Privacy, Security Archive

Interesting Uses of Trusted Computing

Eugenia Loli 2004-03-25 Privacy, Security 10 Comments

Trusted Computing (TC) continues to be one of the most controversial technologies to come along in many years. Ross Anderson's (anti) TCPA FAQ, Lucky Green's apocalyptic DEFCON presentation, and sites such as notcpa.org and againsttcpa.com are full of predictions of online disaster if TC technology is allowed to go forward.

Hackers Exploit Patches; Longhorn, Win2k3, OSX Security News

Submitted by LogError 2004-02-26 Privacy, Security 26 Comments

Malicious hackers and vandals are lazy and wait for Microsoft to issue patches before they produce tools to work out how to exploit loopholes in Windows, say experts.

Chips to Ease OSes’ Security Nightmares: Buffer Overflows

Eugenia Loli 2004-02-23 Privacy, Security 31 Comments

AMD's Athlon-64 (for PCs) and Opteron (for servers) will protect against buffer overflows when used with a new version of Windows XP. Intel plans similar features on next generation Pentium chips.

The World’s Safest Operating System

Submitted by Gsurface 2004-02-20 Privacy, Security 106 Comments

UK based security firm mi2g has analyzed 17,074 successful digital attacks against servers and networks. The results are a bit surprising. The BSD OSes (including FreeBSD and Mac OS X) proved to be the systems least likely to be successfully cracked, while Linux servers were the most vulnerable. Linux machines suffered 13,654 successful attacks, or 80% of the survey total. Windows based servers enjoyed a sharp decline in successful breaches, with only 2,005 attacks. "Read more" for our take.

Gartner Questions Microsoft’s Commitment To OS Security

Submitted by Ricky 2004-02-14 Privacy, Security 41 Comments

The research firm warns that the ASN.1 vulnerability made public this week could prove worse than the vulnerability that made MS Blaster possible.

Spyware Cures May Cause More Harm Than Good

Eugenia Loli 2004-02-05 Privacy, Security 48 Comments

Web surfers battling "spyware" face a new problem: So-called spyware-killing programs that install the same kind of unwanted advertising software they promise to erase. Though the companies that fail to disclose this practice are facing an outcry from consumers and watchdogs, there is little people can do to defend their systems, security firms say.

Who’s Patching Open Source?

Eugenia Loli 2004-01-10 Privacy, Security 29 Comments

The first place many companies look for Apache support is their main distribution provider, most commonly Red Hat or SuSE. As open source grows, the need for support grows, and this new need has led to the development of a new support option: third-party vendors who manage or patch software. Flaws raise red flag on Linux security but many users remain confident about the security of the open-source environment notices ComputerWorld.

Reflecting On Linux Security In 2003

Submitted by LogError 2003-12-24 Privacy, Security 20 Comments

This has been indeed an interesting year for Linux security. The point of this article is to offer a view on what I believe to be some of the most interesting happenings in 2003. The Linux experts that offer their view on 2003 are Bob Toxen (one of the 162 recognized developers of Berkeley UNIX and author of "Real World Linux Security") and Marcel Gagne (President of Salmar Consulting, Inc. and author of "Linux System Administration - A User's Guide" and "Moving to Linux").

Developers take Linux Attacks to Heart

Submitted by Karl Sak 2003-12-10 Privacy, Security 20 Comments

A handful of recent online attacks on free and open-source software servers has open-source developers looking over their shoulders.

Ballmer: Raising Microsoft’s Security Game

Eugenia Loli 2003-10-21 Privacy, Security 51 Comments

Microsoft CEO Steve Ballmer on Tuesday defended his company's efforts to secure its software and fend off open-source rivals.

Microsoft Warns of 4 New Windows Flaws

Submitted by Matt Piechota 2003-10-15 Privacy, Security 63 Comments

Microsoft Corp. warned consumers Wednesday about four critical new flaws in its popular Windows software as the company shifted to monthly alerts for serious problems that could let hackers break into computers. In the meantime, Windows XP SP2 is to be getting backported security enhancements from the Longhorn codeline.

