Iain Thomson at Black Hat 2010 in las Vegas, V3.co.uk, Thursday 29 July 2010 at 09:52:00
DNS Security Extensions could cripple man-in-the-middle attacks
The Internet Corporation for Assigned Names and Numbers (Icann) has announced
what it claims…
Security Revealed
Iain Thomson at Black Hat 2010 in las Vegas, V3.co.uk, Thursday 29 July 2010 at 09:52:00
DNS Security Extensions could cripple man-in-the-middle attacks
The Internet Corporation for Assigned Names and Numbers (Icann) has announced
what it claims…
Iain Thomson at Black Hat 2010 in Las Vegas, V3.co.uk, Wednesday 28 July 2010 at 22:08:00
Online business still not safe, warns Jeff Moss
The founder of the Black Hat conference has told delegates that the Secure
Sockets Layer (SSL) encryption u…
Sharon Brennan, V3.co.uk, Wednesday 28 July 2010 at 16:37:00
Search firm turns up more malware than Bing, Twitter and Yahoo combined
Over two thirds of popular search results on Google have hidden malware,
according to a report into malware dist…
Iain Thomson at Black Hat 2010 in las Vegas, V3.co.uk, Wednesday 28 July 2010 at 08:02:00
The few, the proud and the geeky arrive in Las Vegas
Hackers, security researchers, IT administrators and computer crime experts
have convened in Las Vegas…
V3.co.uk, Tuesday 27 July 2010 at 22:06:00
A look at the big stories from the US
Iain Thomson and Shaun Nichols discuss the latest news from the
V3.co.uk offices in San Francisco. This week’s topics include a profile
on the personalities of iPad…
Iain Thomson in San Francisco, V3.co.uk, Tuesday 27 July 2010 at 19:50:00
Patient, brilliant and better funded, warns networking firm
Malicious hackers are winning the enterprise security fight, according to
Cisco’s chief security officer.
John…
Shaun Nichols in San Francisco, V3.co.uk, Friday 23 July 2010 at 03:50:00
Services being used to evade filters
Spammers are increasingly making use of URL-shortening services to get their
messages through to users, reports MessageLabs.
The secu…
Iain Thomson in San Francisco, V3.co.uk, Thursday 22 July 2010 at 03:12:00
Infection sparks concerns about firmware security
Siemens has uncovered a virus that explicitly targets the industrial command
and control systems in which the company sp…
Shaun Nichols in San Francisco, V3.co.uk, Thursday 15 July 2010 at 02:46:00
Malware botnet exploits credit card security programmes
The infamous Zeus malware botnet has begun harvesting user bank data by
posing as a credit card verification sche…
Iain Thomson in San Francisco, V3.co.uk, Wednesday 14 July 2010 at 18:10:00
Latest report makes for grim reading on patching and spam
A report into the state of internet security has found patching is still
woefully poor among computer users.
O…
Lawrence Latif, V3.co.uk, Friday 9 July 2010 at 15:35:00
Encryption processes may have been compromised
Skype’s security credentials have been called into question by a developer
who claims to have released a software library that emulates an en…
Iain Thomson in San Francisco, V3.co.uk, Thursday 8 July 2010 at 20:00:00
Asks companies to accept “Big Brother” monitoring equipment
The National Security Agency (NSA) is to start monitoring the networks of
public companies for security hol…
Phil Muncaster, V3.co.uk, Saturday 3 July 2010 at 13:05:00
V3.co.uk rounds up the top security stories
This week has been dominated by yet more cyber criminal activity targeting
the banking and defence industries, as well as efforts by the gover…
Shaun Nichols in San Francisco, V3.co.uk, Saturday 3 July 2010 at 01:14:00
Researchers find social engineering flaw still open to attack
Adobe is on the defensive following the discovery of a security loophole
previously believed to have been pa…
Shaun Nichols in San Francisco, V3.co.uk, Thursday 1 July 2010 at 22:06:00
Complex operation targeting a pair of firms
A sophisticated malware operation targeting defence contractors has been
uncovered.
