Application Security

Law enforcement officials in the U.K. and U.S. are pushing the Internet Corporation for Assigned Names and Numbers to put in place measures that would help reduce abuse of the domain name system.

Sixty percent of virtual servers are less secure than the physical servers they replace, the analyst firm Gartner said in new research Monday.

Security vendor Trusteer's latest product will allow banks to remotely investigate their customers' computers if it is suspected the PC has been hacked.

Hackers adore Adobe Reader, and have pushed it into first place as the software most often exploited in targeted attacks, a Finnish security company said today.

Hackers are exploiting the just-disclosed unpatched bug in Internet Explorer (IE) to launch drive-by attacks from malicious Web sites, security researchers said today.

Companies should take extra steps to secure their source code from the type of targeted attacks that hit Google, Adobe, Intel and others over the past few months.

Microsoft on Sunday confirmed it's investigating an unpatched bug in VBScript that hackers could exploit to plant malware on Windows XP machines running Internet Explorer (IE).

Nominet, the U.K.'s domain name registry, will begin implementing a security protocol on Monday designed to protect the DNS (Domain Name System).

Adobe Systems is working to fix a glitch in software it uses to speed up downloads of its products that could give hackers a way to push malicious programs onto a victim's PC.

Just weeks after patching a critical flaw, Adobe Systems is rushing out another patch for its Reader and Acrobat software. The company also patched a critical issue in Flash Player Thursday.

The Australian Parliament's Web site was hit by an apparent denial-of-service attack Wednesday, two days after the hacking group Anonymous threatened attacks over the government's plan to filter Web content.

CA has announced its SiteMinder and SOA Security Manager products are now available for the open source JBoss middleware platform.

The Gmail accounts of foreign reporters in at least two news bureaus in Beijing have been hijacked, a journalists' group in China said Monday.

The office of India's National Security Advisor, M.K. Narayanan, and other government offices in India were targeted by hackers believed to be from China, according to a report.

The hype around cloud computing would make you think mass adoption will happen tomorrow. But recent studies by a number of sources have shown that security is the biggest barrier to cloud adoption. The reality is cloud computing is simply another step in technology evolution following the path of mainframe, client server and Web applications, all of which had -- and still have -- their own security issues.

Many organizations are embracing SOA as a way to increase application flexibility, make integration more manageable, lower development costs, and better align technology systems to business processes. The appeal of SOA is that it divides an organization's IT infrastructure into services, each of which implements a business process consumable by users and services.

With spam hampering staff productivity and increasing helpdesk calls, Sydney-based plumbing suppliers company Plumbers' Supplies Co-operative Ltd has replaced an open source e-mail security solution with an network gateway appliance.

If you're one of the 63.7 million people playing the popular Farmville game on Facebook, you've probably noticed a change in how you earn points. FarmVille's parent company, Zynga, agreed last week to remove deceiving mobile subscriptions and "scammy" offers that lure players to register for services in exchange for game currency, which helps players to advance in the game.

Security researchers are warning that Web-based applications are increasing the risk of identity theft or losing personal data more than ever before.

IPhone lovers and other smartphone users should take heed: A security researcher showed ways to spy on a BlackBerry user during a presentation Wednesday, including listening to phone conversations, stealing contact lists, reading text messages, taking and viewing photos and figuring out the handset's location via GPS.

It has been a week since hackers released software that could be used to attack a flaw in Windows Vista and Server 2008, but Microsoft and security companies say that criminals haven't done much with the attack.

Chris Hoff, one of the most respected voices on the topic of virtualization and cloud security, once told me in an interview that people should shut up about securing the cloud because, in his opinion, there's no such thing as cloud security.

CIOs and CSOs could do well to consider the monetisation cost and overall profitability of security risks when considering how to safe guard their organisations, according to the findings of a new report from IBM’s Internet Security Systems X-Force research and development team.

While Google, Amazon and Salesforce have gotten the most attention as cloud service providers, Microsoft-with its 300 products and services delivered from its data centers-has a large cloud bank all its own.

Apparently the everpresent cloud computing marketing messages aren't working quite well enough: Tech buyers still have major concerns regarding cloud-based benefits and security issues, many of which have not eased during the past year.

As fireworks boomed on the Fourth of July, thousands of compromised computers attacked U.S. government Web sites. A botnet of more than 200,000 computers, infected with a strain of 2004's MyDoom virus, attempted to deny legitimate access to sites such as those of the Federal Trade Commission and the White House. The assault was a bold reminder that botnets continue to be a massive problem.

Employers are increasingly putting the brakes on employee use of social networking sites on the job, according to a new survey. The research, released Wednesday by ScanSafe, a provider of SaaS Web security, said its data shows more employers are blocking sites such as Facebook and Twitter. The results run counter to a story published by CSO in March 2009 that cites research which found most employers do allow access to Web 2.0 in the office.

Security is not a reason to stay away from SOA. Although full SOA security maturity is yet to come, 30 percent of organizations now use SOA for external integration with customers and partners. For standard Web services using SOAP, WS-Security has achieved critical mass as a foundational standard. On the other hand, advanced SOA security - involving federation among partners, nonrepudiation, and propagation of user identities across multiple layers of service implementations - is in its early days.

There are a few highly publicised vulnerabilities at the moment which haven't completely been disclosed and which, it is claimed, could threaten the whole Internet as-we-know-it. Only, when the vulnerabilities are finally disclosed, it seems that the whole incident has been somewhat Chicken Little.

Mac antivirus maker, Intego, have published an interesting alert about a potential OS X virus that an enterprising individual is trying to sell through auction. With absolutely no technical information to go on, the antivirus maker is treating the announcement with caution.

Version 3.0 of BackTrack has been released. BackTrack is a Linux-based distribution dedicated to penetration testing or hacking (depending on how you look at it). It contains more than 300 of the world's most popular open source or freely distributable hacking tools.

A less known part of the recent ARP attack against H D Moore's MetaSploit site was an attempted Denial of Service attack that coincided with the successful ARP attack.

Microsoft SQL server hasn't had a public vulnerability announcement since 2004. The SQL Slammer worm struck in 2005, but the hole the worm exploited had been patched six months before. The holes that MS-Blaster and Code Red worm attacked had been patched, too. But back just a few years ago, no one really cared about patching really. We just didn't patch.

In the adversarial environment of information security, new types of attacks emerge constantly. Just recently, a very highly targeted phishing attack against CEOs used the pretext of a federal grand jury subpoena to lure executives to a site hosting malware. Let's face it: Most of the innovation in this industry is on the other side, the "dark" side. We are unfortunately forced to keep reacting to new ingenious attacks every few years.

Microsoft's US general manager/chief security advisor for its National Security Team thinks like a true security professional: In every bit of good news, Bret Arsenault wonders what bad news could be lurking behind it.

Code writers now occupy the front line in the battleground of software security as the defense shifts from perimeter protection to prevention function that's built in during the application development phase.