Security

Crowded patch Tuesday

Microsoft had announced that it was going to issue software fixes on Tuesday, Oracle was also expected, both were joined by Apple (Mac OS X), Mozilla (Firefox), MIT (Kerberos) and others who dropped in on the patching party as well. A coincidence?

At least it is a hassle for IT admins, writes Corey Nachreiner, of security vendor WatchGuard in a blog posting. It is tough enough to keep up with Microsoft's patches. If other software makers release their fixes on the same day, the chance that a critical patch might be overlooked becomes greater, he writes.

Maybe it was … Read more

Hotmail throws boomerangs against spam

This blog has been corrected. It originally gave an outdated job title for Shahine. He currently is a lead program manager for Hotmail.

Microsoft's antispam boffins think they're onto something fairly intuitive and yet unique enough to be patentable, and they're using the term "boomerang" to describe it.

According to the blog of Omar Shahine, a lead program manager for Hotmail, the service now examines whether e-mail messages are replies in determining whether or not they're spam.

"We have some code that tags your outbound messages," Shahine wrote in his July 7 entry. &… Read more

'Employees had no role in ChoicePoint breach'

The new officer in charge of privacy, credentialing and compliance at ChoicePoint says employees at the company played no part in the leaking of information on about 145,000 Americans.

While procedures at the data broker needed to be improved, individuals at the companies did not make any mistakes, ChoicePoint's Carol DiBattiste told the Associated Press.

ChoicePoint revealed in February that scam artists had gotten access to personal data on tens of thousands of Americans, resulting in at least 750 cases of identity theft. The scandal has prompted calls for new legislation to protect consumers' privacy rights.

The Alpharetta, … Read more

Death penalty for virus writers?

Sven Jaschan last week was convicted for creating the Sasser worm that wreaked havoc on the Internet last year. The German teenager was given a 21-month suspended sentence and 30 hours of community service. A light sentence, critics say.

New York Times columnist John Tierney must think it is much too light. In a column on Tuesday he says that he is almost convinced by a theory that society might benefit more from executing a virus writer than from giving a lethal injection to a murderer.

That theory comes from economist and columnist Steven Landsburg. He published it in a column in Slate … Read more

Microsoft sponsors security career guide

A nonprofit organization with help from Microsoft has created a "career guide" to spark interest for the information security profession among high school and college students.

The guide was distributed last month to more than 3,500 school counselors, administrators and educators at education conferences and has been made available online, the International Information Systems Security Certification Consortium, or (ISC)2, said this week.

Microsoft sponsored the 35-page guide, which is titled "Decoding the Information Security Profession." The booklet offers a description of information security, typical jobs, titles, industries and organizations, professional requirements, certification options, typical … Read more

FTC head victim of identity theft

When it comes to identity theft, no one is immune. Just ask Deborah Majoras, head of the Federal Trade Commission. Majoras recently learned she too was a potential victim of identity theft, after shoe retailer DSW suffered a security breach, according to a report in CNN.com.

For Majoras, her credit card information was stolen, along with approximately 1.4 million other customers in the company's database. Majoras, in her role with the FTC, is responsible for such tasks as safeguarding consumers from such hazards as fraud, misleading advertising, antitrust violations and, yes, identity theft.

The fight against malicious … Read more

BlackBerry meets smart cards

A new security device for the BlackBerry handheld may make losing or misplacing one less of a nightmare.

Research in Motion (RIM), which makes the wireless gadget, announced its BlackBerry smart card reader this week. The device can be clipped to a purse or a belt and uses Bluetooth wireless technology and high-level security encryption standards (AES-256) to help authenticate a user.

The BlackBerry owner simply slips his or her smart card into the wearable add-on hardware; presses in a PIN code or password and off they go.

This is particularly good news for companies and organizations that use both … Read more

Attorneys general want details on credit card heist

CardSystems Solutions hasn't been talking since a security breach at the payment processor was disclosed earlier this month. But pressure is mounting on the company to end the silence.

The attorneys general of 44 U.S. states want CardSystems to come clean on the cyber break-in that exposed about 40 million credit cards to fraud. In a letter (view PDF), the law enforcement officials also demand that the payment processor informs all affected consumers immediately.

The letter, sent on Tuesday, came a day after a class action lawsuit was filed against CardSystems in a California court. The suit also … Read more

University of Connecticut discovers old hack

A hacked server, that is. The system was broken into on Oct. 26, 2003, most likely during a broad Internet attack, according to a notice posted on the university's Web site. The break-in went unnoticed until earlier this month.

In the attack, an attempt was made to install a backdoor on the server. That attempt failed, according to the university. The attack was possible because of a software flaw for which a patch was unavailable at the time. There is no evidence indicating that any attacker actually accessed data on the server, the university said.

The server has held … Read more