Brian Prince

Officials at anti-virus vendor Kaspersky Lab are adamant that no data was stolen during a hack of its U.S. support site over the weekend. According to Kaspersky Lab, on Feb. 6, a hacker exploited a flaw on the Web site to launch a SQL injection attack. After Kaspersky officials received word of the breach Feb. […]

With hackers increasingly targeting Web 2.0 sites, knowing how to develop secure Adobe Flash applications can be a difference maker when it comes to avoiding mass compromises. It is not surprising then that some are calling for developers to pay closer attention to Flash security. IBM, for example, just enhanced its AppScan tool to add […]

Security researchers Shawn Moyer and Nathan Hamiel are well-known for poking holes in myths surrounding security on social networking sites. Their presentation Feb. 7 at ShmooCon 2009 in Washington, D.C., was no exception, as the two walked through examples of attacks and social engineering on sites such as MySpace and LinkedIn. As I told Moyer […]

In response to user concerns, Microsoft has agreed to change the User Account Control feature in Windows 7 so it generates a prompt if there is an attempt to alter its settings. The decision was something of a reversal for Microsoft, which earlier indicated it did not want to force users to deal with additional […]

Sun Microsystems wants to make a push in the competitive identity and access management market with an emphasis on reducing complexity and expanding the use of single sign-on technology. IAM (identity and access management) is one of the fastest growing segments of security. Analyst firm IDC predicted by 2012 the IAM market – which includes […]

MySQL founder Monty Widenius has packed his bags. No, really this time. Widenius, who came over to Sun Microsystems when the company acquired MySQL AB last January, announced in a blog post that he has moved on. His departure is hardly a surprise; rumors that he had already left first circulated months ago, though Widenius […]

Microsoft says it has addressed a security issue affecting the User Account Control feature in the Windows 7 beta that researchers contended leaves users vulnerable. Microsoft fixed a privilege escalation issue in internal beta builds of Windows 7 that was raised by researchers, the company said. Still, Microsoft officials take issue with claims that UAC’s […]

IBM Rational has updated its AppScan tool to offer developers a helping hand in finding vulnerabilities in their Adobe Flash applications. With AppScan Standard Edition 7.8, IBM has added the ability to not only test and scan Flash apps but also SOA (service oriented architecture) applications and AJAX technology. The enhancements come as hackers continue […]

Database security vendor Sentrigo wants to help programmers, database administrators and security pros pinpoint vulnerabilities in code before hackers get their hands on them. To do this, the company has released a free fuzzing utility for Oracle databases to help identify vulnerabilities in PL/SQL code. Dubbed FuzzOr, the open-source tool is now available for download […]

It’s no secret that the Web is the No. 1 attack vector for hackers. That puts Web browsers on the front line of the war against malware, and leaves vendors to decide just how much security to embed in browsers. The latest versions of the major browsers, from Microsoft Internet Explorer 8 to Google Chrome, […]