security

A cheesy, old security riddle goes like this: how do you protect your bagels? Put lox (locks) on them. Ha, ha. Ha. I can see you rolling your eyes, and I understand. Smack-you-over-the-head Brooklyn humor isn't for everyone. Yet when the nitty gets gritty, this easy-as-smoked-salmon-pie security technique must not be as obvious for mobile phone users as it should be, because although mobile attacks have been steadily rising, users have been more interested in games, ringtones, and customization apps for their PDAs than in protecting mobile data. (See the related CNET News.com article.)

Last December, I put together a little something with tips on how to secure your wireless mobile device. I've updated that below, because it never hurts to rediscover some good security "lox."… Read more

Various security companies are today reporting targeted attacks made on Fortune 1000 companies over the weekend. What's notable is that documents within each of the affected companies were stolen, encrypted, then the companies were offered a decryption key for a fee. What's odd is that the amount requested as ransom was a mere $300.

Reuters reports companies hit by the attack include Booz Allen, Unisys, Hewlett-Packard and Hughes Network Systems. Security vendors report having identified hundreds more.

The attack works like this. Malware writers target a handful of companies, somehow manage to sneak their code past the corporate … Read more

As we head into the dog days of summer, most technology announcements are lukewarm at best. Usually vendors save their juicy stuff for September and the push toward the end of the year.

With that as a back drop, one announcement last week may have been a curious exception to this rule. Cisco, EMC, and Microsoft got together with a few others and announced the Secure Information Sharing Architecture (SISA). What is SISA? The press release defines it as a "commercial off-the-shelf architecture that was created to make data easily, and securely shared among multinational environments."

Pretty vague, … Read more

Intended to be a convenience, the unique dialing feature included in the iPhone version of the Safari browser might soon become a nightmare.

SPI Labs' lead researcher Billy Hoffman says that the feature that is designed to dial any number displayed on a Web page after a user taps it is subject to various attacks, including cross-site scripting and drive-by downloads. This issue was first reported to Apple on July 6, but Hoffman believes the "unique urgency" and its potential to affect a large number of people warranted public disclosure.

Potential uses of this vulnerability cited by Hoffman … Read more

Spybot Search & Destroy has for years been a household standard in free antispyware protection. Originally winning respect for offering comprehensive malware-slashing features that competing software lacked, Spybot Search & Destroy has lost this advantage, as most reputable antivirus programs have added similar features. This First Look video takes you on a features tour, and hits upon the pros and cons that may have you standing by the sought-after program or searching for a spyware-busting alternative.

If there's one thing Power Downloader has learned while working with computers and software, it's that there will inevitably be problems. With new viruses and new strains of spyware set loose onto the Web every day, Power knows he needs to stay on top of updates and the latest definitions for his programs. But even with the best protection available, occasionally something can sneak through Power's defenses, leaving his computer unusable.

To make sure he's prepared for the worst, Power Downloader keeps a bootable CD with a variety of programs meant to troubleshoot an otherwise unusable … Read more

One more time around the block, James.

Microsoft late Thursday revised one of its critical security bulletins from Patch Tuesday, adding another item to its list of affected software.

Security bulletin MS07-036 now includes a warning that Microsoft Office 2004 for the Mac is also affected.

The update is designed to address a security flaw, which could allow attackers to overwrite the computer's memory with malicious code.

Microsoft notes that people running Office 2004 for the Mac on the Mac OS X 10.2 are at risk. It advises people to first install the Microsoft Office 2004 for Mac 11.3.5 update, … Read more

WASHINGTON--Spammers, beware: more criminal spam prosecutions--complete with stiff prison sentences and mandatory forfeiture of relevant valuables--are on the way in the coming months, a U.S. Department of Justice attorney said Thursday.

"I think the healthy dose of jail time plus lose-your-money is working," Mona Sedky Spivack, a trial attorney in the Justice Department's computer crime and intellectual property unit, said at the second day of a Federal Trade Commission spam summit here. "I hope that provides a deterrent effect to other would-be criminal spammers out there."

Justice Department and FBI representatives contacted by CNET … Read more

Sony BMG Music Entertainment is suing an antipiracy CD software company claiming that the technology provided was flawed. In November 2005, researcher Mark Russinovich discovered hidden files left behind on computers when certain Sony copy-protected CDs were played. The subsequent consumer complaints and government investigations, says Sony, cost the entertainment company millions of dollars in losses.

Now Sony BMG has filed a complaint against The Amergence Group, formerly SunnComm International, a company that produced the piracy-protection system known as MediaMax CD. According to the Associated Press, Sony BMG is seeking $12 million in damages for unfair business practices and for … Read more