Privacy, Security Archive

OSes suffer serious security hole through CPUs

Eugenia Loli 2005-05-13 Privacy, Security 32 Comments

Colin Percival, a FreeBSD committer and security team member, has found a local exploit against the current implementation of Intel's Hyper-Threading Technology. "Hyper-Threading, as currently implemented on Intel Pentium Extreme Edition, Pentium 4, Mobile Pentium 4, and Xeon processors, suffers from a serious security flaw," Colin explains. "This flaw permits local information disclosure, including allowing an unprivileged user to steal an RSA private key being used on the same machine. Administrators of multi-user systems are strongly advised to take action to disable Hyper-Threading immediately."

Security – The Best Laid Plans

Submitted by Danny 2005-05-11 Privacy, Security 2 Comments

Security used to be as simple as a solid lock on a solid door, a safe in the back room and perhaps even a retired police officer out front (if you were really serious). But the modern business looks at security, and threats to security in a whole different light. Security of information, systems and networks are now just as important as, and often integrated with, shop-front security. read more

Mobile Security: Data Goes Walkabout

Submitted by Danny 2005-05-04 Privacy, Security 4 Comments

Mobile security is a hot issue, but who is listening? The mere word 'security' sends most people running. Investing in preventative IT security has never been a very popular topic. It often needs a competitor or an organisation itself to become a victim of crime before senior executives sit up and listen. read more

Apple Mythology and Desktop Security

David Adams 2005-04-22 Privacy, Security 43 Comments

A CIO Today editorial notes that security concerns are most often cited when IT managers consider a switch to Linux over Windows, but difficulty in replicating Microsoft Office functionality is a barrier. Why not use Macs? In addition to software-side security advantages, there are distinct security advantages to using a non-x86 platform as well. And you can still run Office.

The Facts & Fiction Around Windows Security

Submitted by Tim 2005-04-22 Privacy, Security 59 Comments

Microsoft has taken alot of heat for the security issues that surround its Windows operating systems, but they should not be the only ones taken the heat for Windows security. There are other parties out there that deserve to shoulder some of the blame with Microsoft. This editorial, originally written for a Communication Security course, tries to take an objective view of who is exactly to blame for what in the perceive mess that is Windows security.

Linux lags Windows in new security report

Eugenia Loli 2005-03-22 Privacy, Security 64 Comments

A report released today indicates Windows Server 2003 may actually be more secure than its most popular Linux competitor when it comes to vulnerabilities and the time it takes to patch them.

“Trusted Computing” Sneaks into PCs

David Adams 2005-03-17 Privacy, Security 23 Comments

"The three largest computer makers--Dell, Hewlett-Packard and IBM--have started selling desktops and notebooks with so-called trusted computing hardware, which allows security-sensitive applications to lock down data to a specific PC."

Securing Removable Media

Submitted by Danny 2005-03-11 Privacy, Security No Comments

Removable media devices are here to stay. Their ease of use and low cost have made them ubiquitous in the work environment – but at what price? In this article we look at the pro’s and con’s of removable media, and the steps IT managers can take to mitigate the security risks associated with them.

The Least Privilege Model in the Solaris 10 OS

Submitted by fintanr 2005-03-09 Privacy, Security 14 Comments

The Least Privilege Model in Solaris 10 allows for finegrained management of process and user privileges within Solaris 10. Amy Rich has written a nice introduction for Sun's bigadmin website.

The Rise Of The Customised Security Attack

Submitted by LogError 2005-03-07 Privacy, Security 10 Comments

As criminals operating online have begun to realise the potential commercial value of Internet-related crimes, so they have started to investigate other ways of using malware to line their pockets.

The Network Poltergeist

Submitted by LogError 2005-03-03 Privacy, Security 8 Comments

The IT industry isn’t as boring and technically obsessed as many outsiders believe. Viruses and malicious hacker threats in particular have been increasingly sensationalised in the popular press, squeezing the issues gradually into the public consciousness.

How secure is your computer?

Eugenia Loli 2005-03-01 Privacy, Security 76 Comments

A Windows computer without the latest security patches is in big trouble. That's the conclusion from a "honey pot" experiment conducted by StillSecure, a Louisville network security firm. StillSecure attached six computers - loaded with different versions of the Windows, Linux and Apple's Macintosh operating systems - earlier this month to the Internet without anti-virus software. The results show the Internet is a very rough place.

Study finds Windows more secure than Linux

Eugenia Loli 2005-02-17 Privacy, Security 78 Comments

Believe it or not, a Windows Web server is more secure than a similarly set-up Linux server, according to a study presented yesterday by two Florida researchers. The researchers, appearing at the RSA Conference of computer-security professionals, discussed the findings in an event, "Security Showdown: Windows vs. Linux." One of them, a Linux fan, runs an open-source server at home; the other is a Microsoft enthusiast. They wanted to cut through the near-religious arguments about which system is better from a security standpoint.

Researchers: Digital encryption standard flawed

Eugenia Loli 2005-02-17 Privacy, Security 11 Comments

An encryption standard widely used in digitally signing documents and programs has a flaw in it that could allow for the creation of forgeries, sources said Wednesday.

Is Windows safer than Linux?

Submitted by danjr 2005-02-11 Privacy, Security 78 Comments

Microsoft's Security Chief says that Windows is safer than Linux. Mike Nash made the comments while stressing that the company is making progress on security. He compared vulnerabilities in Windows with those in Red Hat or SuSE Linux. Update: Nick McGrath, head of platform strategy for Microsoft in the UK has claimed that 'Linux is not ready for mission critical computing.'

Microsoft releases “critical” patches; Tablet OS glitch

Submitted by danjr 2005-02-09 Privacy, Security 27 Comments

Microsoft has released the single largest number of patches since it has started doing monthly updates. The dozen updates include patches for Office XP, IE 6, and Media Player and MSN Messenger. Also, a glitch in the latest version of Microsoft's Tablet PC software is causing significant performance problems for those running the new operating system, the company has confirmed.

Access Control Lists

Eugenia Loli 2005-02-09 Privacy, Security 14 Comments

If you've used Linux for a long time, you're probably quite familiar with file permissions. Indeed, managing permissions is a critical part of managing a Linux system. In general, you should provide minimal access whenever possible. Every user (or group) should have just enough permissions and no more.

Darius’ Guide to Windows 2k/XP Desktop Security

Guest post by Darius 2005-02-08 Privacy, Security 143 Comments

As I have browsed this site and others like it, I have often seen comments like "The only way to secure a Windows box is to not connect it to the Internet!" and "How can you stand to use Windows when you have to run tons of apps such as spyware removers and spend hours trying to keep it secure?" Some people have even gone as far as to say that it is literally impossible to secure Windows. Well, I'm here to tell you that not only is it possible, it's actually quite trivial! It requires very little effort and you can do it without running a buttload of security apps and without spending a dime.

Clueless about cookies or spyware?

Eugenia Loli 2005-02-03 Privacy, Security 33 Comments

Spyware-removal tools are a fairly new commodity from Internet service providers, but some of the software may confuse people as much as it protects them, critics say.

Home User Security Guide

Submitted by LogError 2005-01-31 Privacy, Security 19 Comments

Many of you have new computers in your homes, but how many of you realize that this computer is already vulnerable? How can this be? How can a brand new computer be vulnerable? Read this article and find out more.