Brian Prince

Apple lost a bid to have jailbreaking the iPhone declared a violation of the Digital Millennium Copyright Act. In a decision today, the U.S. Copyright Office and the Library of Congress sided with the Electronic Frontier Foundation’s contention that jailbreaking the iPhone was not prohibited by the act. The decision comes (PDF) as part of […]

Security questions posed by third-party content are nothing new for Website owners. But a look at how widespread third-party widgets, applications and advertisements are on the Web-and how that affects the security landscape-underscores how much of a challenge this is becoming for Web 2.0 organizations. According to security company Dasient, a new Web page is […]

Top Hacks, Breaches and Compromises of 2010 (So Far) AT&T Hack Exposes E-Mail Addresses In June, researchers at Goatse Security uncovered a flaw on AT&T’s Website and used it to get their hands on 114,000 e-mail addresses belonging to Apple iPad 3G owners. AT&T was not pleased, and the FBIlaunched an investigation. Thieves Hit ECMC […]

Video games can be fun, but who knew they also can be useful tools for IT forensic investigations? To Brandon Nesbit, a security consultant at Trustwave, that Nintendo Wii or Sony Playstation 3 (PS3) some use for enjoyment can be a wealth of information. At the upcoming DEFCON security conference, Nesbit plans to offer insight […]

The AutoFill feature in Apple’s Safari browser could be abused by attackers to steal user information, according to findings from a security researcher. Jeremiah Grossman, CTO of WhiteHat Security, noted that in Safari version 4 or 5, the AutoFill feature fills in information such as e-mail addresses and names by default whenever it recognizes a […]

Security researchers have found more malware exploiting an unpatched Windows vulnerability via .LNK shortcut files. According to Sophos blog July 23, two other pieces of malware have been observed targeting the bug. One is a keylogging Trojan the company is calling Chymin-A that is “designed to steal information from infected computers.” The other is Dulkis-A, […]

Siemens is distributing a tool to help customers deal with a malware threat targeting its SCADA, or supervisory control and data acquisition, software. Sysclean, developed by Trend Micro, detects Stuxnet and cleans it from infected machines. First reported by security vendor VirusBlokAda, based in Minsk, Belarus, Stuxnet targets Siemens’ Simatic WinCC and PCS 7 software, […]

The past several weeks have seen some prominent examples of just how contentious the issue of responsible disclosure can still be. With the Black Hat and DEFCON security conferences just around the corner, Microsoft wants to change the mindset surrounding discussions of vulnerability disclosures by emphasizing the concept of collaboration. Rather than use the term […]

Spammers are increasingly turning to shortened URLs to beat spam filters, and an old foe is at the center of it. According to Symantec’s July 2010 MessageLabs Intelligence Report, spam with shortened hyperlinks reached a peak of 18 percent on April 30, translating to 23.4 billion spam e-mails. An analysis of the spam campaign has […]

Mozilla pushed out a large security update Tuesday for its Firefox browser, fixing 16 flaws that left Web users susceptible to exploits. Eight of the vulnerabilities patched in Firefox 3.6.7 are rated “critical” and can be leveraged to remotely execute code. Two other bugs – a same-origin bypass using canvas context and a cross-origin data […]