12/15/06 |
Of rockphish and botnets
Phishers have started defeating existing antiphishing technology with a new technique, dubbed rockphish, that can use botnets to keep a bogus sites alive.
|
12/7/06 |
MySpace YourVirus
User-driven content sites such as MySpace and YouTube may become the new playground for Internet criminals, taking advantage of both the sites' popularity and their openness to upload whatever code the user wants.
|
12/1/06 |
Windows Vista and the coming criminal diaspora
Robert Vamosi tells you how Vista will or will not impact computer security in 2007.
|
11/9/06 |
To catch a thief
Federal investigators were touting their latest arrest of international data thieves as an opportunity to network with other investigators in other parts of the world. It's a small step, but it sends a loud message that data criminals will be sought and arrested, no matter where they are.
|
11/2/06 |
Ticket flap exposes airport security flaws
The existence of a custom Northwest Airlines boarding-pass creator on the Internet forces the issue of airport authentication--and therefore security--out of the realm of security researchers and into the mainstream.
|
10/27/06 |
RFID-enabled credit card theft
A thief attempting to steal credit information from RFID-enabled, or contactless, credit cards could wander through crowded markets, picking up broadcasts from within wallets and purses. The response from the smart-card industry: shoot the messenger.
|
10/20/06 |
Hacking anonymity
Are criminals using anonymizing services to plot crimes or, worse, plot terrorism? Yes, but one researcher who hacked the Onion Router (TOR) network finds it is possible to identify a person's real IP address, despite the cloak-and-dagger technology.
|
10/13/06 |
Internet Explorer's shrinking numbers
There's more than just features to consider when choosing an Internet browser. Unfortunately, on the eve of releasing Internet Explorer 7, Microsoft still hasn't figured that out.
|
10/6/06 |
The Netscaping of Symantec and McAfee
Vendors Symantec and McAfee have looked into the future and realized that people may one day speak of them in the way that we now speak reverently of Netscape's early builds. This time history's on their side; there are court cases and commissions that have found Microsoft guilty of past antitrust violations, and now the security vendors are using these to argue their point.
|
9/29/06 |
The myth of online anonymity
New methods of digital forensics can reveal gender, country of origin, handedness, and even whether or not you play the guitar--all determined from sample text.
|
9/15/06 |
Behavior
We seamlessly shift from private mode to public then back again several times during our normal day, and we never really think about it. The same should be true with our computer lives, but it isn't.
|
9/8/06 |
Pretexting: fraud by any other name
On the Internet no one knows you are a dog. But should that allow anyone anywhere to pretend to be you online to obtain your personal information? Heck, no.
|
8/25/06 |
When Web 2.0 fails
In this Web 2.0 world, mashups are red hot. Take the data from Craigslist, add it to Google Maps, and you have a visual representation of apartment listings within your target area. But such convenience can invite trouble for both the user and the Web site.
|
8/18/06 |
JavaScript plus AJAX equals trouble
With convenience comes the potential for new (and old) security risks as some businesses race to deliver AJAX-enabled Web sites without regard to security.
|
8/10/06 |
Session fixation
Con artists already know about setting session IDs, tricking Web applications into eavesdropping on legitimate users. When combined with financial services sites, the results can be damaging.
|
7/28/06 |
Spin city
It's as if the more that Microsoft says its new software will be secure, the more likely you'll believe it's true, but lately my Microsoft spin detection meter has been operating well into the red.
|
7/21/06 |
Zero-day Wednesdays
Microsoft issues patches to keep your PC safe, so why is someone releasing Trojans based on unpublished Microsoft Office flaws the day after Microsoft's infamous Patch Tuesday? Try corporate espionage.
|
7/14/06 |
When two factor fails
Phishers are poking holes in traditional Internet security and undermining our faith in the Internet itself. In the latest instance, they compromised a supposedly secure two-factor-authenticated banking system.
|
7/7/06 |
Fuzzing browsers for fun
All software contains vulnerabilities, with some flaws worse than others. But should those flaws be made public after the vendor in question has been contacted?
|
6/16/06 |
Shelter your data from the storms
Nobody likes to think about disaster, but having access to important information, such as account numbers and contact information, can greatly speed the process of applying for aid. Many Gulf Coast residents learned valuable lessons after last year; here are some of their suggestions with regard to computer data and personal information.
|
6/9/06 |
Security software for real-world threats
With Internet threats requiring you to buy computer security software for your PC and with real-world theft causing you to purchase additional insurance from monitoring companies, protecting your identity both online and off can quickly become very expensive. What if I told you that this doesn't have to be the case?
|
6/2/06 |
Outward bound with Vista's new firewall
Microsoft is promising that in Windows Vista all inbound connections will be blocked by default, whereas all outbound connections will be allowed by default, other than by exception. What does that mean? Well, it's less than you might think.
|
5/26/06 |
Microsoft's path of least user privilege
One of the selling points for Microsoft's new operating system is greater security, and one way it wants to achieve it is by limiting your privileges--even if you are an administrator. Will it work?
|
5/19/06 |
Do we need a national ID card?
