Saturday | 4 July, 2009
CSO

Application Security

News
  • +

    Facebook simplifies privacy settings, calls them too complex 02/07/2009 05:48:00

    The social-networking site is also getting ready to let members share content with anyone on the Internet
    Facebook will simplify the way in which it offers privacy options to its users, as it gets ready to give its members for the first time the option to make the content they post on their profiles available to anyone on the Internet.
  • +

    Internet cafe company offers $US7.8 million for The Pirate Bay 30/06/2009 22:40:00

    Users cry foul, and label founders as sell-outs
    The owners of The Pirate Bay have agreed to sell the site to a Swedish Internet cafe operator for 60 million Swedish kronor (US$7.8 million), the company said on Tuesday.Global Gaming Factory X (GGF) said it wants to find ways to pay content providers and copyright holders when their content is downloaded via The Pirate Bay, which tracks who is sharing files over the BitTorrent peer-to-peer service.
  • +

    Blind phone hacker gets 11-year sentence 30/06/2009 08:24:00

    Known as 'Little Hacker,' he'd use the 911 system to send SWAT teams to victims' houses
    A blind Boston-area teenager was sentenced to more than 11 years in prison Friday for hacking into the telephone network and harassing the Verizon investigator who was building a case against him.
  • +

    Michael Jackson death spurs spam, viruses 27/06/2009 09:20:00

    Michael Jackson spam and malware appeared minutes after news of his death
    Less than 24 hours after Michael Jackson's death, fraudsters are exploiting public interest with their attempts to spread spam and malware. Security researchers say they've observed hundreds of cases of malicious messages masquerading as information about Jackson's death. Some of them, they say, popped up within minutes of the news.
  • +

    iPhone 3GS is jailbreakable. Does it matter? 27/06/2009 03:10:00

    The new phone is susceptible to the same jailbreak and unlock techniques used on earlier iPhone models.
    The hack masters at the iPhone Dev Team earlier today announced the iPhone 3GS is officially jailbreakable. The news comes less than a week after Apple released the latest iteration of its wonder gadget featuring new toys like video capability and a digital compass. The Dev Team said that while the iPhone 3GS jailbreak poses some extra technical difficulties, the new phone is susceptible to the same jailbreak and unlock techniques used on earlier iPhone models.
  • +

    Post-acquisition, MessageLabs harmonizes with Symantec 25/06/2009 04:21:00

    Symantec is tapping MessageLabs' expertise in software as a service to develop more hosted products
    Symantec has taken a relatively hands-off approach with its integration of hosted messaging provider MessageLabs since its acquisition of the company in November 2008, according to MessageLabs' former CEO.
  • +

    EC proposes creation of centralized security data agency 25/06/2009 04:04:00

    Passport, visa and fingerprint data are to be housed under one roof for starters
    The European Commission took a big step toward creating an enhanced pan-European system of security and surveillance Wednesday when it launched a proposal to set up a new independent agency to manage massive IT systems used by border control authorities.
  • +

    Dutch antipiracy organization takes aim at Pirate Bay 25/06/2009 04:34:00

    The Pirate Bay founders were summoned using Facebook and Twitter
    The Pirate Bay is the target of yet another legal case -- the Dutch antipiracy organization BREIN wants to close the file-sharing site in the Netherlands, and wants to see its founders appear in the Amsterdam district court on July 21, it said Tuesday.
  • +

    Antivirus testing outfit: Windows Security Essentials makes the grade 25/06/2009 08:04:00

    Rivals ding Microsoft's free antivirus software, but AV-Test.org says it's 'very good'
    Microsoft's free security software passed a preliminary antivirus exam with flying colors, an independent testing company said today.
  • +

    Adobe issues update for Shockwave Player 25/06/2009 06:16:00

    The patch fixes a vulnerability that is remotely exploitable
    Adobe Systems has released a patch for its Shockwave Player to fix a critical vulnerability, the company wrote on its security blog on Tuesday.
  • +

