Clicking on a hypertext link while viewing a PDF file shouldn't be a security problem as long as you trust the viewer it invokes. But users of xpdf version 0.90 discovered that this assumption was an extremely bad one. When an xpdf user clicked on a hypertext link, xpdf started up a viewer (Netscape by default) and sent the URL to the viewer. So far, so good. But the xpdf developers decided to start up the viewer by using the system() call. That was the bad idea..
Privacy, Security Archive
A Chinese company has released sample code that exploits new vulnerabilities in the Windows operating system. The LoadImage function and Windows Help program are both affected.
This article will address at a summary level the most significant security risks in the wireless computing environment. The purpose of the article is to introduce in a centralized fashion the scope of the problem and the most significant talking points on the issue of wireless security and to summarize where the industry is in addressing these problems and where it is going.
Faced with an increasing number of deployed Linux servers and no budget for commercial monitoring tools, our company looked into open-source solutions for gathering performance and security information from our Unix environment.
Within 30 days, Microsoft will have a tool available to remove spyware from Windows PCs. The tool comes from a small company called Giant Company Software that Microsoft recently acquired. The anti-spyware tool will initially be free, but Microsoft has stated that it may eventually charge for the program. Update: It seems that another company has co-ownership of the code that Microsoft bought in this acquisition.
To really understand what is going on in your network, you must do more than deploy security devices, you must also monitor your security situation on a constant basis. Intrusion detection monitoring is a major trend in the security industry.
For years, Microsoft has hammered away at the security flaws in its desktop operating system. Now the company is looking to plug another security hole: weak passwords.
Surfing the Web has never been more risky. Simply connecting to the Internet — and doing nothing else — exposes your PC to non-stop, automated break-in attempts by intruders looking to take control of your machine surreptitiously.
Remembering all the logins and passwords to all the services and systems you've got access to is pretty hard to do nowadays. Many people use the same login and password for multiple sites and systems. That won't improve security. One of the IT buzzwords is SSO (Single Sign-on). Most SSO systems are hard to setup and will only provide SSO to the systems of one company. It is possible to easily provide worldwide single sing-on.
The Application Vulnerability Description Language (AVDL) is a rather new security interoperability standard within the Organization for the Advancement of Structured Information Standards (OASIS). Caleb Sima, SPI Dynamics CTO, talks to Help Net Security about this interesting web application security topic.
This guide will show you how to secure Windows XP. While it covers the basics it also goes beyond them without going into "paranoid" mode...This guide is for home users in a stand-alone or workgroup environment. It is intended as a step-by-step guide and we highly suggest you read through the entire article before taking any action. We welcome suggestions and feedback.
Removable media devices are here to stay. Their ease of use and low cost have made them ubiquitous in the work environment – but at what price? In this article they look at the pros and cons of removable media, and the steps IT managers can take to mitigate the security risks associated with them.
In this article you will learn how to set up FreeBSD to use a USB thumbdrive, how to configure and use the Cryptographic File System (CFS), and then for the FreeBSD 5.X users, how to use the brand new Geom Based Disk Encryption system (gbde).
Reports on the comp.periphs.printers Usenet newsgroup claim that Lexmark has been planting spyware on its customers' PCs in the form of undocumented software that monitors the use of its printers and silently reports back to a Lexmark-owned company Web site.
Security researchers claimed today that millions of Microsoft customers are at risk from 10 serious security vulnerabilities uncovered in Windows XP patched with Service Pack 2.
Beginning this month, Microsoft will start to publish details about upcoming security updates in a newsletter available to the general public. Previously this information had been available, but only to those who knew about it and would sign a confidentiality agreement, which ended up being a handful of its largest customers.
Microsoft is rejecting claims from security researchers that a spoofing technique discovered on Internet Explorer is a security vulnerability.
In this article we'll discuss the claim made by proponents of open source software that such software is more secure. Is open source really inherently more secure than closed source commercial software? If so, why? And if not, why do so many have that perception? Read Article
SUN Microsystems Java and Microsoft's .NET platforms are no more than programming languages that exploit network potential with the idea that the same software should function on different platforms. Both systems are centered around the principle of running software that doesn't reside on the client machine to provide greater functionality or faster execution, saving connection time and improving public perception of the server to which the client connects. Read Article
Home internet users are suffering from a variety of worms, viruses, and spyware on their machines, and though they are often aware that their computers are acting funny, they often don't have any idea why. Typical home users are not taking the necessary steps to protect themselves from these online threats. These are the findings of a recent study on internet security.