Researchers at Symantec Hosted Services s…
Shaun Nichols in San Francisco, V3.co.uk, Thursday 17 June 2010 at 01:52:00
Goatse researcher picked up for drug possession following raid
One of the researchers connected to last week’s iPad security breach has been
arrested following a police …
V3.co.uk staff, V3.co.uk, Tuesday 15 June 2010 at 16:15:00
Web infrastructure will soon be unable to cope with threats, according to
experts at Neustar security forum
Threats to the internet have increased significantly in recent months as
cyber…
Phil Muncaster, V3.co.uk, Saturday 12 June 2010 at 13:31:00
V3.co.uk rounds up the hottest security stories of the week
The week has been dominated by a batch of security fixes from Microsoft,
Google and Adobe covering several key products, as w…
Iain Thomson in San Francisco, V3.co.uk, Friday 11 June 2010 at 20:13:00
Mole passed on 260,000 military and diplomatic cables
The US authorities have confirmed that are looking for Wikileaks founder
Julian Assange as they believe he was passed …
Iain Thomson in San Francisco, V3.co.uk, Saturday 5 June 2010 at 01:12:00
Keith Alexander discusses cyber war, IPv6 and privacy
General Keith Alexander, the commander of
US
Cyber Command (PDF), has used his
first
public speech (PDF) to detail hi…
Shaun Nichols in San Francisco, V3.co.uk, Friday 4 June 2010 at 22:54:00
Release of novella could increase risk from ‘poisoned’ e-book files
The release of a new novella in the popular ‘Twilight’ series could spark a
malware outbreak, say securi…
Phil Muncaster, V3.co.uk, Wednesday 2 June 2010 at 13:14:00
Panda Security’s Luis Corrons tells V3.co.uk that the investigation
may take years
One of the leading figures involved in the detection and takedown of the
infamous
Mariposa botnet has …
David Neal, V3.co.uk, Wednesday 2 June 2010 at 13:10:00
Software firm reacts angrily to accusations
Microsoft has returned fire at Google after a report yesterday claimed that
the search giant is looking to
move
away from Windows operating syste…
Iain Thomson in San Francisco, V3.co.uk, Saturday 29 May 2010 at 04:31:00
Fake security software reaps huge rewards
US federal prosecutors have filed charges against three men for tricking
internet users into buying over $100m (£69m) worth of f…
David Neal, V3.co.uk, Monday 24 May 2010 at 14:00:00
Security firm VeriSign finds control of attack systems is being dangerously
democratised
Authentication firm VeriSign has warned that botnets could become more
widespread and dangerous as the …
Phil Muncaster, V3.co.uk, Saturday 22 May 2010 at 10:17:00
V3.co.uk rounds up the week’s top security stories
It’s been a big week in the security space, with some notable acquisition
activity from Symantec and Oracle, and product updates from K…
Iain Thomson in San Francisco, V3.co.uk, Wednesday 19 May 2010 at 01:06:00
Four new systems designed to defeat online crime
RSA has announced a set of services aimed at defeating man-in-the-middle
attacks, in which a secure link is hijacked by s…
Phil Muncaster, V3.co.uk, Saturday 8 May 2010 at 18:11:00
V3.co.uk rounds up the top security stories of the week
It’s been fairly quiet on the security front this week. Microsoft has
announced that its next Patch Tuesday update will be fairly light, while Google
has tightened up its cloud security, and new research from VeriSign and Symantec
Hosted Services proves that there is still a lot to keep security professionals
busy.
First up is the news that a college student is
facing
over 20 years in jail and huge fines after guessing the password to the
Yahoo email account of onetime vice presidential candidate Sarah Palin.
David Kernell was convicted of obstruction of justice and using unauthorised
access to obtain information from a computer, which comes with a maximum term of
20 years in jail. He was found innocent of wire fraud, and a charge of identity
theft was dismissed after a retrial.
Google, meanwhile, has
released
a new tool that allows administrators at firms using Google Apps to remotely
reset cookies to ensure that sensitive data cannot be accessed if a device is
lost or stolen.
