Privacy, Security Archive

AMD's Athlon-64 (for PCs) and Opteron (for servers) will protect against buffer overflows when used with a new version of Windows XP. Intel plans similar features on next generation Pentium chips.

UK based security firm mi2g has analyzed 17,074 successful digital attacks against servers and networks. The results are a bit surprising. The BSD OSes (including FreeBSD and Mac OS X) proved to be the systems least likely to be successfully cracked, while Linux servers were the most vulnerable. Linux machines suffered 13,654 successful attacks, or 80% of the survey total. Windows based servers enjoyed a sharp decline in successful breaches, with only 2,005 attacks. "Read more" for our take.

Web surfers battling "spyware" face a new problem: So-called spyware-killing programs that install the same kind of unwanted advertising software they promise to erase. Though the companies that fail to disclose this practice are facing an outcry from consumers and watchdogs, there is little people can do to defend their systems, security firms say.

The first place many companies look for Apache support is their main distribution provider, most commonly Red Hat or SuSE. As open source grows, the need for support grows, and this new need has led to the development of a new support option: third-party vendors who manage or patch software. Flaws raise red flag on Linux security but many users remain confident about the security of the open-source environment notices ComputerWorld.

A handful of recent online attacks on free and open-source software servers has open-source developers looking over their shoulders.

Microsoft CEO Steve Ballmer on Tuesday defended his company's efforts to secure its software and fend off open-source rivals.

A high-profile digital civil liberties group is criticizing a component of the "trusted computing" technology promoted by Microsoft, IBM and other tech companies, calling the feature a threat to computer users.

A company is maketing a product called Lover Spy, which allows the customer to send a "greeting" to an acquaintance. That greeting contains a hidden application that installs itself on the victim's computer and reports back information on that person's online activities. It's intended to be a way for jealous lovers to keep tabs on their partner. It's a remote version of the old "install a keystroke logger on your boyfriend" trick. It's also probably illegal in the United States.

A ZDNet article has figured out what to do with all that extra processing power that Moore's Law keeps giving us: use brute force to make our computers secure. Encrypting everything, between machines, and also between processes might do the trick. Of course, you can't keep your keys in software, so that's where hardware tricks like "Trusted Computing" come in. So let me get this straight, because we're all afraid of viruses and hackers now, we're going to get back on the processor upgrade treadmill and give up ultimate control over what's on our PC to our motherboard and OS vendors?

The ability to enhance security in information systems and networks is limited by the operating systems that underpin them. Recognizing this, the Institute of Electrical and Electronics Engineers (IEEE) has begun work on a standard to formulate consistent baseline security requirements for general-purpose (GP), commercial, off-the-shelf (COTS) operating systems.

Just as access can be granted based on a fingerprint or retina scan, biometrical analysis of the keyboard typing style can produce a unique pattern. A project to produce an authentication scheme based on hardware that every computer has already (unlike a retina scanner) was started in 1999 for BeOS but now is available on MacOS X, in a beta release.

A trade group has urged the US Department of Homeland Security to reconsider its recent decision to use Microsoft as its preferred supplier of desktop and server software, citing recent security problems. Quote from the Computer & Communications Industry Association (CCIA) report: "Because of these recent developments, historical experience, and the inherent risks associated with lack of diversity, we ask that you reconsider your heavy reliance on a single, flawed software platform to protect our national security."

In order to protect itself from DDoS attacks, Microsoft is using the Akamai service to distribute its load. Ironically, as a result, the domain www.microsoft.com is now listed in the Netcraft report as being Linux running IIS. Netcraft has received so much mail asking about that, and the irony of Linux-bashing Microsoft now depending on "enterprise-class" Linux servers has generated so much discussion, Netcraft has posted a page explaining what's happening.

Sun's EVP of Software Jonathan Schwartz uses the popular metaphor of the natural ecosystem to describe the IT world. Most corporate IT departments are what ecologists call a "monoculture." As various blights and famines have proven, when there is too much of the same plant growing in one place, it's suceptable to being wiped out by a disease. Stressing the need for "genetic diversity on the desktop" to combat security threats, Schwartz points to a non-Microsoft desktop as a viable solution. The difficulty in implementing the new OS? Says Schwartz, "you might have to train the user that a home directory named 'My Computer' on Windows has been renamed 'This Computer' . . . "