security

iForem is a new service making its debut at the DemoFall conference. Currently aimed at enterprise users, the company is set to step into the consumer space early next year. The basic premise of iForem is that users pay for storage up front, similar to purchasing actual physical media to save their files. iForem then keeps the files safe, secure, and redundant as long as you've got the proper passwords--all without a subscription.

iForem creators Stephen Pieraldi and TJ de Luna started the company as a response to some of the free online storage solutions out there that offer … Read more

According to ESG Research, 77 percent of large organizations ( 1,000 or more employees) employ a chief information security officer (CISO), up from 63 percent in 2005. ESG also found that more companies also hired chief compliance officers, chief privacy officers and chief risk officers in this two-year period as well. This data demonstrates that CEOs and board members are willing to throw money and talent at creating real operations around security, compliance, governance and IT risk.

Do these numbers mean that CISOs are becoming more strategic? I wouldn't go that far just yet--here's why. I recently had … Read more

A congressional committee is once again questioning the U.S. Department of Homeland Security's ability to detect and fend off cyberattacks, as a recent investigation has turned up evidence of Chinese-linked hacking incidents on internal computers last year.

According to the results of a recent U.S. House of Representatives Homeland Security investigation described in a letter released Monday (PDF), "dozens" of computers on networks at the sprawling cabinet department's headquarters were "compromised by hackers" last year. The intrusions involved planting malicious code that cracked network administrator passwords, masked signs of intrusion and beamed … Read more

Check Point has released a beta of yet another sandbox for your Internet browser. Called ZoneAlarm ForceField, the idea is simple: What happens in Firefox, stays in Firefox. Or Internet Explorer, for that matter. Any downloads or collateral material you collect during your browsing experience is destroyed once you close the browser. If beta testing goes well, Check Point plans to release ZoneAlarm ForceField in the first quarter of 2008 as a retail product.

If ZoneAlarm ForceField sounds like Google's recent purchase, GreenBorder, it is--kind of. ZoneAlarm ForceField goes beyond GreenBorder by offering antispyware and antiphishing--both drawing from ZoneAlarm'… Read more

Glitches in touch-screen electronic voting machines without paper trails tend to rack up the most attention these days. But an irregularity over ballots marked by hand and scanned by a computer like standardized tests--known as the "optical-scan" approach--is poised to create a snafu in upcoming mayoral elections in San Francisco.

According to a San Francisco Chronicle report on Wednesday, there's concern among state officials that "less-sensitive" scanning machines at polling places across the California city won't be able to pick up ballots marked with anything other than a No. 2 pencil or a special … Read more

Zero-day exploit codes targeting Yahoo and AOL instant-messenger services could put frequent IM users at risk to new attacks.

A non-vendor disclosed vulnerability within Yahoo Messenger has been exploited by two different code releases Wednesday. This is the third security glitch for Yahoo Messenger in as many months. There is no workaround or patch available yet for these exploits.

A second non-vendor disclosed vulnerability in AOL Instant Messenger targets how users are notified of new IMs. Security vendor Secunia recommends that current AIM users disable that option until a patch is available.

ZDNet blogger Ryan Naraine has more information and … Read more

Nathan Weinberg at Inside Google sure can write a dramatic blog entry. For instance, in this one on Google closing a security flaw in its new Presentations feature of Google Docs, he starts out with a screen capture of e-mail addresses that were leaked through that flaw. Of course, the addresses are obscured. It's a graphically appealing but very scary image.

Weinberg explains what happened:

"Google Presentations has a chat feature, based on Google Talk technology, that lets people chat while viewing a presentation. I embedded a presentation here, as did Matt Cutts on his blog, and a … Read more

Mozilla today fixed a vulnerable in how Apple QuickTime Media-Link files contain a qtnext attribute that could be used on Windows systems to launch the default browser with arbitrary command-line options. Although the problem appeared to be resolved earlier this year, researcher Petko D. Petkov and others found recently that it could still be exploited.

A previous fix in July's Firefox version 2.0.05 was intended to resolve this issue, but, according to Mozilla, "QuickTime calls the browser in an unexpected way that bypasses that fix." Also, Apple's own fix in the release of QuickTime 7.1.5 … Read more

A new report by the U.S. Government Accountability Office charges that the Department of Homeland Security used biased methods to enhance performance results in tests on a new generation of radiation detectors meant to protect U.S. ports.

At stake are $1.2 billion in contracts to produce advanced spectroscopic portal (ASP) monitors and thousands of lives should they fail to work.

Experts from four national laboratories were consulted prior to publication of the report (PDF) by the GAO, the nonpartisan audit and investigative arm of Congress, which was released yesterday.

The agency found that the DHS' Domestic Nuclear Detection Office &… Read more