UPDATE: Microsoft will release 14 security patches next Tuesday, including fixes for security vulnerabilities exploited by the Duqu and BEAST malware.
Browsing Category: SMB Security
A class action lawsuit filed in U.S. District Court in California against Hewlett-Packard could have wide ranging implications for software makers, should the court agree with the plaintiff’s claim that the company violated the state’s consumer protection laws by failing to disclose a serious vulnerability in the software that runs some of its printers.
The controversy over stealthy monitoring software by CarrierIQ has raised important questions about user privacy and business ethics in the Brave New World of smart phones, tablets and the like. In the uproar over CarrierIQ’s surreptitious monitoring of mobile phone users, various tools have appeared that claim to be able to detect the software. However – removing CarrierIQ from your phone is another matter entirely. And,while some sites have offered instructions on doing so, Kaspersky Lab researcher Tim Armstrong said that, for all but a few mobile phone hardware experts, doing a CarrierIQ-pendectomy is a bad idea.
You only have to glance at the headlines to know that the state of computer application security is bad. But a new report from Veracode makes clear how bad: just 16 percent of almost 10,000 applications tested in the last six months received a passing security grade on their first attempt.
Facebook has fixed a critical flaw in a user feedback feature that allowed any user to access private photos posted in other users accounts. Before it was fixed, the flaw was used to hack the account of Facebook CEO Mark Zuckerberg and post photos online.
Security researchers often use language and metaphors from the natural world to describe problems in the virtual world. (Thus, our use of the terms “virus,” and “worm.”) Now it turns out that the links may not be so arbitrary, after Microsoft researchers discovered that tools they developed to detect spammers’ efforts to avoid anti-spam filters were also great at spotting mutations in the HIV virus.
The FBI says that more than 2.5 million systems infected with the DNSChanger malware connected to DNS servers set up by the authorities in the week following a crackdown on a global criminal network dubbed Ghost Click.
Researchers have known for years that virus writers and attackers pay close attention to the analyses researchers do of their work, and it appears that the Duqu authors are no exception. Shortly after the first public reports about Duqu emerged in early autumn, the crew behind Duqu wiped out all of the command-and-control servers that had been in use up to that point, including some that had been used since 2009.
The security industry has no shortage of hard problems to solve, but the one that’s getting the most attention right now is finding a way to improve, or ideally, replace, the CA infrastructure. The latest in what has become a series of recent proposals to help shore up the certificate authority system comes from a pair of Google security researchers who have laid out a plan for providing auditable public logs of certificates as well as proofs for each certificate that’s issued.
It’s going to be considerably harder to get that sweet, knock-off Louis Vuitton bag you’ve been eyeing, and you can thank the US Immigrations and Customs Enforcement Agency (ICE) for that. The agency reportedly seized control of some 130 websites last week in advance of Black Friday and Cyber Monday, according to a report from The Register.