    Fraudsters try to scam security expert on eBay 23/06/2009 03:23:00

    The first buyer of his laptop used a hacked account, the second tried to trick him into sending it without payment
    When security expert Bruce Schneier tried to sell a used laptop on eBay, he thought it would be easy. Instead, a sale was aborted twice -- first by a scammer using a hacked eBay account and then by a buyer who tried to trick Schneier into sending her the laptop after she cancelled payment.
  • +

    Microsoft update removes rogue antivirus program 10/06/2009 04:12:00

    Internet Antivirus Pro has been a growing problem since April
    Microsoft has taken aim at a rogue antivirus program called Internet Antivirus Pro.
  • +

    Poll: Companies still worried about open-source security 09/06/2009 09:37:00

    But security concerns about SaaS are diminishing, according to a new Forrester study
    Businesses in North America and Europe remain broadly worried about the security of open-source software, according to new data from Forrester Research.
  • +

    'Google-like' tool aids network security 04/06/2009 04:27:00

    A Massachusetts startup's new tool turns network sessions into searchable XML documents
    Network administrators and security specialists have long had tools and software for analyzing the streams of traffic that course through company systems, but now a Marlborough, Massachusetts, startup wants to make the process a lot easier.
  • +

    Thousands of Web sites stung by mass hacking attack 03/06/2009 03:08:00

    Attack methods are similar to those used by the Russian Business Network, a disbanded cybercriminal gang
    Up to 40,000 Web sites have been hacked to redirect unwitting victims to another Web site that tries to infect PCs with malicious software, according to security vendor Websense.
Features
  • +

    New scam email uses Australian Federal Police to gain victims' trust 03/07/2009 10:49:00

    Fake offers of free AFP monitoring service to stop "cybernetic attacks"
    Cyber criminals have changed tack in their ongoing scam campaign against banks, moving to the use of government agencies to gain the trust of unsuspecting email recipients.
  • +

    DR a growing concern for A/NZ CIOs: Symantec 02/07/2009 09:16:00

    Mission critical apps and cost of down-time major drivers
    CIOs in Australia and New Zealand are increasingly getting involved in the disaster recovery planning of their organisations, according to a new survey from Symantec.
  • +

    Seven deadly sins of social networking security 01/07/2009 03:05:00

    To users of LinkedIn, Facebook, Myspace, Twitter or all of the above: Are you guilty of one of these security oversights?
    Admit it: You are currently addicted to social networking. Your drug of choice might be Facebook or Twitter, or maybe Myspace or LinkedIn. Some of you are using all of the above, and using them hard, even IT security practitioners who know better.
  • +

    System security: how to improve your defenses against attack 30/06/2009 04:29:00

    A former US Air Force CIO highlights practical ways to improve system and network security
    Gaining attention for advocating a practical shift in how IT leaders think about security, the Consensus Audit Guidelines offer 20 controls to measure and monitor IT-system and network security. Though worries about increased cost often accompany any notion of improving security, John Gilligan, a consultant who developed the guidelines, says he implemented a subset of the controls when he was the Air Force CIO (from 2001 to 2005) and saved money on IT and risk management.
  • +

    Pirate Party finds France fertile territory 27/06/2009 01:26:00

    Third copy of the hit party takes to the Internet
    Sweden's Pirate Party won 7.13 percent of the vote in elections earlier this month. Its campaign for the respect of privacy, the reform of copyright law and the abolition of the patent system earned it a seat in the European Parliament, and it may yet gain another seat there, if planned changes to the number of seats attributed to each country win approval.
  • +

    China remains spam haven due to 'bulletproof' hosting 27/06/2009 03:07:00

    Chinese hosting companies and registrars sometimes ignore complaints, which perpetuates fraud and spam
    An overwhelming majority of Web sites promoted through spam are hosted in China at service providers that many times choose to ignore complaints and allow illegal activity, according to research from the University of Alabama.
  • +

