 |
|
| Top
Security News |
McAfee Goes Podcasting
McAfee has launched a twice-monthly podcast series about topics related to computer and Internet security, starting with a discussion of the Nordea Bank phishing incident, and information disclosure. The new...
Symantec Breaks Down Vista Security
The security company has been looking into Windows Vista since 2005, and published an assessment of its security implications. As a caveat, one of Symantec's Vista articles regarding User Account Control (UAC)...
New Storm Variant Hits Blogs, Emails
A polymorphic version of the Storm worm will deliver a rootkit to an unsuspecting victim's machine, and from there will post a link to itself in the blog entries, forum posts, and emails coming from the now-infected...
TJX Data Breach Grows Wider
The hole in the security for the clothing chain was wider than initially reported, and it could spur legislation holding companies responsible for these breaches. TJX initially disclosed that the intrusion into its...
CastleCops Draws DDoS Attack
The security site had been facing a distributed denial of service attack for several hours; the attack hit 1 Gb/second at its peak.
Someone out there isn't a fan of Paul Laudanski or CastleCops. The site hosts...
When Social Engineering Gets Physical
Criminals may be a superstitious, cowardly lot in Batman's world, but an evildoer in the real world may be ready to fight as one security company learned. Steve Stasiukonis wrote a tale of how his Secure...
|
|
|
|
Eight vulnerabilities in Apple's QuickTime product received fixes to stop potential exploits from crashing the application or running arbitrary code; this and more in a SecurityProNews roundup.
When discussions of Apple and security make the rounds, they are inevitably followed by the refrain of the Mac OS being a more secure platform than Windows.
Despite the passion of its fans, Apple is no more perfect at security than Microsoft, and regularly has to work at keeping its products safe.
The most recent example arrived as the company released an octet of patches for QuickTime on both the Mac and Windows platforms.
All of the flaws would have required the user to first attempt to view malicious content in QuickTime.
QuickTime's problems all could be traced to heap, stack, or buffer overflow conditions. Those vectors have been common spots for attackers to target in all manner of operating systems and programs over the years.
Sins of the Internet: Ha.ckers.org considers the
opinion that the Internet, designed for ease of use rather than security, suffers most from being built for academics first.
Cross-site request forgeries present a vulnerability that undermines just about every possible application made available on the Internet:
Every image, every included style, every iframe and frame, everything that's embedded in any way, can cause CSRF. It's the "holy crap that's bad" vulnerability that affects nearly every site out there. The only trick is getting the right person to perform the action and that's really not as hard as it may sound.
SANS finds some AV clunkers: The SANS Institute looked at the question of comparing anti-virus products. Researcher Swa Frantzen said SANS typically uses VirusTotal to show how malware is detected and named by a variety of AV companies.
The example test with updated signatures for 32 products found a lot of big names missed a downloader Trojan. McAfee, Symantec, Microsoft, and Panda didn't detect the malware. Companies like Sophos, F-Secure, and Grisoft's AVG did.
Bagle worm hits 3rd anniversary: Bagle/Beagle is still going strong after three years. Email security firm Commtouch detailed Bagle's longevity in a PDF report about its recent activity.
The company attributed Bagle's persistence to a new tactic.
Through server-side polymorphism, Bagle changes form before signature-based anti-virus engines can be updated to detect it. Then it changes again, each time coming out in thousands of email messages every day.
About
the Author:
David Utter is a technology writer for SecurityProNews, WebProNews, and InternetFinancialNews.
|
|
,
Inc. 2549 Richmond Rd. Lexington KY, 40509
