Security

New York ponders Sony 'rootkit' suit

New York Attorney General Eliot Spitzer is reportedly looking into the prospect of legal action against record label Sony BMG Music Entertainment, as a result of that company's recent copy-protection fiasco.

For those keeping score at home, Sony distributed 4.7 million CDs that, when inserted into a computer's CD drive, installed so-called rootkit software aimed at limiting the number of copies of the CD that could be made. The software hid its presence thoroughly, while also opening up a dangerous set of security holes that could let virus writers take over PCs.

Sony stopped production of the … Read more

Browser developers plot against phishers

Developers working on four Web browsers met earlier this month to discuss how they can make surfing the Web safer.

The meeting in Toronto included security developers for Internet Explorer, Firefox, Opera and Konqueror, according to blog postings by several of the attendees. The meeting focused on combating phishing scams, which use phony Web sites to trick unsuspecting victims into giving up sensitive information.

Attendees talked about different ways of displaying secure and trusted sites in Web browsers and other measures to thwart phishers.

For example, the next version of IE will show the lock icon indicating a secured Web … Read more

Stolen Boeing laptop puts data of thousands at risk

A thief has made off with a notebook computer that held files with sensitive information on 161,000 current and former Boeing workers, the aircraft maker said in a statement Friday. The exposed data includes names and Social Security numbers and, for some people, birthdates and banking information.

"We are directly notifying every affected individual of what happened and have resources in place to provide information specific to each of them," Rick Stephens, a senior vice president of human resources and administration, said in the statement.

Law enforcement agencies have been called in to investigate how the laptop … Read more

Pssst, buddy: Got a kidney you wanna hock?

Spammers will try anything to get users to reply to their email pitches, including offers to buy body parts.

"Sell your organs online!" touts the subject header that spam receipts will find in their inbox. And in the message, it reads: "Please reply to this email if you want to make some cash selling your organs!," according to a warning issued Wednesday by SophosLabs.

In the world of supply and demand, it seems these spammers would find more interest among fellow organ buyers than sellers. But in the spam world, it's not a simple case … Read more

'Anti-spyware tools not yet up to snuff'

Major security vendors have entered the anti-spyware fray and the products are improving, but the technology to battle spyware and adware is not up to snuff, according to Wes Ames, computing security architect at The Boeing Co.

"I would say that we have reached a midlevel of maturity on adware and spyware, not on the countermeasures, mind you," Ames said in a presentation at the Computer Security Institute conference in Washington.

The products to battle the unwanted software are not in a mature state and buyers should be aware of that, he said. One pain point is spyware … Read more

Waiting for that Microsoft patch to arrive?

You're not alone.

Folks at the Internet Storm Center have received a couple of reports that users' automatic updates from Microsoft aren't delivering the security patch that was issued Tuesday.

As a result, these users have to manually install the patches and push them out to their constituency, which tends to be on the larger scale.

The problem has cropped up with companies that use Microsoft's update server that is typically installed on their own networks, said Johannes Ullrich, chief research officer for the Internet Storm Center. He added companies that have to push a patch out … Read more

Kofi Annan says U.N. won't "take over" the Internet

As a United Nations summit on the Internet next week in Tunisia nears, last-minute politicking is on the rise. On Thursday, for instance, tech companies held an event in Washington to back the Internet status quo.

Then, in an opinion article published in the Washington Post on Saturday, U.N. Secretary General Kofi Annan tried to play down worries about greater control of the Internet by an international bureaucratic body.

"The United Nations wants only to ensure the Internet's global reach, and that effort is at the heart of this summit," Annan said.

He added: "Governance … Read more

Digg temporarily downed by 'success'

Digg, a rising online technology news community that has been called a rival to Slashdot, went offline for about five hours on Friday. There was no attack, instead the servers succumbed to the site's success, according to Digg founder Kevin Rose.

"For any site that has that viral growth, it is a challenge to stay ahead of the growth," he said.

Instead of the typical lull in traffic on Friday, Digg.com was getting more visitors and was projected to hit 6 million pageviews, a record for a Friday, Rose said.

But the servers were overwhelmed with … Read more

Cisco hacker lands a job at Juniper

Michael Lynn has found a job at Juniper Networks, Cisco Systems' Silicon Valley rival.

Lynn was a security researcher at Internet Security Systems until this summer's Black Hat security confab in Las Vegas. He roiled the security community when, after quiting his position at ISS and in defiance of Cisco's protests, he demonstrated at Black Hat that it is possible to commandeer a Cisco router.

Following his presentation on July 27, Lynn displayed his resume to the audience and announced he was looking for a job. At the time he said that he had some offers, but at … Read more