    Top 10 reasons the firewall guy's hair is on fire 26/06/2009 23:58:00

    The firewall is a mature technology, right? Then why do those who manage it feel like they're running a daycare overrun with little savages?
    Firewalls are a mature technology, right? Most companies have at least one, if not several. And since an established knowledge base exists to tap for issues and PCI DSS 1.1 and 1.2 are pretty clear cut, firewall management shouldn't be much of an issue, right? No one is going to suffer the brunt of managing the significant infrastructure change these regulations are bound to bring more than the security operations team, correct?
  • +

    Online banking device reads information from a screen 26/06/2009 02:07:00

    Card reader could relieve some of the frustration in completing online banking transactions in Germany, Gemalto says
    As German banks layer more security into their online banking procedures, security vendor Gemalto has launched a device it says makes completing transactions easier.
  • +

    Reporters find Northrop Grumman data in Ghana market 25/06/2009 06:42:00

    Data included contracts with TSA, NASA and Defense Intelligence Agency
    A team of journalists investigating the global electronic waste business has unearthed a security problem too. In a Ghana market, they bought a computer hard drive containing sensitive documents belonging to U.S. government contractor Northrop Grumman.
  • +

    Phoenix Freeze auto-locks laptops via smartphone 25/06/2009 00:17:00

    A new product from Phoenix Technologies, called Freeze, lets you use BlackBerry or iPhone Bluetooth to tell a PC that you're leaving the area and want it to lock up. When you return, Phoenix Freeze can also automatically unlock the machine so it's ready for you. However, it only works on Windows PCs, doesn't support 64-bit platforms, disables all other Bluetooth peripherals and seems to be a bit buggy for an official release. Phoenix Freeze for BlackBerry and iPhone
  • +

    Experts only: time to ditch the antivirus? 25/06/2009 06:50:00

    It's definitely not the right move for the average computer user, but some security experts claim they have found better security by disabling the AV and relying on other controls and behaviors.
    To the average IT security practitioner, the idea of disabling antivirus on new machines might seem blasphemous. After all, weren't we all told in IT Security 101 that everyone needs AV to keep the malware and data thieves at bay?
  • +

    Merchants struggle to comply with PCI security in economy 25/06/2009 23:58:00

    With the recession drying up compliance budgets, merchants send PCI Security Standards Council General Manager Bob Russo a letter asking for help (includes audio).
    The heads of seven business organizations sent PCI Security Standards Council General Manager Bob Russo a cry for help earlier this month, saying the recession is making it "increasingly difficult" for merchants to meet the requirements of the Payment Card Industry's Data Security Standard (PCI DSS).
  • +

    Bing filters out sensitive results for Chinese searches 25/06/2009 20:30:00

    Some politically charged content cannot be found using simplified Chinese script
    Microsoft's Bing search engine filters out some sensitive results from searches made in simplified Chinese, the script used to write the language in China, searches revealed Thursday.
  • +

    High profile Twitter hack spreads porn Trojan 24/06/2009 10:34:00

    Malware posted to Guy Kawasaki's Twitter page attacks the Mac and the PC
    Former Apple Macintosh evangelist Guy Kawasaki posts Twitter messages about a lot of different things, but the message he put up on Tuesday afternoon was really out of character.
  • +

    Cloudmark security suite addresses growing SMS spam 24/06/2009 01:51:00

    The software can be used to block spam via SMS and MMS and filter out malicious content
    As mobile users are more frequently pestered by SMS spam, one security vendor is applying its experience in stopping e-mail spam for mobile networks.
Case Studies
  • +

    Uni fortifies Western Front with IDS 22/02/2008 20:11:00

    Nurtured NAC keeps malware out
    The University of Western Sydney (UWS) has today gone live with a managed Intrusion Detection System (IDS) for its 5000 users.
Interviews
  • +

