security

Google finds malware on 1 in 10 Web sites

In a paper (PDF) presented at last month's HotBots 2007 conference, researchers from Google say they've found malware downloads lurking on 1 out of every 10 Web sites visited. For this study Google analyzed 4.5 million URLs. The researchers determined that 450,000 of these contained some form of malicious code. The researchers identified four methods used to infect the unsuspecting Internet surfer. One is site-based, such as compromises in Web server security, but the others involve common user activity such as downloading user-contributed content, clicking Web advertising, and installing third-party widgets.

Attacking Web servers can be … Read more

New gang war raging on the Internet

It's like something out of The Sopranos. Antivirus researchers at Moscow-based Kaspersky Labs have identified criminal gangs engaged in a turf battle online. The primary groups are responsible for the Warezov and Zhelatin worms; these worms then download Trojans that are in turn responsible for a majority of the spam and malware circulating on the Web. Basically, new spam and new phishing attacks are designed to switch your remotely controlled PC from belonging to the Warezov gang or the Zhelatin gang. The resulting botnets--collections of remotely controlled PCs--have proved profitable, luring unsuspecting Internet users to purchase porn or other … Read more

Introducing OpenSEA Alliance

Sometimes we analysts have an "all sizzle and no steak" reputation. We come up with high falootin' concepts, write reports and columns, and get quoted in the media, but we don't really "do" anything.

Former executive vice president of marketing for EMC, Bob Ano, once put it to me this way: "If I make a bet on your latest 'vision' and you turn out to be wrong, I lose my job and reputation. You simply change a few PowerPoint slides and move on."

With this as background, I am proud to say that … Read more

Department of Defense says no more YouTube or MySpace

The U.S. Department of Defense issued a memo Friday that states it intends to begin blocking network access--including that of soldiers serving overseas--to several popular "Internet entertainment sites" on Monday, according to the Associated Press. The 12 total sites to be blocked include several large social networking and media sharing sites like MySpace, YouTube, MTV, Pandora, and Photobucket.

Earlier this month, the U.S. Army cracked down on soldiers' personal blogs, citing security concerns. Operational security, according to the memo from the DoD that was cited in Monday's AP article, is also a reason behind the … Read more

Software reconstructs shredded German Stasi files

Think shredding paper is a good way to hide printed information? Think again. German officials who faced the daunting task of reconstructing thousands of bags of shredded paper containing secret files left behind by the former East German Stasi have turned to computer software for help.

According to an article on Speigel Online International, the paper was shredded in 1989 about the time of the fall of the Berlin wall when human rights activists were able to scoop up 16,250 black garbage bags of paper scraps. By 2000, the contents for no more than 323 bags had been reconstructed … Read more

Apple fixes media server flaws

Apple on Thursday released an update to the Darwin Streaming Server software to fix a pair of serious security flaws.

Darwin Streaming Server is the open source version of Apple's QuickTime Streaming Server that lets people send streaming media to computers via the Internet using standard RTP and RTSP protocols.

The vulnerabilities in the software could let a remote attacker commandeer the system running the application or cause it to crash, Apple said in a security alert. To do that, an attacker would have to send a rigged request to a server running the media streaming program, it said. … Read more

Microsoft gathers hackers in Redmond

It is "Blue Hat" time again and Microsoft has gathered an exclusive group of responsible hackers this week at its Redmond, Wash., headquarters.

It is the fifth such event on the Microsoft campus. Employees are getting a security reality check from hackers who will talk about Microsoft's product security, Web security, mobile security and hardware security, among other topics. A schedule is posted on Microsoft's Web site.

In 2005 Microsoft invited several hackers to Redmond for the first time. That get-together was such a success that Microsoft decided to host such events twice a year.

Microsoft … Read more

Microsoft plugs 19 security chinks

Microsoft's security update team issued new critical updates on Tuesday, addressing major holes that could allow an attacker full remote access if breached. The patches reinforce Microsoft Windows, including Internet Explorer 7; the Microsoft Office suite, including Word, Office, and Excel; and Exchange 2007, the software giant's e-mail system.

CNET's Robert Vamosi has details on each of the seven critical updates, and CNET News.com's Joris Evers discusses how the steady patch releases affect Microsoft's security message.

Microsoft just also issued a final fix for an unexpected flaw discovered in Windows Vista. iTunes users who … Read more

This mouse reads your eyeballs

It seems logical to bestow the computer mouse with security features, as it's already a natural gatekeeper standing perennially at the ready like a loyal sentry guarding the palace. There have been a number of models on the market, for example, that authenticate fingerprints. But an iris reader?

Maybe it's just us, but we're not in the habit of peering into the mouse--or anything else on our desktop--closely enough for our eyeballs to be identified. That's what would apparently be required to get past this picky peripheral from Qritek Japan, which Plastic Bamboo says has a … Read more