Home internet users are suffering from a variety of worms, viruses, and spyware on their machines, and though they are often aware that their computers are acting funny, they often don't have any idea why. Typical home users are not taking the necessary steps to protect themselves from these online threats. These are the findings of a recent study on internet security.
Privacy, Security Archive
Microsoft on Tuesday published 10 software security advisories, warning Windows users and corporate administrators of 22 new flaws that affect the company's products.
Microsoft CEO Steve Ballmer says the task of trying to stay one step ahead of virus writers and hackers will be a never-ending battle.
Microsoft published a patch for a major security flaw in its software's handling of the JPEG graphics format and urged customers to use a new tool to locate the many applications that are vulnerable. Users who have installed SP2 are not vulnerable to the flaw.
Wireless PCs and wireless laptops are being increasingly used in both business and the home. . . Unfortunately, in the enthusiasm with which people have adopted wireless, the question of security has been seriously overlooked.
Managers, mind your patches and VPNs! While none has yet been reported, exploits of the Kerberos vulnerabilities uncovered by MIT researchers could wreak havoc on a network.
The security industry has matured quickly over the past few years with penetration testing becoming one of the norms for organisations adopting best-practice processes. Loosely defined as the process of actively assessing an organisations security measures and completely reliant on consultancy services, security manufacturers have been eager to bridge the gap between product and service and more importantly to reap the benefits of additional profits. Story is here.
This paper discusses the collaboration between security and development in the enterprise software development lifecycle.
While spyware protection on single home machines is quite easy using today's removal tools like AdAware or Spybot Search & Destroy, deploying and managing such tools in corporate networks is still a problem. AdAxis promises to ease both deployment and managability of AdAware in such environments. It provides a facility for pushing reference file updates to corporate network workstations, executing AdAware on workstations remotely without user interaction and monitor the spyware contamination degree of machines.
Much of the attention commanded by computer security issues focuses on threats from external sources. Firewalls and perimeter defense tools are deployed to deny unauthorised entry to the network. Experts look for vulnerabilities and ways to ensure that the perimeter cannot be breached. Administrators monitor network traffic for unusual activities and anomalies, and it is common for users to be warned against suspicious email attachments. Read more.
This paper compiles and distills the known unique classes of attack, which have presented a threat to web sites in the past. Each class of attack will be given a standard name and explained with thorough documentation discussing the key points. The formation of a Web Security Threat Classification will be of exceptional value to application developers, security professionals, software vendors or anyone else with an interest in web security.
This series explores the sort of technologies we could use if we were to build a new platform today. The first 2 parts covered the Hardware and core OS. In this third part we look at security, the file system, file management and throw in a couple of other random ideas for good measure.
This lengthy and highly technical primer provides a gentle yet thorough introduction to elliptical key cryptography (ECC), said to be ideal for resource-constrained systems because it provides more security-per-bit than other types of asymmetric cryptography. The paper is from Certicom, which markets Security Builder toolkits targeting various popular desktop, server, and embedded OSes.
The loss of critical data can prove devastating. Still, millions of professionals ignore backing up their data. While individual reasons vary, one of the most common explanations is that performing routine backups can be a real chore. Because machines excel at mundane and repetitive tasks, the key to reducing the inherent drudgery and the natural human tendency for procrastination, is to automate the backup process.
Speaking in Australia, Microsoft Chairman Bill Gates stressed that more widespread use of firewalls would solve some of the Internet's security problems. He also stressed that his company needs to reduce the frequency with which major security updates are released. He also noted that while most OSes can turn around a security fix in 60-90 days, "we have it down to less than 48 hours." He stressed the importance of using the Window auto-update feature and noted that SP2 defaults the auto-update and firewall to on.
Web surfers are no longer playing Russian roulette each time they visit a Web site, security researchers say, now that a far-reaching Internet attack has been disarmed.
Security researchers warned Web surfers to be on their guard after uncovering evidence that widespread Web server compromises have turned corporate home pages into points of digital infection.
"Windows is more secure than you think, and Mac OS X is worse than you ever imagined". That is according to statistics published for the first time this week by Danish security firm Secunia. The stats, based on a database of security advisories for more than 3,500 products during 2003 and 2004 sheds light on the real security of enterprise applications and operating systems, according to the firm.
Here’s a billion-dollar question: Why are Windows users besieged by security exploits, but Mac users are not? John Gruber is discussing why this happens and ultimately concludes that it doesn't matter why, what it matters is that you can't argue with facts.
Microsoft officials poured cold water on a published report that said its Next-Generation Secure Computing Base (NGSCB, code-named Palladium) project is being canned. "The project is continuing full steam ahead. It's alive and kicking and we're very excited about it. The vision has been refined over the last year but it's absolutely not true that it's being killed," MS product manager Mario Juarez said.