Brian Prince

When news hit that a team of security researchers and cryptographers had discovered a way to create a rogue certificate authority, the oft-repeated rule of Internet security-“Trust no one”-took on new significance. However, before panic strikes, the researchers pointed out there are a number of measures that can be taken by browser vendors and CAs […]

Enterprise Security in the Year 2008 by Brian Prince McAfee Total Protection for Data The Total Protection for Data brings together encryption, data monitoring and data-loss prevention technologies for enterprises. Sophos Endpoint Security and Control 8.0 In this release, Sophos incorporated network access control technology into its endpoint security product. Trend Micro E-mail Encryption Products […]

Some cool hacks, panic in San Francisco and the shutdown of a notorious Web hosting firm-there were several interesting security stories that made headlines in 2008. Good guys and bad guys both had their hands full as the cat-and-mouse game between vendors and cyber-crooks continued. So without further ado, here are 10 of the most […]

Microsoft is denouncing a security researcher’s claim of a remote code execution flaw affecting Windows Media Player. Reports of the vulnerability surfaced last week on the SecurityTracker vulnerability notification service. According to the initial report, a bug in Windows Media Player could be exploited remotely via a specially crafted SND, MIDI or WAV file to […]

Symantec announced Dec. 18 the company won a victory in the battle against piracy when a court awarded it $12 million in damages against a distributor selling counterfeit Symantec software throughout North America. The verdict was handed down by the U.S. District Court for the Central District of California in Los Angeles. The court ruled […]

SQL injection attacks aren’t going away; in fact, they remain one of the top threats on the Web. Locking the doors to the database is a key part of enterprise security, and it’s also where database security vendor Secerno is hoping its approach will separate it from the competition. Secerno is far from being alone […]

When reports surfaced this month that a new variant of the Koobface worm was slithering its way across Facebook, it became another entry into the book of malware targeting social networking sites. Security vendors expect more of the same in 2009, with attackers adding a touch of social engineering to infect users of sites such […]

Microsoft released a patch Dec. 17 for a zero-day vulnerability affecting Internet Explorer that has been making headlines recently. The vulnerability, which affects every version from IE 5 to IE 8 Beta 2, lies in the browser’s data binding function. According to Microsoft, when data binding is enabled-which it is by default-it is possible under […]

From a business perspective, nothing shook up the security market during 2008 like Microsoft’s decision to kill Windows Live OneCare. When the company announced in November that it would phase out OneCare in June 2009, observers were quick to call Microsoft’s roughly two-year experiment in the consumer security space a failure. Microsoft, of course, sees […]

Microsoft will release a patch tomorrow, Dec. 17, for a zero-day vulnerability affecting Internet Explorer that has been under attack by hackers. The vulnerability, which affects all supported versions of IE, lies in the browser’s data binding function. According to Microsoft, when data binding is enabled-which it is by default-it is possible under certain conditions […]