Spyware, Viruses, & Security forum

General discussion

NEWS - June 7, 2007

Three Minutes on Google Security

Security has been a bit of a black art at Google. Unlike rival Microsoft, which publishes detailed information on its monthly patches and has openly evangelized the steps it takes to secure software, Google has generally been quiet when it comes to talking about security and it has kept the team that keeps Google's Web sites secure under wraps.

Read the interview at http://news.yahoo.com/s/pcworld/20070606/tc_pcworld/132606;_ylt=A0WTUed_EmdGC2cAsQkjtBAF

Discussion is locked
You are posting a reply to: NEWS - June 7, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - June 7, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
HSBC questions online security tool

In reply to: NEWS - June 7, 2007

Bank has seen online takeup without need for extra security

Efforts to standardise online banking security could be undermined by HSBC's refusal to adopt two-factor authentication for access to its web accounts.

Some high-street rivals have explicitly linked growth in online banking with improvement in security procedures.

But figures from HSBC last week show a 55 per cent rise in online customers last year without any extra safety measures. The firm is now questioning the need for investment in industry body Apacs's standard card reader.

The surge in take-up proves customers already feel safe on the internet, says HSBC head of e-commerce Alison Leonard.


Collapse -
Security MVP Demos Broken Wireless Access Protocols

In reply to: NEWS - June 7, 2007

During an updated version of one of the more popular sessions at TechEd each year, senior security engineer and Microsoft MVP Marcus Murray did attendees a major service by demonstrating that hacking into a network is not really an art, and in some ways, not even much of a science.

His "Why I Can Hack Your Network in a Day" session is actually something of a misnomer, as many of the tools he uses (including one written by SysInternals guru-turned-Microsoft fellow Mark Russinovich) can enable individuals to work their way to revealing the passwords of domain administrators in closer to 15 minutes.


Collapse -
Resort dumps Symantec's antispam product

In reply to: NEWS - June 7, 2007

Kingfisher Bay Resort in Australia has ditched Symantec for a rival managed antispam product claiming the product allowed spam to pass through its filters unchecked.

The resort is located on Queensland's Fraser Island and employs 500 staff, with about 100 users relying on e-mail for communication and customer service across the resort's remote sites.

Staff were receiving between 20 to 40 spam e-mails per day prior to the implementation, with more exposed addresses copping more than 100 a day.

Director of parent company Tourism Leisure Corp., David Goodman, said while the company is satisfied with the Symantec corporate edition antivirus deployed on its network, the aging spam solution was reducing productivity.


Collapse -
Hackers load malware onto Mercury music award site

In reply to: NEWS - June 7, 2007

Hackers have been able to load malware onto the official Mercury music awards site, as well as hundreds of other sites, after breaking into the systems of US-based hosting firm DreamHost.

DreamHost blamed a security flaw in its web control panel software for an attack that allowed hackers to compromise a "very small subset" of user accounts. Affected customers have been notified by email. DreamHost said only web content - not credit card or billing information - was compromised.

In a statement published Wednesday, DreamHost said: "The security flaw allowed the attackers to log into our customer web control panel with the access privileges of another user. From our web panel they were able to access individual user password information. The attackers also attempted to gain access to our central database and billing information but were ultimately thwarted in that attempt. No credit card information or customer personal information was obtained."


Collapse -
Bank of Scotland blames human error in data screw-up

In reply to: NEWS - June 7, 2007

Bank of Scotland (HBOS) is telling 62,000 customers they could be at risk of identity theft after it stuck an unencrypted disc in the ordinary post, which was subsequently lost.

The disc, containing information on mortage customers, should have been encrypted before being sent, the bank said, and should have been sent via secure courier rather than the normal postal service. It blamed human error for the problem, but said it believed the disc was genuinely lost rather than stolen.


Collapse -
Spam barrages take down filters, networks

In reply to: NEWS - June 7, 2007

Report shows increase in spam bombardment attacks.

MessageLabs' monthly report on the latest trends in spam has warned of an alarming rise in 'spam spikes', targeted attacks which use high volumes of spam directed at a single company in an attempt to overwhelm gateway spam filters.


Collapse -
Online malware dangers analysed

In reply to: NEWS - June 7, 2007

Two reports out this week have revealed some interesting statistics on the security dangers involved in browsing the Internet, with Google surveying the software running on webservers and which systems carry the most threats, while McAfee's study of search results reveals the dangers lurking in links provided by several major search engines, including Google itself.

AOL was found to be the safest search system, with only 2.9% of results representing a known danger, while Yahoo! was the worst, with 5.4%. Safety in general was found to have improved since the first such survey a year ago, but figures for both Yahoo! and MSN, previously the safest two and now the worst, showed more dangers presented than in the May 2006 study.


Collapse -
Should you use third-party patches?

In reply to: NEWS - June 7, 2007

Security software supplier eEye Digital Security provided an unofficial patch last year to this Microsoft vulnerability and received 70,000 downloads in three days. The increase in zero day attacks is one reason users have been unwilling to wait for official updates.

The early availability of third-party patches gives rise to the question of why Microsoft - with the best knowledge of and access to the source code - takes longer than volunteer programmers to fix the problem.

Microsoft said that creating security updates that fix vulnerabilities is an extensive process, and factors influencing the speed of the process include conducting a risk assessment on the affected product and testing it.

"Once the update is built it must be tested with the different operating systems and applications it affects, then localised for many markets and languages across the globe. In some instances, multiple suppliers are affected by the same or similar issue, which requires a coordinated release," said a Microsoft spokesman.

However, Alan Shimel, chief strategy officer at security supplier StillSecure, said, "The most recent patch by eEye was so widely downloaded because there were real attacks in the wild exploiting this vulnerability, and Microsoft did not respond quickly enough. Users have a legitimate right to download a third-party patch."

Shimel advises using third-party patches with caution, but said that if suppliers did not release patches quickly enough, the whole responsible disclosure system of vulnerability research falls apart.


Collapse -
Four ISPs Join Anti-Spam, E-Mail Delivery Program

In reply to: NEWS - June 7, 2007

Four major Internet service providers on Thursday joined a program that charges major business and e-commerce sites for guaranteed delivery of their e-mails.

Comcast, Cox Communications, Time Warner Cable's Road Runner and Verizon will support Goodmail Systems' CertifiedEmail program, which charges companies a quarter of a penny per message to ensure that their e-mails bypass spam filters and reach their destination. Nonprofit organizations are offered an 80 percent discount on that fee.

Yahoo! and America Online joined CertifiedEmail when the program kicked off in May 2006.


Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Enter to win* a free holiday tech gift!

CNET's giving five lucky winners the gift of their choice valued up to $250!