security

WASHINGTON--A handful of new drones is expected to begin patrolling the nation's northern and southern borders within the next few years.

For the moment, we're not talking swarms, here. But U.S. Customs and Border Protection (CBP) officials, backed by the Bush administration and some in Congress, are nevertheless hoping to steadily increase the presence of unmanned aerial vehicles aloft in an effort to nab illegal immigrants and drug traffickers more effectively, said Michael Kostelnik, a retired U.S. Air Force official who now serves as assistant commissioner of the CBP's air and marine unit.

For the … Read more

If there's one thing that the Black Hat 2007 conference in Las Vegas taught CNET Senior Editor Robert Vamosi, it's that criminals hackers, forgers, and malware chefs are getting more creative in their villainy, not less.

While stocking up on quality security software is an advisable method for keeping your distance from boogie-man code, the antivirus and removal applications are a lot more effective when used correctly. Some programs, such as Hijack This and CCleaner, benefit from deeper instruction; that's where CNET Download.com's security center steps in. Here you'll find guides for getting started … Read more

At LinuxWorld today, SPI Dynamic's senior security engineer, Matt Fisher, talked about the vulnerabilities of Web 2.0. His talk, although not much different from that of his colleagues Billy Hoffman and Brian Sullivan last week at Black Hat, offered some new examples of what criminals are doing online, armed with little more than a desktop browser. Cross-site scripting attacks are the No. 1 threat, according to the Mitre organization, in part because they are so easy to do.

In particular, Fisher singled out social-networking sites. Because the site depends on user content, the site allows users to upload … Read more

LAS VEGAS--This year's Black Hat was pretty much summed up in a prescient keynote by Richard Clarke, the nation's former cyber security czar who is now a novelist and chairman of Good Harbor Consulting. Clarke said "we're building more and more of our economy on cyberspace 1.0, yet we have secured very little of cyberspace 1.0." The apparent speed gained in Ajax (Asynchronous JavaScript and XML), which is technology that divides processing tasks between the Web server (Web site) and the Web client (browser), has opened Web 2.0 to some old-school attacks. … Read more

Hey, David Maynor's work won an award!

Most overhyped bug: The controversial MacBook Wi-Fi vulnerabilities released by David Maynor at last year?s Black Hat took this dubious award. ?In the end, the only public information about Maynor?s Wi-Fi vulnerabilities are hype, denial, a media frenzy, and a patch that may or may not have been based on Maynor?s findings,? the judges said.

Richly deserved, David. Give yourself a pat on the back.

Cough - you should know how to do that - cough.

Ahem.

What?

An NBC reporter learned the hard (and embarrassing) way that Defcon 15, a conference of underground hackers who also happen to be security experts, is not the place to go undercover with a hidden camera.

George Ou, who blogs for CNET News.com's sister site ZDNet, has written a detailed account of the drama that unfolded Friday at the Las Vegas conference when staff members announced the "spot the undercover reporter" game. Staffers had apparently learned that a Dateline NBC producer hoping to catch someone confessing to a hacking crime was there as a regular attendee after … Read more

Brace yourself for another fine example of the tech-savviness of federal bureaucrats (and yes, this sentence is dripping with sarcasm).

According to a report released Friday (PDF) by the Treasury Department's inspector general, 60 percent of a sampling of 102 Internal Revenue Service employees, when contacted by government auditors posing as help-desk employees, were perfectly willing to reveal their usernames and change their passwords to ones suggested by the callers.

The auditors said they were particularly alarmed by this year's findings against the backdrop of a similar test in 2004, when only 35 percent fell for the trick. … Read more

The brawniest smart phones may be equipped to withstand a hearty flinging across the room, and the brainiest may be able to finesse your multimedia or autocorrect your photos, but few can do on their own what CodeWallet Pro and eWallet Professional (various versions) can to manage and secure your data in a central, locked-down location.

I'm not talking about one smart phone with separate notebook, word processing, e-mailing, and database programs that have been shrunk down from their original desktop formats to disco with your data. I'm talking about programs that have been made with mobility in mind, that regard themselves as serious guardians of very sensitive information. Whether they stand up to the task and whether you really need them are issues we'll get to. To begin, let's take a look at eWallet Professional and CodeWallet Pro (which shall henceforth simply be known as eWallet and CodeWallet).… Read more

LAS VEGAS--Robert Graham of Errata Security on Thursday showed how reverse engineering your security application can uncover a treasure trove of zero-day vulnerabilities. He also demonstrated a new man-in-the-middle attack scenario that affects several popular Web 2.0 sites. He did so in a talk at Black Hat titled "The Lazy Hacker's Guide to TCB (Taking Care of Business)."

David Maynor who is no stranger to controversy at Black Hat was scheduled to speak alongside Graham, but Maynor was called away at 4 a.m. by a client in need. Errata CEO Graham presented the talk solo. … Read more