13 total posts
Google Sets Record Straight on Desktop
January 08, 2007 (Computerworld) -- As product manager for Google Desktop, I wanted to offer some information that was not included in the Dec. 4 Security Manager?s Journal [?Stopping Data From Flying Off to Google?]. Both privacy and security were important considerations in the development of this feature. As the article noted, Search Across Computers is off by default, must be enabled by users on all computers they want to use it on, and requires them to be logged into their Google account to use it. Your readers should also know that indexed files are stored only temporarily on Google?s servers until they are transmitted to the user?s other computers as they come online, and no files are stored for more than 30 days, even if the user?s other computers never come online.
Read more: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=277936&source=rss_topic17
A new SSL certificate is on the way
Web-based businesses face a crisis in consumer confidence because of phishing scams. But because of a new kind of SSL certificate, Web sites will be able to definitively demonstrate their identity, and customers will be able to confirm the identity of trusted sites.
Prevx Uncovers Search Engine Vulnerability as Major Factor
in Proliferation of Spyware and Malware Infections
Recent Prevx research finds 2-15 day lag for search engines to index malicious file names; computer users unable to find solutions fast enough to thwart new outbreaks.
Prevx announced that it has uncovered new vulnerabilities affecting PC users trying to use Internet search engines to locate information about potential spyware. Prevx researchers discovered certain malicious spyware programs prevent users, whose computers have become infected, from using popular search engines such as Yahoo!, Google and MSN to locate a cure, enabling the spyware infections to proliferate more readily among consumers. More information on spyware and other malware is available at http://www.prevx.com
"If a user searches for a suspect file name on Google or Yahoo! and nothing is found, then the assumption is that the file is probably nothing to worry about," said Prevx CEO, Mel Morris. "Such is the power of search today. Sadly, users must be more vigilant, a blank result on a top search engine is more likely to point to it being malicious."
Prevx researchers recommend that search engine companies find better and faster ways to help security vendors expose new infections and make protection readily available to computer users.
Finjan Releases Latest Quarterly Web Security Trends Report
Finjan's Web Security Trend report Q4/2006 presents new findings and "in the wild" examples related to the increased use of code obfuscation as a means of bypassing traditional signature-based solutions in order to propagate malicious code. It also provides a summary of key trends identified by Finjan's MCRC during 2006 and a brief outlook for 2007. The report offers suggestions as to how companies can protect themselves from these threats.
Sophos box takes aim at bad Web sites, misguided end users
Sophos Monday unveiled an appliance that can block access to harmful Web sites to prevent malware infection as well as filter out banned Web sites for productivity purposes.
The company's WS1000 appliance, which supports as many as 1,000 simultaneous users, scans Web traffic to block user access to known sites where risk of spyware and other malicious code is high, says Ron O'Brien, senior security analyst at Sophos. In addition, the WS1000 is built to dynamically analyze Web browsing behavior to stop or warn users when they might be lured into a spam-based phishing attack to a Web site that may only go live for a brief period to steal personal information.
Competitors in Web content filtering include Websense and Trend Micro.
Apple's New Years Hangover: Lawsuits, Hackers
Apple Computer in the past decade has risen, phoenix-like, from the ashes of its own managerial incompetence to attain new heights of profitability (up 27 percent in fourth-quarter 2006 to $546 million), market capitalization ($74 billion at last count) and plain old street cred (traffic to Apple's iTunes music store beat Microsoft's Zune 30 to 1 on Christmas Day.)
But the ball hadn't even started its descent in Times Square before CEO Steve Jobs and other Apple execs were facing a New Year's hangover of antitrust lawsuits, software holes, and a nagging SEC investigation into stock-option irregularities. Together, the lawsuits and hacks threaten to undermine longtime strengths for the company. But one expert says pressure to innovate, rather than courtroom challenges, are the biggest threat to Apple's future.
Symantec's Home & Home Office Security Report-Dec. 2006
Symantec published the December 2006 version of the Symantec Home and Home Office Security Report, an overview of Internet security concerns that may affect you and show you what you can do to protect your valuable data.