Digital-rights Group Knocks “Trusted” PCs

Eugenia Loli 2003-10-02 Privacy, Security 24 Comments

A high-profile digital civil liberties group is criticizing a component of the "trusted computing" technology promoted by Microsoft, IBM and other tech companies, calling the feature a threat to computer users.

Commercial Trojan Horse Spyware

David Adams 2003-09-30 Privacy, Security 18 Comments

A company is maketing a product called Lover Spy, which allows the customer to send a "greeting" to an acquaintance. That greeting contains a hidden application that installs itself on the victim's computer and reports back information on that person's online activities. It's intended to be a way for jealous lovers to keep tabs on their partner. It's a remote version of the old "install a keystroke logger on your boyfriend" trick. It's also probably illegal in the United States.

“MS: Security Risk” Paper Criticised By Industry Group

David Adams 2003-09-26 Privacy, Security 29 Comments

The recent paper that claimed that Microsoft's dominance poses a risk to US national security has come under fire by the groups Americans for Technology Leadership as being a shameless attempt by Microsoft's business rivals to promote their own products. Interestingly enough, Microsoft is one of the founding members of Americans for Technology Leadership, so this looks like this may be a bit of a "Battle of the Trade Groups."

Proper Security Will Take Horsepower

David Adams 2003-09-19 Privacy, Security 16 Comments

A ZDNet article has figured out what to do with all that extra processing power that Moore's Law keeps giving us: use brute force to make our computers secure. Encrypting everything, between machines, and also between processes might do the trick. Of course, you can't keep your keys in software, so that's where hardware tricks like "Trusted Computing" come in. So let me get this straight, because we're all afraid of viruses and hackers now, we're going to get back on the processor upgrade treadmill and give up ultimate control over what's on our PC to our motherboard and OS vendors?

IEEE Begins Standard to Create Baseline for More Secure OSes

Eugenia Loli 2003-09-13 Privacy, Security 35 Comments

The ability to enhance security in information systems and networks is limited by the operating systems that underpin them. Recognizing this, the Institute of Electrical and Electronics Engineers (IEEE) has begun work on a standard to formulate consistent baseline security requirements for general-purpose (GP), commercial, off-the-shelf (COTS) operating systems.

Microsoft Patches Critical VBA Flaw

Submitted by Marcel 2003-09-04 Privacy, Security 14 Comments

An identified security issue in Microsoft Visual Basic for Applications could allow an attacker to compromise a Microsoft Windows-based system and then take a variety of actions. Windows and Office users should update their system.

User Authentication Based on Keyboard Usage

Submitted by Chris 2003-09-03 Privacy, Security 20 Comments

Just as access can be granted based on a fingerprint or retina scan, biometrical analysis of the keyboard typing style can produce a unique pattern. A project to produce an authentication scheme based on hardware that every computer has already (unlike a retina scanner) was started in 1999 for BeOS but now is available on MacOS X, in a beta release.

Don’t Rely on Microsoft, Homeland Security

David Adams 2003-09-01 Privacy, Security 26 Comments

A trade group has urged the US Department of Homeland Security to reconsider its recent decision to use Microsoft as its preferred supplier of desktop and server software, citing recent security problems. Quote from the Computer & Communications Industry Association (CCIA) report: "Because of these recent developments, historical experience, and the inherent risks associated with lack of diversity, we ask that you reconsider your heavy reliance on a single, flawed software platform to protect our national security."

Blaming Microsoft for Hacker Attacks

Submitted by Ricky K. Yamauchi, Jr. 2003-08-29 Privacy, Security 104 Comments

"Some think the software maker is at fault for the latest viruses. But you can't blame a target. "Let's all just beat the hell out of Microsoft. It unleashed the worms!" Well, that's what some people think, if the e-mails (uninfected) I got during the past week are any indication." says Wrastler for CNN Money. "So why doesn't Microsoft make its software more secure? They're trying, company officials say. But they also argue that like any other company, there's only so much Microsoft can do to prevent a crime if a criminal truly wants to commit it." a Statesman article says. In the meantime, the FBI has identified a teenager as the author of Blaster and plans to arrest him early Friday, a U.S. official confirmed.