Brian Prince

That credit card number swiped in a data breach may go for as little as 85 cents in the cyber-underground, according to Symantec’s latest Global Internet Security Report. The massive, 97-page document details the company’s review of the threat landscape in 2009. While there was a significant drop in documented vulnerabilities–from 5,491 in 2008 to […]

Microsoft is planning an update to the cross-site scripting filter in Internet Explorer 8 to address an attack scenario revealed at the Black Hat Europe security conference. At the conference, security researchers David Lindsay and Eduardo Vela Nava revealed details of how the filter detects attacks, as well as its strengths and weaknesses. The weakness […]

New details have leaked out regarding the cyber-attack on Google in December. According to a report in The New York Times, the attack hit Google’s password system, code-named Gaia. The program is still used under the name Single Sign-On and allows users to sign in only once with their password to operate e-mail and business […]

A new report from the Ponemon Institute shows many organizations are struggling to manage access control as they cope with leaner budgets. The report, sponsored by Aveksa, drew on a survey of 728 IT pros at multinational corporations and government organizations. Among its key findings was that 87 percent of respondents believe individuals have too […]

10 Most Dangerous Web App Security Risks by Brian Prince Injection Flaws Injection flaws allow attackers to relay malicious code through Web apps to another system, such as backend databases or the operating system. To remedy this, organizations can use commercial WAFs (Web application firewalls), which can include negative security signatures to identify attack payloads, […]

Adobe Systems has not made a decision whether to change its approach to the launch action feature in Adobe Reader now being abused in a malware attack. A spokesperson for Adobe told eWEEK Friday the company is still evaluating if it will do anything to address a design issue that is being roped into an […]

Researchers at Intego have discovered a new variant of the Mac malware HellRTS circulating on a hacker forum. HellRTS.D a new iteration of Mac OS X malware first spotted in 2004, and opens a backdoor that enables remote users to take control of infected computers. So far, the company has not found any computers infected […]

A Pennsylvania school district accused of spying on students with Webcams on school-issued laptops has conceded that a “substantial number” of photos have turned up in an investigation of the situation. The Lower Merion School District has been at the center of a legal battle over the issue since the parents of Harriton High School […]

Seven IE 9 Security Recommendations for Microsoft by Brian Prince Sandboxing Technology Microsoft could improve things in IE 9 by adopting some of the sandboxing approaches Google uses in its Chrome browser. IE 9 has “Protected Mode,” which is similar, though not designed for the same purpose, said Aaron Portnoy, TippingPoint security research team lead. […]

Lt. Gen. Keith Alexander told the Senate Armed Services Committee April 15 that he would work to protect the privacy rights of Americans-even as he noted the amount of uncharted territory in cyber-law. Currently director of the National Security Agency, Alexander has been nominated by President Obama to head the U.S. Cyber Command. The Cyber […]