The United Kingdom is calling for mandatory national ID cards by 2010. Meanwhile in the United States, data warehouses such as ChoicePoint know more about you and me than cops know about convicted felons on the street. Something's wrong with this picture.
|
5/12/06 |
Forget Google, it's Symantec vs. Microsoft
This week at the Symantec Vision conference in San Francisco, several top-level Symantec executives were openly challenging Microsoft on security. Despite considerable press coverage of the emerging Google vs. Microsoft battle, the way they were talking, you'd think Symantec was Microsoft's only competition.
|
5/05/06 |
Gone in 60 seconds--the high-tech version
How a keyless car gets stolen isn't exactly a state secret; much of the required knowledge is Basic Encryption 101. The funny thing is that manufacturers of keyless devices don't seem to care.
|
4/28/06 |
One phish, two phish
Where you click and--more importantly--why you click remains largely up to you. But if you think you are too smart to fall for a phishing attack, you might be surprised by the results of a new survey by researchers at Harvard and the University of California at Berkeley who found that the best fraudulent sites could still fool more than 90 percent of their highly educated participants.
|
4/14/06 |
Ready to recycle that old PC? Read this first
Whether you're donating that old PC to a local school or selling it on an online auction site, you'll want to remove your personal files first. Here's a quick lesson in how data is stored and what you can do to keep others from reading your e-mail and seeing your financial data from five years ago.
|
4/7/06 |
Windows security on your Mac
It's possible now to run Windows XP on your Intel-based Mac. But for many loyal Mac users, security is relatively new terrain. Here's a primer that helps you get the benefits of Boot Camp and still be safe.
|
3/31/06 |
The black hole inside the Bagle virus
There are more than 188 variations of the Bagle virus loose on the Internet. The latest variations pack the means to hide new sorts of nasties inside your computer, and current antivirus software won't necessarily save you.
|
3/24/06 |
Theft of trust
We're all being affected in subtle ways by the activities of a few criminals online. Botnets, the latest cyber-based criminal threat, are no longer just about stealing our identities or credit, some are after something even more precious: our online trust.
|
3/17/06 |
Psst. Your shiny new passport has a computer virus
Plans to go ahead with implementing RFID tags on U.S. passports should be put on hold. A new research paper out of the Netherlands says that it's possible to corrupt RFID systems with a virus, and the implications of that could be huge.
|
3/10/06 |
This time it's personal
I believe we've seen the end of the large-scale computer virus attack. Virus writers are producing fewer families of new viruses and worms, but they're also generating a greater number of variants, each more specific than the last. It's a whole new ball game on the Internet, and this time it's personal.
|
3/3/06 |
Helpful Mac OS X worms?
By creating three proof-of-concept worms last week, Kevin Finisterre started a public dialogue over Mac OS X security. But he also opened a Pandora's box, giving script kiddies techniques that could be used in future Mac OS X viruses.
|
2/24/06 |
Small business
According to some of the antispyware researchers I've spoken to, one trick to eliminating the specter of spyware is to devalue this new economy. If we can take the money out of the spyware industry, the participants should, in theory, go elsewhere, and spyware should, in theory, taper off over time. Unfortunately, taking the money out spyware is going to be a very hard proposition to sell.
|
2/17/06 |
Your smart phone has a dumb virus
Forget about your BlackBerry going dark because of a court decision. There are bigger problems ahead for mobile devices. Here come mobile-device viruses, ready to shut down your phone on a whim or, worse, steal your identity.
|
2/10/06 |
Spyware is on the decline--or is it?
A new report shows spyware on the decline, but two more reports suggest just the opposite. Who's right?
|
2/3/06 |
Whom do you trust?
Microsoft and Symantec will soon roll out managed online security services, offering everything from remote-controlled antivirus protection to hard drive optimization in one neat little package and creating the first real head-to-head competition for the two software giants. But more importantly, it'll force a difficult security question for some consumers: who do you trust more?
|
1/27/06 |
Cybercrime does pay; here's how
There's a perception that only Russians are making good money off cybercrime. Here's the story of a 20-year-old American who managed to live the high life through computer fraud. And he's not alone.
|
1/20/06 |
Use an iPod, go to jail?
Has Apple created the perfect socially acceptable, high-data volume criminal accessory? Not necessarily. You should think again if you want to toss your iPod into the trash -- or commit a crime with it.
|
1/6/06 |
Will Windows Vista eliminate third-party security apps?
Among the many changes seen in early releases of the new Windows Vista operating system, Microsoft is adding several built-in security apps that could make third-party security software unnecessary--or could it?
|
 |
|
Drop, charge, and lose the cords
