security

A recent report documenting computer scientists' ability to hack into voting machines certified for use in the state of California has already begun reverberating on Capitol Hill.

Sen. Dianne Feinstein (D-Calif.), who happens to be one of the chief sponsors of a bill that would prohibit paperless voting machines by the 2010 federal elections, says she plans to hold a hearing in September on the report in the Senate Committee on Rules and Administration, which she leads. The politicians are expected to break for the summer at the end of this week.

In a statement Tuesday, Feinstein expressed dismay at &… Read more

Mozilla released on Tuesday an update to Firefox 2 that patches the Mozilla side of a flaw shared with Microsoft Internet Explorer.

The update, Firefox 2.0.0.6, also patches a privilege escalation vulnerability.

Current users of Firefox 2 will receive an update notice. Others can download it from the Mozilla site.

Researcher Jesper Johansson noted that Firefox did not percent-encode spaces and double-quotes in URIs (uniform resource identifiers) handed off to external programs. That means the receiving program could interpret a single URI as multiple arguments. For example, when running Firefox on Windows XP with IE7 installed, URIs … Read more

Forgive me if this isn't some major news flash, but let's document it for posterity anyway: University of California computer scientists have recently shown it's possible to carry out a bevy of hacks on electronic voting machines currently certified for use in the Golden State.

In reports released late last week, the researchers chronicle their five-week endeavor, at the request of California Secretary of State Debra Bowen, to exploit examine machines made by Hart InterCivic, Sequoia Voting Systems and Diebold. The same models are also in use in many other states, according to a database compiled by the Election Reform Information Project. … Read more

It was random, but out of several foreign researchers planning to attend the annual Black Hat security conference in Las Vegas this week, Thomas Dullien (better known as "Halvar Flake") was denied access at the border. Dullien happened to enter the United States amid heightened security among airport screeners at the Detroit airport. Dullien reportedly told Black Hat officials that as he was boarding the plane back to Germany, a screener mentioned Detroit was experiencing a crackdown following an episode earlier at that airport. That's the speculation on the day after Dullien's security class for the … Read more

Expanding on its consumer-software-as-a-service efforts, Trend Micro announced on Sunday SecureCloud for small and midsize businesses and the enterprise market. The idea is to provide clients with a range of services without requiring them to install software.

Services available include e-mail reputation, e-mail hosting, and botnet ID service. The latter will allow ISPs to filter command and control messages sent by customer's compromised machines. One feature on the site is an IP reputation search; type in an IP address and Trend Micro will tell you whether the address can be trusted.

At present only two servers in the U.… Read more

German researcher Thomas Dullien (better known as "Halvar Flake") says he was denied entry to the United States on Sunday because he was planning to attend the Black Hat security conference as a private citizen, and thus subject to H-1B visa regulations.

As Halvar Flake, Dullien previously attended or presented at the Black Hat USA conference over the last seven years and never had a problem, he wrote in a personal blog about Sunday's incident.

Dullien was scheduled to teach a training course called "Analyzing Software for Security Vulnerabilities" on Monday and Tuesday. Billed as … Read more

Earlier this week, security company Secunia released a beta version of a new, free tool that scans all of your installed applications and analyzes their security patch statuses. The Secunia Personal Software Inspector evaluates all of the installed programs on your computer and compares them to a list of over 4,200 software programs.

After the scan is complete, Secunia PSI will categorize each program as "Up-To-Date" (everything is OK), "Insecure" (you've got an outdated version), or "End-of-Life" (your version is no longer supported). The results table presents the name and version number of your install app; each--when clicked--takes you to a page that gives more information about that program.… Read more

Judging from recent events in Washington concerning peer-to-peer file-sharing software and allegations that it threatens national security, there's some doubt about Congressional competency in creating sound policy governing a technology they may not thoroughly understand. Following up on the scads of readers who responded to recent coverage of Senators seeming to blame security problems on P2P sites, CNET News.com editors decided it was time to get down to business and clarify the issue at hand, in case it wasn't plain enough: Is Congress really clueless about the relationship between P2P and national security?

CNET News.com writers Anne Broache and Declan McCullagh Wednesday produced a piece of Capitol Hill reporting whose central subject is a recent legislative gambit regarding peer-to-peer file-sharing applications.

"Politicians call peer-to-peer networks a 'national security threat' because they enable federal employees to accidentally share sensitive or classified documents."

The subject has been burning up blogwaves and comments sections all over the Web.

The general consensus among network geeks, security pundits and other observers seems to be that the U.S. Government should be way more cautious in their internal security practices and not try to pin the … Read more