Security

UPDATE: On Wednesday afternoon, eEye said its patch had now been downloaded 70,000 times.

eEye Digital Security's unofficial fix for a high-profile Internet Explorer flaw is proving popular. The patch has been downloaded about 34,000 times since it was released on Monday, the company said Tuesday.

eEye only knows the number of downloads; the company can't track how many times the patch has actually been installed. "If they knew when it gets installed, it would be considered spyware," a representative from eEye's public relations agency said in an e-mail.

The eEye fix is … Read more

The Associated Press reported this weekend that a San Francisco-based Internet marketing firm said it would pay a $900,000 fine for violating federal anti-spam laws.

I'm not sure if you were duped by Jumpstart Technologies, but I was one of its addle-brained victims. And let me tell you--I'm forwarding this blog to at least five of my friends in hopes of earning their forgiveness for dragging their e-mail addresses into the spam-a-thon.

Jumpstart offered a too-good-to-be-true deal: free movie tickets in exchange for friends' e-mail addresses. I knew there might be some spam, actually, in exchange for … Read more

According to the Associated Press, "Spam King" and online drugstore operator Christopher William Smith, aka Rizler, was caught conspiring by phone from his jail cell to have a prosecution witness killed, as he awaits trial on charges of illegally selling prescription drugs over the Internet and phone.

Smith was indicted this week on one count of conspiracy to tamper with a witness and one count of endeavoring to obstruct justice, the AP said.

The AP reported that the indictment says Smith's phone call to an acquaintance from inside a jail in Elk River, Minn., was recorded by … Read more

The Pentagon has pulled from its Web site a February report that faulted the Missile Defense Agency and its primary contractor, Boeing, for serious cybersecurity risks in several components of its ground-based defense systems.

A recent story in Government Computer Week reported on the document and its findings. Among the obsevations noted by the Defense Department's Office of Inspector General, which conducted the audit, were the agency's failure to require individual passwords for access to its communications network, make use of a real-time, automated audit log, and establish a formal contingency plan in the event of a disaster. … Read more

Apple Computer might think it has all its security ducks in a row, but the truth is far from it, at least according to Stephen Toulouse, a program manager in Microsoft's Security Response Center.

In several postings on his personal blog, Toulouse critiques Apple's security coordination and communications. He compares it with Microsoft's efforts, of which he is a major part.

"Apple needs a public face of security to communicate guidance," Toulouse writes. He cites a Business Week article in which an Apple representative says everybody at the company cares about security, so there is … Read more

What's the best way to rattle employees who are more inclined to nod off during information security training sessions than to absorb tips for keeping their machines safe?

Show them just how vulnerable they may be, speakers suggested Tuesday at a meeting of the Federal Information Systems Security Educators' Association (FISSEA) just outside Washington, D.C.

Nanette Poulios, director of the information assurance program at Walsh College in Michigan, said she often sets up a PC in the back of the training room during security workshops and asks participants to enter a username and password of their choice to, … Read more

Nobody, it seems, is fond of credit agencies. They sell your data to thousands of people who subsequently bombard you with junk mail. Data selling can also lead to fraud.

"The three credit agencies sell data for fraudulent purposes. They don't know they are doing it. The problem is that they want to maximize revenue," said Scott Mitic, co-founder of TrustedID, said at PC Forum, taking place this week in Carlsbad, Calif. "ID theft costs the U.S. economy, depending on the statistics, $20 (billion), $30 (billion), $40 billion dollars a year."

TrustedID is trying … Read more

Microsoft employees are getting another security reality check this week. The software maker is hosting its third "Blue Hat" event, where hackers demonstrate flaws in Microsoft's product security.

A year ago, Microsoft invited several hackers to its Redmond, Wash., headquarters for the first time. That get-together was such a success that Microsoft decided to host such events twice a year. The second Blue Hat was last fall.

"It had a huge benefit to our developers," Stephen Toulouse, a program manager in Microsoft's security unit, told CNET News.com last year. The event gives executives … Read more

A theft of two laptop computers has put a "significant number" of Verizon Communications' employees at risk of having their identities stolen, the company said Wednesday.

The computers were pilfered from a company facility and may contain important personal information, such as Social Security numbers, according to a report in The Wall Street Journal. Verizon executives told employees in a March 1 letter that the theft appears to be "a random criminal act" and that the laptops were password-protected, according to the Journal.

Verizon executives told the Journal that both current and former employees could be … Read more