security

Microsoft today released its August 2007 security bulletin, which includes nine updates: Six are designated as "critical" by the software giant and three are deemed "important." Two patches affect Microsoft products on the Mac, and one affects Windows Vista. All Microsoft security patches for Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.

MS07-042: CriticalTitled "Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)" this bulletin affects users of Microsoft XML Core Services in Windows 2000, Windows Server 2003, and Windows Vista; it … Read more

This post was updated at 7:30 AM PT on August 14 to include a statement from Facebook.

Recently we've seen a fair amount of scrutiny in the direction of Facebook, Silicon Valley's tabloid target of the moment, due to the social-networking site's potential for identity theft and security breaches. A few recent security glitches haven't helped. Now, IT security firm Sophos has released the results of its Facebook ID Probe, a test to see just how many users of the site--which claims more than 100,000 new users per day--are willing to divulge highly personal … Read more

Remember that old Reese's peanut butter cup ad? You got chocolate on my peanut butter. You got peanut butter on my chocolate. The obvious goal is to demonstrate how two distinct things can come together.

So it is with desktop security and operations. On Monday, Novell announced its acquisition of Senforce with the intent of integrating its endpoint security management and USB/Wireless security with Novell ZENworks system and resource management solutions. The thought there is that users want Reese's peanut butter cup solutions that blend desktop management (i.e. configuration, patch, software distribution, etc.) with security management (… Read more

Charles Miller is no stranger to Apple and its products.

In July, Miller and his colleagues at Independent Security Evaluators discovered the first known vulnerability within the Apple iPhone. They then worked with the Cupertino vendor to release a patch for the iPhone the day before the start of the annual Black Hat Briefings in Las Vegas earlier this month. But all that goodwill didn't stop Miller from talking about pending problems lurking deep within the Mac OS. "Macs," he said, "are as easy to hack as they are to use."

During a 20-minute talk … Read more

As of Saturday, it's a crime in Germany to build, sell, distribute or obtain so-called "hacking tools" designed to allow access to protected data or promote other illegal acts.

The intention of the lawmakers, who proposed the item last year and passed it in late May, was to crack down on attacks on government and private-sector computer systems. Penalties include prison sentences of up to 10 years and fines, IDG News Service reports.

But some security industry representatives are worried the law will actually make the nation less safe because they believe it'll be more difficult … Read more

One simply can't be too careful in this security-conscious age. You could, for example, have installed security cams, metal detectors and even a moat around your dwelling, but there's always the chance that you missed something. And for some reason, the idea of hiring security personnel to conduct body-cavity searches hasn't quite caught on for private residences.

Once again, we turn to technology for a reasonable compromise: Your very own X-ray scanner. Now you too can play TSA agent in the comfort of your own home while viewing this system's 17-inch LCD to inspect the contents … Read more

If you happened to visit the official Web site for United Nations Secretary-General Ban Ki-moon during the weekend, you may have found its signature list of news releases swapped for an antiwar message in red capital letters.

"Hacked By kerem125 M0sted and Gsy That is CyberProtest Hey Ysrail and Usa dont kill children and other people Peace for ever No war" was the line repeating itself over and over on the affected pages, according to published reports and screenshots taken by bloggers. The perpetrators appear to have used a well-known and highly preventable technique called SQL injection, which … Read more

I've been a member of the CLEAR program for almost a year now. CLEAR is a program for registered travelers that are "pre-screened for security and provided with a biometric card which allows them to pass through security faster, with more predictability and less hassle." Sounds good, right? Submit to a full cavity scan, a review of everything you've ever thought of doing in your life, and get through airport security faster? Sign me up!

Well, I did. I fly 125,000+ miles each year, and have done for nearly 10 years. Getting through an airport quickly is a big priority for me.

Today, however, was my first time actually using the program. That's because there are approximately two airports on the planet that participate in the program. (OK, I'm exaggerating - there are a whopping 11, but they're not airports most of us use on a regular basis.)

Even worse, the program seems to delay passage through security, rather than speeding it up.… Read more

Yet another security acquisition! On Thursday, RSA Security announced plans to acquire Tablus, a data leakage prevention (DLP) specialist, for an undisclosed amount.

Why the purchase? RSA is focused on data security, i.e. protecting the privacy, confidentiality, and integrity of the data itself rather than the IT infrastructure. RSA already has tools for encryption, key management and user access controls, while parent company EMC has content management and enterprise digital rights management. All of the existing stuff stores, manages or cloaks information. It doesn't prevent some sleazy user from saving the employee salary spreadsheet on a USB drive … Read more