Brian Prince

Microsoft has confirmed reports of a cross-site scripting vulnerability in SharePoint Server 2007 and SharePoint Services 3.0. According to Microsoft, the vulnerability could allow escalation of privilege (EoP) within the SharePoint site. If an attacker successfully exploits the vulnerability, the person could run commands against the SharePoint server with the privileges of the compromised user. […]

The son of a Democratic Tennessee lawmaker was convicted April 30 for hacking the e-mail account of former Alaska Gov. Sarah Palin during the 2008 presidential campaign. According to authorities, a federal jury convicted 22-year-old David Kernell, son of Rep. Mike Kernell, of obstruction of justice and unauthorized access to a computer. He was acquitted […]

Symantec announced plans to acquire encryption specialists PGP and GuardianEdge Technologies. Under the terms of the agreements, Symantec will buy PGP for $300 million and GuardianEdge for $70 million. The plans represent something of a reversal for the company, which had previously declined to buy into the encryption market even as McAfee purchased SafeBoot and […]

Researchers at CA have linked the latest iteration of the malware “bundled and distributed by Trojan downloader along with Win32/FakeAV or rogue antivirus malware.” The new version of the worm is sending out “massive” amounts of spam e-mail, including spam related to “adult dating,” celebrity news and bogus online pharmacies. “This Pecoan variant communicates to […]

Former San Francisco network engineer Terry Childs was found guilty Tuesday of locking the city out of its own network. A jury convicted Childs, 45, of one felony count of denying or disrupting computer services to an authorized user. Childs was charged in 2008 after he refused to provide passwords to the city’s FiberWAN network. […]

New research from Google is shining a light on just how prevalent rogue antivirus scams have become. According to a paper presented April 27 at the Usenix Workshop on Large-Scale Exploits and Emergent Threats, in San Jose, Calif., fake antivirus programs now account for 15 percent of all the malware Google detects on the Web. […]

When data breaches occur, strong leadership from the chief information security officer can make a difference in the damage done to your corporate budget, according to new research from the Ponemon Institute. In its latest look at data breaches the institute found that in the five countries studied (U.S., U.K., Australia, France and Germany), CISO […]

A survey of 638 IT pros suggests many organizations aren’t taking Web application security as seriously as they should be. The survey, performed by the Ponemon Institute and commissioned by Imperva and WhiteHat Security, found that 70 percent of the respondents felt their organizations do not allocate sufficient resources to secure critical Web applications. Some […]

Facebook has once again stirred up privacy concerns, this time in the political arena. Several politicians joined forces April 27 to urge Facebook to change its privacy approach to block third parties from accessing personal information with the users’ consent. Sens. Charles Schumer, Michael Bennet, Al Franken and Mark Begich announced at a news conference […]

Microsoft has rereleased a security update targeting a vulnerability on Windows 2000 Server. The company pulled support for MS10-025 last week. According to Microsoft, the Windows security bulletin failed to properly fix a remote code execution issue tied to the way Windows Media Unicast Service handles specially crafted transport information packets. “Shortly after we released […]