You can view it in PDF format by downloading the report from http://www.symantec.com/home_homeoffice/security_response/consumer_reports.jsp
Worm spreading through Skype
Worm spread on MySpace through QuickTime flaw
Microsoft Word plagued by critical flaws
You may also just read their blog entry about the above at http://www.symantec.com/enterprise/security_response/weblog/2007/01/2006_security_roundup_ah_the_m.html
The report also discusses online fraud, virus, and vulnerability trends for 2006. Online fraud is also known as phishing, which is a malicious attempt to trick people into divulging personal information, such as banking or financial details. In 2006, Symantec observed over seven million phishing attempts each day. Users should be suspicious of following links in email messages claiming to be from a bank or financial institution, and certainly no personal information should be returned to the email sender.
The development of viruses and worms continues to evolve. Mass-mailing worms still maintained an overwhelming presence in 2006, but they are slowly being overtaken with more stealthy threats that try to remain undetected once they have infected a computer using rootkit techniques. We are continually investigating the threat of zero-day exploits, which are malicious programs written by attackers to exploit a previously unknown flaw or vulnerability in software. The targets of zero-day attacks often include network- or computer-based software applications that require some level of user interaction, such as Web browsers or computer/office productivity software.
Sunbelt Software Announces Top 10 Spyware Threats for Decem
Sunbelt Software announced the top ten most prevalent spyware threats for the month of December 2006. The results are based on monthly scans performed by Sunbelt's award-winning antispyware product CounterSpy
1. Trojan-Downloader.Zlob.Media-Codec 2.56%
2. SpySheriff 1.11%
3. Trojan.Smitfraud 0.75%
4. Zango.SearchAssistant 0.71%
5. VirusBurst 0.59%
6. Virtumonde 0.57%
7. ClickSpring.PuritySCAN 0.50%
8. Trojan.Win32.Qhost.hf 0.46%
9. WinAntiVirus Pro 0.43%
View details at http://www.sunbelt-software.com/Press.cfm?id=171
Wi-Fi body aims to smooth security setup
New specification could encourage consumers to buckle up
January 08, 2007 (IDG News Service) -
The group that certifies Wi-Fi products aims to make more wireless LANs secure by taking some of the work out of locking them down.
The Wi-Fi Alliance is set to announce on Monday at the International Consumer Electronics Show its WPS (Wi-Fi Protected Setup) specification, which lays out an easier process for setting up a secure wireless LAN. The group will also reveal the first devices certified under WPS, though it will take a few more months for consumer products to reach store shelves.
Read more: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9007505&source=rss_topic17
Microsoft bans Scroogle
By Andrew Orlowski
Published Monday 8th January 2007
Microsoft's MSN Messenger service doesn't want you talking dirty - and its definition of dirty talk is quite peculiar.
If you send an instant message containing the word "scroogle.org" via the Microsoft service, the message never arrives. The sender doesn't know it was discarded, and the recipient has no indication that it was ever sent, as the original message remains in the chat window and history.
Read more: http://www.theregister.co.uk/2007/01/08/msn_bans_scroogle/
A shifting landscape for e-mail security
By Joris Evers, CNET News.com
Published on ZDNet News: January 8, 2007, 12:01 PM PT
ZDNet Tags: Acquisitions and mergers, Spam and phishing, Microsoft Symantec Corp Cisco Systems Inc
Cisco Systems' purchase of e-mail security specialist IronPort Systems is another sign that big-name vendors are taking over the spam fight, analysts say.
Upon completion of the the $830 million cash and stock deal, networking giant Cisco will join Symantec and Microsoft as a leader in the e-mail security arena. Those other companies entered the market via acquisitions and product development of their own.
Read more: http://news.zdnet.com/2100-1009_22-6147760.html
PayPal, Barclays are phishers' favorites, according to Phish
Frank Washkuch Jr. Jan 8 2007 20:01
PayPal, Barclays Bank and eBay were the three firms most targeted by phishers last month, according to statistics compiled by PhishTank users.
The public scam-reporting community, which allows consumers to report phishing scams, then vote on their authenticity, logged over 94,000 votes in December.
Out of the more than 20,000 unique phishing lures reported last month, 11,300 were verified as scams, according to a report from OpenDNS, the creators of PhishTank. Nearly 800 reports were dismissed as invalid phishes.
More than 2,200 validated phishing attempts targeted PayPal users, with another 1,300 targeting users who bank with U.K.-based Barclays.
Read more: http://www.scmagazine.com/us/news/article/624888/paypal-barclays-phishers-favorites-according-phishtank/