Brian Prince

Ideally, application mashups are an easy way to blend data and functionality from multiple sources. Poor development practices, however, can burst that bubble, adding risk and making both the users and the applications vulnerable. As the use of enterprise mashups continues to grow, businesses may need to re-evaluate their application development practices. Web applications are […]

Last year was a banner year for cyber-crime. According to figures from the Internet Crime Complaint Center, online fraud in 2009 cost the American public $559.7 million – more than double the $265 million stolen in 2008. These figures, according to the report, are based on crimes reported to law enforcement, meaning the actual amount […]

Apple issued patches for 16 vulnerabilities in Safari, including 12 bugs that could be used to execute code on a vulnerable machine and potentially take full control. According to Apple’s advisory, nine of the 16 flaws rested in Webkit, Safari’s open-source browser engine, and all but one of those can be exploited to execute arbitrary […]

Ongoing attacks targeting a new zero-day bug in Internet Explorer and the presence of exploit code on the Web prompted Microsoft March 12 to update its advisory. According to Microsoft, the IE vulnerability in question is due to an invalid pointer reference being used within IE. It is only known to affect IE 6 and […]

The Zeus Trojan was knocked off of malware’s Mount Olympus this week when the upstream provider for six of the most notorious Zeus-hosting ISPs was taken down. The shutdown of Kazakhstani provider Troyak-AS March 9 is credited with cutting the number of active Zeus command-and-control servers from 249 to 181, a number that has fallen […]

A former Transportation Security Administration employee has been charged with trying to corrupt TSA databases. Douglas James Duchak, 46, of Colorado Springs, Colo., was indicted by a federal grand jury in Denver this week on two counts of charges of attempting to intentionally damage a protected computer. He has pleaded not guilty to the charges. […]

Twitter has announced plans to route all links through a scanner in a bid to boost security and weed out malicious activity. The move follows a partnership announced in November between URL shortening service Bit.ly and security companies VeriSign, Websense and Sophos. “By routing all links submitted to Twitter through this new service, we can […]

It is well known that attackers are abusing search engines to lead victims to malicious sites. But a study by SonicWall paints a disturbing picture of just how successful the attackers are. “In the last seven days, more than 284 top search terms have been attacked by more than 6,600 malicious URLs,” SonicWall said in […]

Microsoft issued a warning March 9 for Internet Explorer users as the company pushed out its monthly round of patches to cover security holes in Windows and Microsoft Office Excel. In an advisory, the company warned that a new vulnerability was being targeted in attacks against Internet Explorer 6 and 7. IE 8 is not […]

Apple iPad Security Considerations for the Enterprise by Brian Prince Data Encryption Encryption will be a key issue for the iPad. Encryption for the iPhone 3GS came under fire last year when a researcher showed how it could be circumvented. “Does the iPad offer devicewide encryption for all user documents? There was no mention of […]