Telegraph.

The system that was breached monitors the Compact Muon Solenoid Experiment, which will be analyzing data during subatomic particle collisions in the particle accelerator located along the French-Swiss border. Experiments, which began on Wednesday, are designed to help scientists explore particle physics theories.

During the attack on Tuesday and Wednesday, hackers left behind … Read more

One of the hackers accused of involvement in the massive data breach targeted at T.J. Maxx's parent company, arguably the largest security breach worldwide, reportedly pleaded guilty on Thursday.

Damon Patrick Toey pleaded guilty to wire fraud, credit card fraud, and aggravated identity theft, and will be released subject to electronic monitoring, according to a report on the Wall Street Journal's Web site. Eleven defendants total are facing charges in federal court in Boston.

TJX Companies, the parent company of T.J. Maxx and Marshall's, said in March 2007 that 45.7 million accounts were compromised … Read more

The FBI has charged an engineer with stealing trade secrets from Intel, his former employer, after taking a position with rival chip maker Advanced Micro Devices, The Boston Globe reported Friday.

A search of Biswahoman Pani's home in Worcester, Mass., on July 1 turned up more than 100 pages of sensitive Intel documents, including 13 "top secret" files with designs for future processor chips, the FBI charged. A criminal complaint against Pani, which was unsealed Tuesday, was filed by the FBI in late August in U.S. District Court in Boston.

Pani turned in his resignation to … Read more