Security

WASHINGTON--In a keynote address at this year's ShmooCon, an East Coast computer hacker conference, J. Alex Halderman said that electronic voting machines could be good for the electorate--with some modifications.

Halderman is a graduate student studying under Ed Felten, a professor of computer science at Princeton, who is best known for demonstrating that the electronic voting machines produced by Diebold and other companies are vulnerable to attack. Diebold has since changed the name of election equipment to Premier Election Solutions. Felten was to make the keynote address, but canceled at the last minute due to the flu. Halderman is … Read more

The FBI is warning that Valentine's Day e-mails you see this year might be coming not from loved ones, but from the Storm worm botnet. In a press release Tuesday, the FBI warns users to be on the lookout for e-mail that "directs the recipient to click on a link to retrieve the electronic greeting card (e-card). Once the user clicks on the link, malware is downloaded to the Internet-connected device and causes it to become infected and part of the Storm worm botnet."

Dr. Jose Nazario of Arbor Networks said the authors of Storm have launched … Read more

Update 11:45 a.m. PST: This blog incorrectly described part of what the link downloads. It downloads a Trojan horse. The link does not take viewers to a video.

Moving beyond Valentine's Day as a social-engineering theme, online criminals have started sending out e-mail with a supposed link to a recent interview with Sen. Hillary Clinton. Instead of a video, the link downloads a Trojan horse onto the viewer's computer. Security experts predict 2008 presidential election e-mails and phishing sites will continue throughout the year.

On Thursday in Symantec blog, researcher Kelly Conley writes that the e-mail … Read more

After months of lying and evading our questions, Comcast seems to have developed a love affair with the blogosphere. Is this an early Valentine's Day present for bloggers, or is the company up to its usual tricks?

Comcast has gotten into a bit of hot water with the Federal Communications Comission over its widely criticized anti-BitTorrent filtering. The FCC Chairman Kevin Martin announced the agency's plans to investigate Comcast last month, stating that "the question is going to arise: Are they reasonable network practices?" He added that "when they have reasonable network practices, they should … Read more

Update: This blog post has been modified since it was first published. Click here for more details, or scroll to the bottom to see the original text.

A pro-consumer, bipartisan data-breach bill was stripped of most its provisions before its feeble remains were finally passed by an Indiana Senate committee on Tuesday.

This came after two weeks of intensive lobbying by AT&T, Verizon, Microsoft, and LexisNexis, all of which wanted to kill the bill. For the most part, they were successful.

In a blog post last week, I explained how I had worked with my state Rep. Matt Pierce (D-Bloomington) … Read more

Microsoft on Tuesday released its February 2008 security bulletin, which includes 11 bulletins, six of which are deemed "critical" by Microsoft, while five are deemed "important." One bulletin, suggested in the advance notice posted Thursday, failed to be released Tuesday. A majority of the "critical" patches affect Microsoft Office, two critical patches include users of Office for Mac 2004, one affects Visual Basic 6.

The "important" patches are mostly Internet services-related. One patch is specific to the Windows Vista update, however, all the Windows Vista-related updates will be included with Windows Vista … Read more

Apple today released 11 security updates for Mac OS X, with many of the updates specific to the newly-released Leopard operating system. The Security Update 2008-001 is the first from Apple for 2008. The applications affected include Time Machine, Mail, and Parental Controls. The update can be downloaded and installed via Software Update preferences, or from Apple Downloads.

Directory Services This patch affects users of Mac OS X v10.4.11 and Mac OS X Server v10.4.11 and addresses the vulnerability in CVE-2007-0355. Apple says, "A stack buffer overflow exists in the Service Location Protocol (SLP) daemon, … Read more

Over the weekend, security vendor iDefense reported three specific exploits affecting a fully patched version of Adobe Acrobat and Reader 8.1 running on Windows. In each of the cases, the attacker would need to have the users open a specially crafted PDF file delivered via an e-mail attachment or linked from a Web site. In response, Adobe has released a security update, Adobe Acrobat and Reader 8.1.2.

The Adobe Reader and Acrobat JavaScript insecure method exposure vulnerability affects users of Adobe Reader 8.1 on Windows XP SP2 and is to be further detailed in CVE-2007-5663. According … Read more

With all of the attention that the Foreign Intelligence Surveillance Act (FISA) update (and the administration's vigorous attempts to immunize the criminals telcos), it seems like a good time to explore the issues surrounding surveillance and privacy in America today.

While there are so many scary things being done by intelligence and law enforcement, hope is not far away. Easy to use privacy technologies are upon us, and with them, comes a radical shift in the balance of power. As this article will explain, the scalable techniques with which the NSA, FBI and other agencies can spy on innocent … Read more