    Bogus security promises and how to detect them 14/03/2008 10:13:00

    Data leakage, smartphone malware, hotspot threats are discussed by security analyst Nick Selby
    What is true enterprise security and how do you get it? Bogus promises by vendors are all too common. In this interview, outspoken security analyst Nick Selby humorously tackles the truth about data leakage products, smartphone protection, hotspot threats and the word "solution." Nick Selby leads The 451 Group's Enterprise Security Practice. Selby also serves as The 451 Group's Director of Research Operations and is on the faculty of the Institute for Applied Network Security.
Opinions
  • +

    The Myth of Cloud Computing 04/12/2008 08:25:00

    Why the rapid spread of virtual technology is becoming a security risk
    Why the rapid spread of virtual technology is becoming a security risk.
  • +

    Cutting Through the Spin of Recent Vulnerability Disclosures 13/10/2008 11:53:00

    The FUD surrounding the ClickJacking and TCP/IP vulnerabilities has the world seemingly frozen in fear. But once you cut through the spin, the vulnerabilities aren't all that they were made out to be.
    There are a few highly publicised vulnerabilities at the moment which haven't completely been disclosed and which, it is claimed, could threaten the whole Internet as-we-know-it. Only, when the vulnerabilities are finally disclosed, it seems that the whole incident has been somewhat Chicken Little.
  • +

    Are we about to witness a real OS X virus? 24/07/2008 14:27:59

    Intego might have stumbled across an OS X specific virus being offered for auction that targets a previously unknown ZIP archive vulnerability.
    Mac antivirus maker, Intego, have published an interesting alert about a potential OS X virus that an enterprising individual is trying to sell through auction. With absolutely no technical information to go on, the antivirus maker is treating the announcement with caution.
  • +

    Hacking tools: A new version of BackTrack helps ethical hackers 30/06/2008 10:57:21

    BackTrack is the quickest way to get access to hundreds of (legal) hacking tools
    Version 3.0 of BackTrack has been released. BackTrack is a Linux-based distribution dedicated to penetration testing or hacking (depending on how you look at it). It contains more than 300 of the world's most popular open source or freely distributable hacking tools.
  • +

    A resurgent Denial of Service threat emerges 11/06/2008 19:12:24

    Something new might be emerging from the underground.
    A less known part of the recent ARP attack against H D Moore's MetaSploit site was an attempted Denial of Service attack that coincided with the successful ARP attack.
  • +

    Zero-second exploits 06/05/2008 12:04:48

    The number of days between a vendor patch being released and the malware exploit being announced has shrunk
    Microsoft SQL server hasn't had a public vulnerability announcement since 2004. The SQL Slammer worm struck in 2005, but the hole the worm exploited had been patched six months before. The holes that MS-Blaster and Code Red worm attacked had been patched, too. But back just a few years ago, no one really cared about patching really. We just didn't patch.
  • +

    Attackers are thinking outside the box 17/04/2008 11:19:36

    How to predict what the next attack will look like
    In the adversarial environment of information security, new types of attacks emerge constantly. Just recently, a very highly targeted phishing attack against CEOs used the pretext of a federal grand jury subpoena to lure executives to a site hosting malware. Let's face it: Most of the innovation in this industry is on the other side, the "dark" side. We are unfortunately forced to keep reacting to new ingenious attacks every few years.
  • +

    What spooks Microsoft's chief security advisor 27/03/2008 11:12:24

    Application exploits, virtualization security are big concerns
    Microsoft's US general manager/chief security advisor for its National Security Team thinks like a true security professional: In every bit of good news, Bret Arsenault wonders what bad news could be lurking behind it.
  • +

    Code name: Secure software 13/03/2006 14:34:47

    Code writers now occupy the front line in the battleground of software security as the defense shifts from perimeter protection to prevention function that's built in during the application development phase.
Additional Resources
Newsletter Subscription
Sign up for our CSO Online newsletters!
RSS Feeds
 
Get a job Careerone
Whitepaper


Read Whitepaper

Reducing the risk of insider abuse

The potential for insider abuse can never be eliminated completely, but the steps outlined in this white paper can reduce the potential for such abuse. Read on to ensure no one person can alter your operations to their personal advantage or to the detriment of your organisation.

Sponsored Links