A group of engineers, networking specialists, security experts and other specialists deeply involved with the Internet’s development and growth have sent a letter to lawmakers criticizing the highly controversial SOPA and PIPA bills and imploring them not to pass the legislation, which they say would stifle innovation and “threaten engineers who build Internet systems or offer services that are not readily and automatically compliant with censorship actions by the U.S. government.”
Browsing Category: SMB Security
GlobalSign, the certificate authority that the attacker who compromised Comodo and DigitNotar claimed he had infiltrated as well, said it has completed its months-long security review and found no evidence that its CA infrastructure was compromised or that any rogue certificates had been issued. The investigation did confirm that the company’s public Web server had been compromised, and GlobalSign decided to revoke its own SSL certificate and key.
A hack has the Restaurant wholesale chain Restaurant Depot in hot water, after thieves compromised the firm’s credit card processing systems and made off with customer information, including credit card numbers. One published report claims as many as 100,000 individuals may have been victims of the breach.
Be careful of what you ask for. That’s a lesson that Max Schrems of Vienna, Austria, learned the hard way when he sent a formal request to Facebook citing European law and asking for a copy of every piece of personal information that the world’s largest social network had collected on him.
Adobe on Tuesday released a patch for a vulnerability affecting versions of its ColdFusion Web application development platform. A company spokeswoman said the company still hasn’t set a date for an emergency patch for a critical and previously unknown hole in both the Adobe Reader and Adobe Acrobat applications, after promising to issue a fix this week.
In the wake of the hack of water and sewer infrastructure operated by a Texas community, the Department of Homeland Security is again warning owners and operators of critical infrastructure to take note of SCADA and industrial control systems that may be accessible from the Internet.
UPDATE: Microsoft will release 14 security patches next Tuesday, including fixes for security vulnerabilities exploited by the Duqu and BEAST malware.
A class action lawsuit filed in U.S. District Court in California against Hewlett-Packard could have wide ranging implications for software makers, should the court agree with the plaintiff’s claim that the company violated the state’s consumer protection laws by failing to disclose a serious vulnerability in the software that runs some of its printers.
The controversy over stealthy monitoring software by CarrierIQ has raised important questions about user privacy and business ethics in the Brave New World of smart phones, tablets and the like. In the uproar over CarrierIQ’s surreptitious monitoring of mobile phone users, various tools have appeared that claim to be able to detect the software. However – removing CarrierIQ from your phone is another matter entirely. And,while some sites have offered instructions on doing so, Kaspersky Lab researcher Tim Armstrong said that, for all but a few mobile phone hardware experts, doing a CarrierIQ-pendectomy is a bad idea.
You only have to glance at the headlines to know that the state of computer application security is bad. But a new report from Veracode makes clear how bad: just 16 percent of almost 10,000 applications tested in the last six months received a passing security grade on their first attempt.