Security Central - Infoworld
Microsoft kills Windows SteadyState
Windows SteadyState is a handy tool for managing stand-alone PCs in public venues that cater to a motley crew of guest users.
Microsoft upgrades free app security tool
Microsoft released this week an upgrade to a tool that helps secure applications for the Internet without having to recode them.
Women perform well on Defcon social engineering test
Of the 135 people Fortune 500 employees targeted by social engineering hackers in a recent contest only five of them refused to give up any corporate information whatsoever. And guess what? All five were women.
Secunia security program automatically tracks down, applies patches
Secunia has updated its Personal Software Inspector (PSI) with the ability to silently download and apply patches from multiple vendors soon after their release. PSI 2.0 is now available in an open beta test,
Skyrocketing viruses, less danger?
In 2008, antivirus firm Sophos processed about 20,000 "new" pieces of malware every day.
Global spam hits all-time high
Spam hit an all-time high this year, with more unwanted messages pouring in from a smorgasbord of countries, thanks in part to globalization. Such are the findings of a recent and comprehensive report on all things security-related from IBM X-Force.
Microsoft still mum on programs prone to DLL hijacking attacks
Microsoft on Tuesday again abstained from naming which of its Windows programs, if any, contain bugs that could lead to widespread "DLL load hijacking" attacks.
Also on Tuesday, the company published an automated tool to make it easier for users to block attacks exploiting vulnerabilities in a host of Windows applications.
Eight great virtual appliances for VMware, free for the downloading
Virtual appliances are great for the same reasons physical appliances took the IT world by storm: They make deployment a snap -- even instantaneous -- while at the same time reducing costs. It's a formula that made hardware-based appliances immensely popular for network security, backup, storage networking, file services, email, and many other single-focus solutions.
What it takes to shut down a botnet
A botnet shutdown makes for a great story.
Google disputes bug patching report
Google on Monday said that a recent report claiming it failed to patch a third of the serious bugs in its software had the facts wrong.
IBM's X-Force security company, which released the report last week, acknowledged the error and issued a revised chart that shows Google patched all the vulnerabilities rated "critical" or "high" in its online services.
Scammers prey on required Twitter update
Scammers are trying to take advantage of the fact that many users will soon have to update their version of the TweetDeck Twitter software.
On Monday, TweetDeck warned that some Twitter messages were advising people to upload an untrustworthy executable file, called tweetdeck-08302010-update.exe.
Escape from Windows DLL security hell
The Windows DLL library loading vulnerability is gaining hacker attention. Although no one can accurately predict the next "big one," malicious cyber fiends are likely to use this exploit method against innocent computer users.
Mobile security: Your smartphone is safer than your PC, for now
In security circles, the talk on mobile centers around mobile management, protecting access to and use of corporate information by smartphone users. This summer's iOS 4 has been a game-changer for most IT organizations, giving the Apple iPhone, iPad, and iPod Touch security capabilities equivalent to those of Windows Mobile and meeting the needs of most BlackBerry users, ending the main objection at many companies for allowing iOS devices in.
Cisco patches bug that caused partial Internet blackout
Cisco has fixed a bug in its IOS (Internetwork Operating System) router software that contributed to a brief Internet blackout last week, thought to have affected about 1 percent of the Internet.
No good can come of a malware convention
Anyone who was ever concerned by the concept of hacking conventions such as Black Hat -- which has evolved into a reputable venue for security defenders -- should
How to thwart the new DLL hijacks
Earlier this week I wrote in Tech Watch about a whole new class of Windows zero-day vulnerabilities, warning that a wave of attacks would arrive soon.
Updated 'blue screen of death' rootkit now targeting 64-bit Windows
A new version of the malware that crippled Windows PCs last February sidesteps safeguards designed to block rootkits from hijacking machines running 64-bit editions of Windows, researchers said Thursday.
"A new era has officially dawned; the era of x64 rootkits," said Prevx researcher Marco Giuliani in a post to the company's blog yesterday.
The Pentagon plays security catch-up
Individual hackers can hurt national computer systems. Attackers have the advantage over defenders. Attributing attacks to specific groups is difficult.
Microsoft boosts access to secure development guidelines
Looking to broaden access to its security practices for software development, Microsoft plans to shift the licensing for its Security Development Lifecycle (SDL) documentation to the more accessible Creative Commons License, the company said on Thursday.
SDL is Microsoft's blueprint for incorporating security into applications. It has been available under an exclusive Microsoft license.
Sun, Microsoft, and Mozilla leave the most vulnerabilities unpatched
Sun is the king of unpatched software vulnerabilities followed closely by Microsoft and Mozilla, according to the mid-year security report by IBM's X-Force.