| HOME > RSS Feeds > Security | ||
| Add To: | 
|
 |
Microsoft confirms the existence of proof-of-concept attack code for a flaw affecting Internet Explorer 6 and 7.
Check Point Acquires FaceTime Database for Application Controls
Check Point Software Technologies acquires FaceTime Communications' application classification and signature database. The technology will appear in a new software blade sometime in 2010.
Symantec Spots Worm Targeting Jailbroken Apple iPhones
Updated: Symantec uncovers a new worm targeting jailbroken iPhones. Unlike the Ikee worm that appeared earlier in November, this worm can be used to steal data.
Older Microsoft Internet Explorer Vulnerable to Security Flaw
Researchers at Symantec say exploit code for a zero-day security vulnerability has been uncovered in Internet Explorer 6 and 7.
A Security Wish List for Microsoft Internet Explorer 9
Microsoft unveiled some details about Internet Explorer 9 this week at the Professional Developers Conference in Los Angeles. But what does Microsoft have in store for IE users from a security perspective?
Three Charged in Comcast Cyber-Attack
Three men were charged by federal indictment Nov. 19 in connection with attacking Comcast.net and redirecting traffic to sites under their control. The group altered Comcast's DNS records and is estimated to have cost the company more than $128,000.
Microsoft Uncovers Vulnerability in Google Chrome Plug-in for IE
Microsoft uncovers a vulnerability in a controversial Google plug-in for Internet Explorer that could be exploited to bypass cross-origin protections. Google patched the issue this week in an update.
Google Chrome OS Security Model Breaks the Traditional Mold
With Chrome OS, Google says it has abandoned the traditional operating system security model and put its focus on using process isolation, verified boot, encryption and system hardening to protect users.
Up Close and Technical look at SocialPet
SocialPet, a new product from Jetmetric, lets administrators send fake phishing e-mails to selected employees to determine which ones know enough to ignore the messages and which don’t - posing a threat to company security.
10 Lessons Google Must Learn About OS Security
News Analysis: Google is new to the operating system market, so it has to demonstrate that it understands how to build and maintain a secure Web OS. The history of Windows security has shown there are many avenues of attack against a desktop operating system. There are even more potential attack strategies for an online OS. But whether Google has learned the many hard lessons of Web security is very much in doubt at this point.
T-Mobile Confirms U.K. Data Breach
T-Mobile confirmed that an employee at its U.K. subsidiary passed customer data to third-party brokers, potentially leading to a criminal prosecution. Despite the potential damage to customers’ lives, such a data breach is most likely punishable with a fine as opposed to jail time in the U.K. T-Mobile has been dealing with public-relations issues on both ends of the Atlantic, including an incident in which a massive server failure led to Sidekick smartphone users in the U.S. temporarily losing their personal data.
Firefox 3.6 Beta Blocks Third-Party Add-ons from Components Directory
Mozilla updates its Firefox 3.6 beta to block add-ons from adding code to Firefox's components directory. The move is meant to reduce crashes and will keep vendors from silently installing Firefox add-ons without permission from the user, Mozilla says.
U.K. Police Arrest Two Tied to Zeus Trojan
Police in the U.K. arrested two people tied to the Zeus Trojan, a notorious piece of malware used to steal banking information and another personal data such as passwords for sites like Facebook.
Cyber-war Could Threaten Security of Critical Infrastructure
In a new report released by McAfee, several noted security experts discuss the improving cyber-warfare capabilities of the world's superpowers and the risks facing critical infrastructures.
The Pirate Bay Cuts BitTorrent Tracker
The Pirate Bay shuts down its BitTorrent tracker, opting instead for a more decentralized approach.
Metasploit Project Releases Update to Security Testing Framework
A new version of Metasploit is out just weeks after the testing framework was acquired by Rapid7.
eWeek Newsbreak Nov 16 2009
Microsoft released a security advisory to help users mitigate a bug affecting Windows 7 and Windows Server 2008 Release 2. The bug lies within the SMB protocol and affects SMB versions 1 and 2. SMB is the file sharing protocol used by default on Windows-based computers. NetSuite and InsideView recently paired up to release an application that ports social networking functionality to both CRM and Enterprise Resource Planning. By doing so, the companies join others that have recently been attempting to leverage social networking within a business-process context. Dell Children's Medical Center of Central Texas is the first healthcare facility in the world to achieve a LEED Platinum Certification by the USGBC. This hospital was rated in six key categories, Sustainable Site development, Water Efficiency, Energy Atmosphere, Materials and Resources, Indoor Air Quality, and Innovation Design. Earlier this year Samsung Electronics announced the launch of Samsung Blue Earth, an environmentally friendly mobile phone with a full touch screen. The phone was first showcased at the Mobile World Congress 2009 in Barcelona and now we’re showing it to you. According to Samsung, Blue Earth is the first solar powered full-touch screen phone.
Researcher Hacks Twittter Using SSL Vulnerability
A security researcher demonstrates how an SSL renegotiation vulnerability made public earlier in November could be exploited to steal Twitter log-in credentials.
Microsoft Issues Advisory on Windows 7 Security Bug
Microsoft releases an advisory to help users concerned about a new zero-day vulnerability affecting Windows 7 and Windows Server 2008 R2. The bug was made public last week after Patch Tuesday.
DNS Security Makes Strides, but Challenges Remain
An annual survey from Infoblox and The Measurement Factory found that many external name servers are still open to recursion, a fact that leaves them vulnerable to being used to launch DDoS attacks. However, the survey also shows a growing interest in DNSSEC.