Security

Corrected at 6:50 a.m. PDT March 26: The last paragraph has been revised to correctly describe a second antivirus partnership.

The Anti-Malware Test Lab and AV-Comparatives.org announced on Tuesday an alliance designed to create one of the most respected sources of objective, independent information about antivirus products.

Together, the pair said, they intend by year's end to create a unique system of integrated tests for determining the effectiveness of commercial antivirus software.

Andrea Clementi, founder of AV-Comparatives, said in a statement that "the partnership with Anti-Malware Test Lab will allow us to evaluate more aspects … Read more

The battle for your in-box shows no signs of waning.

Despite the efforts of software companies large and small, spammers and phishers continue to find and exploit weaknesses in junk-mail filters at the server and client levels. After years of foil and parry between these two forces, you would think that Microsoft Outlook, the most widely used e-mail program in the world, would be a paragon of in-box defenses.

Then again, this is Microsoft we're talking about, a company not noted for being the paragon of anything more than profitability.

A few years back, Service Pack 2 for Office … Read more

Part of the Sequoia Voting Systems Web site was defaced and subsequently taken down on Thursday, according to a report in InfoWorld. As CNET prepared this blog, the entire Sequoia Voting System site was frequently inaccessible.

The defacement and subsequent takedown occurred Thursday morning on the company's Ballot Blog page. Sequoia is one of a handful of electronic voting companies used in the United States. It has in recent days come under fire for apparent discrepancies in voter tallies in last month's New Jersey primary election.

The Ballot Blog page on SequoiaVote.com had contained information from Sequoia … Read more

Update 3:15 p.m. PDT: The headline and opening sentence have been changed to clarify that VeriSign is expanding its Project Titan initiative to strengthen and secure Net infrastructure.

On Thursday, VeriSign announced plans to increase the level of security within Project Titan, a global initiative to expand the infrastructure of the Internet to anticipate future demand brought by increased e-commerce transactions.

In its announcement, VeriSign said that it is going to spend more than the $100 million-plus initially budgeted.

One of the goals of Project Titan is to increase the overall capacity of the Internet to sustain a … Read more

Apple released on Wednesday a security update for the AirPort Extreme Base Station with 802.11n.

The Firmware 7.3.1 update addresses the Apple Filing Protocol (AFP) vulnerability detailed in CVE-2008-1012.

Apple said there is an input validation issue in the way AirPort Extreme Base Station validates AFP requests. A maliciously crafted AFP request may cause file sharing to become unresponsive. This issue does not affect Time Capsule or AirPort Express.

The update for the Fast Ethernet version of Airport Extreme and the Gigabit Ethernet editions is available on from Apple support. Earlier this week Apple released an update … Read more

Details remain sketchy regarding Monday's announcement of 4.2 million credit card and debit cards exposed at a Maine-based supermarket chain. However, public comments made by Ronald Hodge, CEO of Hannaford Supermarkets, suggest that even with recent improvements in payment card transaction security, there may be holes.

The standards organization, PCI Security Standards International, was founded by American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International. In October 2007, they implemented the PCI Data Security Standard (PCI DSS), which includes, among other things, network specifications. Dr. Neal Krawetz of Hacker Factor Solutions said that PCI DSS allows … Read more

On Wednesday, Black Hat officials opened their Call For Papers (CFP) site to paid attendees registered for this summer's Black Hat USA 2008 Briefings and Trainings.

In February, speaking at Black Hat D.C. 2008, director Jeff Moss said his idea is to make the redesigned Black Hat Web site more interactive between speakers and attendees. The first improvement is to give future attendees a voice in choosing what speakers and presentations they'd like to see. Black Hat USA 2008, to be held August 2-7 at Caesar's Palace in Las Vegas, is the first conference to offer … Read more

Modern browsers are much better than their predecessors at keeping your Web activity private and your data safe. Still, you may not have your browser configured to provide optimum security. Take a few minutes to give Internet Explorer 7 and Firefox 2 a safety check.

Batten down IE7's hatches The version of IE7 for Vista adds the Protected Mode, which allows Web sites to access only the Temporary Internet Files folder on your PC. According to Microsoft, this feature is on by default for the Internet, Intranet, and Restricted zones, but disabled for the Trusted Sites and Local Machine … Read more

Apple on Tuesday released its second security update of the year--and it's a big one.

Known as APPLE-SA-2008-03-18 Security Update 2008-002, it contains more than 40 specific fixes for versions of Mac OS X. The most significant updates include Apache, ClamAV, Emacs, OpenSSH, PHP, and X11. There is no trend or theme here. The most serious vulnerabilities could lead to someone gaining remote access to a user's computer, while others may simply cause an application or service to crash. Other components mentioned in this update include AppKit, Core Foundation, Core Services, curl, CUPs, Help Viewer, ImageRaw, mDNSResponder, Podcast … Read more