security

Reading the HP security-acquisition tea leaves

While IBM jumped into security with the acquisition of companies such as Consul, Internet Security Systems, Micromuse and Watchfire, Hewlett-Packard sat on the sidelines. This week, HP grabbed SPI Dynamics, an application security play that started a "who will HP buy next?" buzz on the mergers-and-acquisitions grapevine.

Yes, I've heard the rumors about McAfee and Symantec, but I don't believe them. McAfee is too deep into the desktop, an area that HP has continuously shied away from. Symantec has roots in desktop security as well and would also be a big pill to swallow. The debate … Read more

Microsoft's audacity at its best: "Our software is less of a security risk than Linux, Mac OS X"

Wow. Sometimes, you read things like this and you wonder if Microsoft employees inhabit the same universe. Apparently, they haven't been following the rampant, constant security holes discovered and exploited in Windows over the past decade. Instead, they try to spin data in their favor to try to convince people that, in fact, Windows is more secure than Linux (and now OS X, which is a bit surprising since I had exactly zero security breaches in the last five years of running OS X - that's "zero" as in "none").

A Microsoft executive has claimed that Windows users faced fewer days of security risks on average last year than users of rival operating systems from Apple, Novell, Red Hat and Sun.… Read more

Malware knocks Defense Department e-mail offline

According to the Associated Press, the US Defense Department took 1,500 computers offline as the result of a cyber attack. No additional information about the event was provided. Defense Secretary Robert Gates said the attack happened sometime yesterday and that e-mail systems were expected to be back online later today.

Gate said during a press conference on the matter: "We obviously have redundant systems in place. ... There will be some administrative disruptions and personal inconveniences." When asked if he, personally, had been inconvenienced, Gates replied that he's a very low tech person. "I don't … Read more

I'M IN UR APPLE TV, WATCHIN UR VIDZ

The Macalope doesn't own one because it's hard to operate that little remote with his massive hooves, but Apple TV owners should be aware that Apple recently patched a potentially exploitable flaw in its eponymous set top box.

Tip o' the antlers to ISFYM which provides a humorous footnote.

Ironically, the problem is in a protocol called UPnP, originally developed by, of all companies, Microsoft. Figures.

Now, now.

Apple releases Mac OS X 10.4.10 with security update

Apple today announced Mac OS X 10.4.10 along with a new security update. The updated version 10.4.10 includes fixes for Bluetooth and USB connections, plus several minor enhancements of the operating system. The security update, the sixth in what appears to be a monthly release cycle for 2007, addresses a vulnerability in the IPv6 networking protocol. It affects users of Mac OS X 10.4 and later, and is available from within Mac OS X via the Software Update pane in System Preferences, or from Apple's software downloads page.

Patch for Networking This patch affects … Read more

Apple issues Apple TV security fix

Apple today issued an update for its Apple TV device. The update fixes the mDNSResponder buffer overflow vulnerability, CVE-2007-2386. This vulnerability was patched last month in Security Update 2007-05 for desktop and laptop users of Apple Mac OS X 10.4 up to 10.4.9.

The Apple TV device will automatically pick up this update during its weekly schedule. Depending on the day that your Apple TV device checks for updates, this process may take up to a week to complete. Should you want the update sooner, it is also possible to force a manual update by using the … Read more

PHP exploit code plants itself in GIF

Security researchers on Tuesday found PHP exploit code embedded in a GIF on a major image hosting site. The exploit code slipped through the proverbial gates with the aid of a legitimate image at the beginning of the file, according to a posting on the Sans Internet Storm Center.

"It is a clever way to pass exploit code to others without it setting off alarms or attracting attention all while bypassing network security tools," the Sans security blog noted.

Malicious attackers planted PHP coded exploit script within an image file. PHP is often used as a programming language … Read more

Let's do this thing

Well, the Macalope's faithful and well-groomed readers know that he doesn't suffer silly punditry lightly. And this may be only his second post over at his new digs (hey, did you check out the fussball table?!), but let's see if he's become a domesticated animal or if he still rolls the way he used to.

Before linking to the piece in question, let's take a look at a quote.

Apple excels in creative and innovative marketing. Often it's what they don't tell you that creates the most buzz. For example, we know next … Read more

Report: French officials skirt BlackBerry limits

Apparently even dire warnings about the threat of snooping by American spies aren't enough to keep some top French government officials from nursing CrackBerry addictions on the sly.

According to a report to be published in Wednesday's edition of the French newspaper Le Monde, bureaucrats continue to lament--and in some cases, quietly ignore--a warning dispatched 18 months ago from the head of France's national defense agency. Reissued recently, the notice reportedly bars certain categories of government officials from using their Research in Motion BlackBerries to circulate sensitive government information.

French security officials are still working on finding … Read more