« February 2010 | Main | April 2010 »

March 2010

03/30/2010

Soft Spots in Hardened Software

Over the past decade, Microsoft, the target of choice for many online attackers, has hardened its operating system, adopting technologies designed to make it harder for attackers to find and exploit vulnerabilities. Apple and many other software makers have followed suit, introducing similar additional security measures to their operating systems.

Yet last week, during the "Pwn2Own contest" at CanSecWest, a security conference in Vancouver, Canada, security researchers demonstrated that software makers need to do more to protect their programs. Using previously unknown vulnerabilities, the researchers were able to compromise Apple's Safari, Microsoft's Internet Explorer 8, and Mozilla's Firefox Web browsers by circumventing the latest security technologies in place in the operating system underneath.

Technology Review

Posted at 01:47 PM in Articles, Consumer Technology, Hacking, Research, Security, Software, Vulnerabilities | | Comments (0) | TrackBack (0)

|

03/22/2010

Banks Aim to Secure Customers' PCs

Cybercriminals have had great success over the past year hitting banks where their security is the weakest--on their customers' PCs. In 2009, online fraud losses doubled, according to FBI data.

Now banks are starting to hit back, focusing not only on the security of their own systems, but of their customers' systems. Last week, security firm Trusteer announced it would provide a service to banks that lets them remotely analyze computers belonging to customers who have been hacked. Using the service, called Flashlight, banking customers that believe they have been targeted could download a program to their PC that would quickly search the system for digital tracks left by online thieves and their malicious software.

Technology Review

Posted at 01:59 PM in Cybercrime, Published on Technology Review, Research, Security, Software | | Comments (0) | TrackBack (0)

|

03/09/2010

Mapping the Malicious Web

Over the past couple of years, cybercriminals have increasingly focused on finding ways to inject malicious code into legitimate websites. Typically they've done this by embedding code in an editable part of a page and using this code to serve up harmful content from another part of the Web. But this activity can be difficult to spot because websites also increasingly pull in legitimate content, such as ads, videos, or snippets of code, from outside sites.

Now a researcher at Websense, a security firm based in San Diego, has developed a way to monitor such malicious activity automatically.

Technology Review

Posted at 02:00 PM in Cybercrime, Hacking, Research, Security, Software | | Comments (0) | TrackBack (0)

|

03/05/2010

Not Deserving of Trust

When he wants to break into a corporate network, Kevin Johnson looks first to social networks to provide a way in.

The popular services, such as Facebook and Twitter, provide Johnson with connections to employees, information about their habits and a way to deliver hacking programs designed to infiltrate their computers. As a penetration tester for security firm InGuardians -- where he pretends to be the bad guy to help clients spot holes in their security -- Johnson has come to appreciate the ease with which social networks can be used to attack users.

YourSecurityResource.com

Posted at 02:03 PM in Antivirus, Consumer Technology, Cybercrime, Published on Symantec's YSR, Security | | Comments (0) | TrackBack (0)

|

03/01/2010

Modular Data Centers: A Fast, Secretive Option Spreads

When Australian firm WesTrac needed to expand its data center capacity quickly, the company bought the equivalent of a Band-Aid for its server needs: A containerized data center.

The company, which supplies Caterpillar brand heavy-machinery to Australian customers and others, found itself with too little data center to meet the needs of its latest IT project. Because of space issues, WesTrac could not expand its current facility. Instead, the company decided to use a pre-packaged data center, housed and shipped in standard-sized cargo containers: one for the servers and one for the chillers and power infrastructure.

CIO.com

Posted at 05:45 PM in Data Centers, Enterprise Technology, Published on CIO.com | | Comments (0) | TrackBack (0)

|