Lisa Vaas

At least one Trojan virus writer is now using an integral part of the Windows operating system—BITS (Background Intelligent Transfer Service)—to download files to already infected systems. Windows Update uses BITS as an asynchronous download service to fetch patches, updates and other files—and, in this instance, malware. Security researcher Frank Boldewin, along with Symantecs Elia […]

Would you trust eBay to keep your name, address and taxpayer identification number safe? What about uBid.com, or what about an obscure online broker youve never heard of? The Center for Democracy and Technology is raising a red flag over the prospect after language appeared in the President Bushs budget that would require brokers of […]

A year ago at JavaOne, Fortify Software Founder and Chief Scientist Brian Chess gave a presentation titled “12 Java Technology Security Traps and How to Avoid Them.” A year later, how far have we come in addressing those inherent vulnerabilities, which include XSS (cross-site scripting), SQL injection and native methods that allow the import of […]

TJX: Its the target of the largest known customer record theft of all time, and its a case in point that encryption is not a silver bullet. This is the heart of the encryption problem, quoted from the 10-K filing The TJX Companies made to the Securities and Exchange Commission: “Despite our masking and encryption […]

Microsoft has released patches for 19 vulnerabilities, 14 of which are critical, hitting at holes in Excel, Word, Office, Exchange, Internet Explorer, cryptographic technology and the whopper of them all, the zero-day vulnerability in the DNS Servers use of RPC. Michael Sutton, a security evangelist for Atlanta-based SPI Dynamics, said the “pretty high percentage” of […]

A hard drive containing 100,000 employee records has been lost or stolen from the Transportation Security Administration, the agency announced on May 7. The TSA discovered that the hard drive was missing last week, on May 3. It contained records of people employed at the agency between January 2002 and August 2005. The records included […]

In the wake of incidents such as the TJX Companies massive data breach, reported in January, it shouldnt come as a surprise to find that 90 percent of companies plan to plug in new technology to secure electronic copies of intellectual property in the coming year. That was one finding of a report issued on […]

Microsoft is issuing a critical security bulletin for Exchange on next week’s Patch Tuesday that’s likely to leave some employees squawking and without e-mail midweek. “There hasn’t been an Exchange [patch] for awhile,” Don Leatham, director of solutions and strategy at PatchLink, said in an interview. “I think [for] a lot of the smaller or […]

JPMorgan Chase has confirmed that the papers pulled from its trash cans by Service Employees International Union representatives are legitimate bank documents. The documents, taken from the trash by the SEIU, included loan applications and other documents containing confidential information such as names, Social Security numbers, bank transactional histories and phone numbers. According to a […]

Type 0 Routing Headers: Weve long known they can be used in IPv4 to crazily bounce network packets back and forth between hops on their route, potentially causing denial of service. Why in the world, then, are we seeing them again in IPv6? “They havent learned their lesson,” said Nicolas Fischbach, senior manager of network […]