Brian Prince

Twitter and the Federal Trade Commission have reached a settlement over charges that the microblogging service failed to protect user privacy in two security incidents last year. The FTC complaint centered on a January 2009 incident in which an attacker used an automated password-guessing tool to gain administrative control of Twitter and reset numerous passwords. […]

Symantec is raising the alarm about a rogue antivirus operation that appears to be taking a page from telemarketers. According to Symantec, a company called Online PC Doctors is using the phone — instead of misleading applications — to convince users their computers are infected, and then offering to remotely connect to the “infected” machine […]

Google is taking issue with a report from SMobile Systems suggesting Google Android applications are leaving users open to identity theft. In an analysis of more than 48,000 applications (PDF) currently available on the Android Market, SMobile found that 20 percent request permission to access sensitive information an attacker could use for some malicious purpose. […]

Mozilla’s Firefox security update June 22 brought more than just a bevy of patches for the Web browser. It also brought new protections against crashes caused by plug-ins. In Firefox 3.6.4 for Windows and Linux, if a plug-in crashes or freezes, the browser will continue running while portions of the Websites controlled by the plug-in […]

Quest Software is targeting the adherents of the NoSQL movement with the launch of a beta program for a new data access and management tool. The tool is called Toad for Cloud Databases, and is meant to help users unlock data stored in the cloud using either the SQL language or Toad’s visual query and […]

10 Database Security Threats Every IT Administrator Should Know by Brian Prince Default, Blank & Weak Username&47;Password • Microsoft SQL Server Blank & Default Password• Default Oracle Username and Password• IBM DB2 Default Admin Password SQL Injections • SQL Injection Vulnerability in Oracle Database “SYS.DBMS_AQIN”• SQL injection vuln in Oracle 10gR1 database using SYS.DBMS_STREAMS_AUTH• SQL […]

Just as criminals can leave fingerprints in the physical world, malware authors can leave fingerprints on their products in the digital world. Tracing those code artifacts back to attackers can lead to the minds behind the malware economy, according to HBGary CEO Greg Hoglund. In a talk at the upcoming Black Hat conference in Las […]

The Internet Corporation for Assigned Names and Numbers is joining those calling for DNSSEC as a security blanket for the Internet. In remarks June 21 during ICANN’s 38th international meeting in Brussels, ICANN CEO Rod Beckstrom contended that DNSSEC (Domain Name System Security Extensions) needs to play a key role in protecting the Web. “The […]

Trustwave has acquired web application firewall provider Breach Security. The deal, made for an undisclosed sum, will allow Trustwave to integrate Breach Security’s Web app firewall technology into its existing application security suite. Breach Security’s WebDefend application firewall appliance, features inbound and outbound inspection of Web traffic for sensitive data such as credit card information. […]

The Electronic Frontier Foundation and the Tor Project have released a beta version of a Mozilla Firefox extension that encrypts communications between Web users and some high-profile sites. The extension, dubbed “HTTPS Everywhere,” works by rewriting all requests to the sites to HTTPS. Among the sites it works with are Google, Twitter, Wikipedia and Facebook. […]