Google Apps software engineer Will Smit said in a blog post that the feature
offers improved cloud security for organisations concerned that more information
is being stored in the cloud than ever before.
Also this week, the
perils
of Facebook were highlighted again in a new survey which found that almost a
quarter of Facebook users do not do enough to protect their own data on the
social networking site.
Web authentication firm VeriSign published a report this week offering advice
on how to guard against the
growing
threat of distributed denial-of-service attacks. The
DDoS
Mitigation report is designed to guide enterprises through the minefield of
internet security, which VeriSign said had changed dramatically over the past 12
months.
Meanwhile, Symantec Hosted Services released new research indicating that a
lack of knowledge and awareness about how to use Linux mail servers could be
contributing to the disproportionately large number of Linux machines being
exploited
to send spam.
“One reason there is so much spam from Linux could be that many companies
that have implemented their own mail servers, and are using open-source software
to keep costs down, have not realised that leaving port 25 open to the internet
also leaves them open to abuse,” said malware data analyst Mat Nisbet.
Finally, Microsoft has published its
advance
notification for this month’s Patch Tuesday update on 11 May. Security
administrators will be pleased to hear that it will be a relatively light affair
with fixes for two critical vulnerabilities in Windows and Office.
David Neal, V3.co.uk, Thursday 6 May 2010 at 11:48:00
Report offers advice for protecting against attacks
Web authentication firm VeriSign has published a report offering advice on
how to guard against the growing threat of distributed denial-of-service (DDoS)
attacks.
The
DDoS
Mitigation report is designed to guide enterprises through the
minefield of internet security, which VeriSign said had changed dramatically
over the past 12 months.
“If the past year has shown us anything, it is that DDoS threats represent a
moving target that is growing more sophisticated and difficult to defend
against, even as the attacks themselves grow more frequent,” said Ken Silva,
chief technology officer at VeriSign.
“We published this white paper as a blueprint for organisations looking to
stay ahead of this rapidly evolving threat to revenues, operations, customer
loyalty and network reliability.”
VeriSign cited a recent survey from analyst firm Forrester which found that
just under three-quarters of IT decision makers had experienced some kind of
DDoS attack in the past year, and that almost a third had suffered a disruption
of service.
The company warned that hackers had matured over the past year, and are
creating subtle “custom” attack bots that mimic legitimate traffic.
VeriSign added that even “budget-minded amateurs can spawn successful attacks
by renting botnets for as little as $200 [£132] for 24 hours”.
The report offers a range of best practices for organisations looking to keep
their business running in the face of an attack.
Companies should centralise data gathering, for example, making it easier to
analyse the appearance of normal traffic and create policies for reacting to an
attack.
Shaun Nichols in San Francisco, V3.co.uk, Wednesday 5 May 2010 at 03:23:00
18 of 21 pass latest round of spam tests
VirusBulletin has posted the results of its latest round of anti-spam tests.
The security publication said that of the 21 products tested as part of its
May VB Spam report, 18 were able to claim certification as having passed.
The test pits products against a collection of spam messages and grades
products both based on the ability to block spam messages while avoiding “false
positive” blocks on legitimate messages.
A final score is calculated by multiplying the false positive percentage by 3
and then subtracting that number from the percentage of genuine spam blocked. To
pass, the product must receive a final score higher than 96.
The company said that of the 20 products that took the full test, 17 were
able to meet the criteria.
An additional product, the Spamhaus ZEN plus DBL blacklist, was classified as
a partial solution meant to be used alongside other products, and as such was
tested and given certification in a separate category.
Of the three products that did not pass the test, none recorded false
positive rates higher than 2 per cent or spam catching scores under 98 per cent.
Higher false positive rates appeared to prevent passing scores for MessageStream
and modusGate, each of which caught more than 99 per cent of legitimate spam.
Sunbelt’s Vipre offering scored slightly less than 98.5 per cent caught with
a false positive rate of under 1 per cent to fall short of certification.
Among the products placed the highest on the test’s ‘quadrant’ ranking system
were Microsoft Forefront, Libra Esva, Sophos, BitDefender and Symantec
Brightmail.
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Jun | ||||||
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 | |