Browsing Category: Web Security

Categories: Malware, Web Security

From IDG News Service (Robert McMillan)
A new attack that peppers Google search results with malicious links is spreading quickly, the U.S. Computer Emergence Response Team warned [us-cert.gov] on Monday.

The attack, which has intensified in recent days, can be found on several thousand legitimate Web sites, according to security experts. It targets known flaws in Adobe’s software and uses them to install a malicious program on victims’ machines, CERT said. Read the full story [cio.com]

Read more...

Categories: Web Security

Little, if anything, gets Mac users more exercised than a mention of their favorite machine’s security problems. Despite the fact that security experts believe Macs to be much easier to exploit than Windows machines, Mac users simply trot out the old saw about there not being any virus attacks on Macs. Not only is that assertion demonstrably false, but it misses the point entirely: Virus attacks are not an indicator of the security of an operating system.

Read more...

Categories: Web Security

From SC Magazine (Chuck Miller)
Attackers have discovered that spreading their malware is a much easier task on social networking sites than it is on the rest of the Web. The success rate for malware on social networking sites such as Twitter and Facebook is 10 percent, compared with less than one tenth of that on normal sites and through email.

Read more...

Categories: Web Security

At a Churchill Club event in Santa Clara, Calif., Peter Solvik, managing director at Sigma Partners, talks to a panel of CIOs about how they’re making mobile devices more secure in the enterprise and whether their employees prefer the BlackBerry over the iPhone. The panel includes: Matt Carey, chief information officer of Home Depot; Karenann Terrell, CIO of Baxter; and Lars Rabbe, former CIO of Yahoo.

Read more...

Categories: Web Security

From PC World (Aurora Dizon)
The “Twitter porn names” game, currently Twitter’s top trending topic, may be a fun distraction that gives you and your friends something to tweet about. But it also has a security hole–one that is no technical snafu. It could be simple human error, but it’s also possible that this security hole is an example of truly sneaky social engineering. Read the full story [pcworld.com]

Read more...

Categories: Web Security

From Forbes (Charlotte Dunlap)
Security breaches continue to plague organizations, causing CIOs to question whether their traditional network security solutions are adequate for protecting against increasingly sophisticated cybercriminals.
Recently, it was reported that foreign hackers broke into the Pentagon’s $300 billion fighter plane weapons program, a security breach apparently achieved through contractors’ computers. The news is particularly disheartening to CIOs, because if the federal government–with all of its brain power and billions in funds–is still grappling with keeping its data secure, how can organizations and enterprises expect to avoid Internet threats and costly data breaches? Read the full story [forbes.com]

Read more...

From DarkReading (Kelly Jackson Higgins)
The cleanup cost for fixing a bug in a homegrown Web application ranges anywhere from $400 to $4,000 to repair, depending on the vulnerability and the way it’s fixed.
Security experts traditionally have been hesitant to calculate the actual cost associated with bug fixes because there are so many variables, including the severity of the vulnerability, differences in man-hour rates, and the makeup of the actual fix. Read the full story [darkreading.com]

Read more...

Categories: Web Security

SQL injection attacks have become the most reliable way for hackers to gain access to valuable data on back-end systems, with many high-profile Web sites falling victim to the technique over the last couple of years. The attacks themselves are fairly straightforward, but the results can be devastating, as this explanation of SQL injection from IBM ISS’s X-Force shows.

Read more...

From ZDNet (Dancho Danchev)
A newly discovered email worm dubbed OSX/Tored-A once again puts the spotlight on the potential worm-ability, and malware spreading tactics targeting Apple’s OS X.
The worm propagates through emails harvested from infected hosts, and has a backdoor functionality allowing its author to perform the following actions if a successful remote connection is established – attempts to create a botnet, has keylogging functionality, and can also perform DDoS attacks as well as send spam. Read the full story [zdnet.com]

Read more...

Categories: Web Security

The automatic update is one of the more useful tools ever invented by software developers. Click a couple of buttons and you never have to worry about checking for new security updates again–it happens automagically! But it’s also one of the more frustrating and intrusive mechanisms we’ve seen in recent years, thanks to the tendency of vendors to abuse its power and smush in a bunch of extra applications and add-ons that users may have little use or desire for.

Read more...