Software Blog » Security Software

Symantec Tells Customers to Pull the Plug on pcAnywhere Following Code Theft

admin — Thu, 26 Jan 2012 20:13:32 +0000

Symantec is sounding the alarm for users of its pcAnywhere remote access software following threats from a hacker. In some cases, said the security software maker, they might want to turn off and disable the application entirely. The hacker, who goes by the handle “YamaTough,” might be a member of the hacker collective Anonymous. The hacker claimed last week to have released pcAnywhere source code to the wild, where it could be exploited by malicious hackers.

Google’s Native Client Makes Web Apps More Desktoppy

admin — Mon, 12 Dec 2011 19:05:19 +0000

Google showed off the results of its Native Client SDK at an in-house event recently, highlighting some of the ways early adopters such as Square Enix, Unity Technologies and Bungie have used the Web development technology. Google originally launched the Native Client SDK in beta toward the end of last summer in an effort to streamline Web-building abilities with compiled code into one easy-to-use browser. The company aims to simplify the jobs of developers by making it possible to run code natively in Chrome.

Dev Dumped After Laying Bare iOS Vulnerability

admin — Tue, 08 Nov 2011 19:52:34 +0000

Apple has reportedly banned noted hacker Charlie Miller from its developer program for a year, apparently in response to an app Miller wrote on the iTunes App Store that exploits a zero-day vulnerability he spotted in iOS. Miller did notify Apple of the flaw three weeks ago, the developer tweeted. His app, he said, was posted on the iTunes App Store in September, and the code in the app will only work for him, he asserted. Miller created a proof-of-concept application to demonstrate his security exploit and got Apple to approve it for uploading to the iTunes App Store.

The Cybersecurity Money Pit

admin — Tue, 08 Nov 2011 13:00:00 +0000

Despite the hundreds of millions of dollars the U.S. federal government spends on cybersecurity, it seems that shoestring-budget attackers are still often able to get a foot in the door. At a security colloquium in North Virginia on Monday, the Defense Advanced Research Projects Agency told reporters it’s losing ground in the battle to secure cyberspace. To remedy that, it’s seeking more funding and reaching out to hackers for help. DARPA’s new humility comes in the wake of a recent report to Congress that foreign spies are stealing American intellectual property.

Nook Goes Full Tablet

admin — Mon, 07 Nov 2011 20:09:53 +0000

Bookseller Barnes & Noble expanded on its Nook line of handheld devices and unveiled the Nook Tablet on Monday. The company also announced upgrades to its Nook Color, a device that was previously offered as its entry into the tablet market, and its Nook Simple Touch e-reader. The Nook Tablet, which is available for pre-order online and at the bookseller’s stores, is priced at $249 and is scheduled to ship by around Nov. 17. “When it comes to all consumer electronics across all segments, the sweet spot for the average selling price is $200 to $250,” ABI’s Michael Morgan said.

Nook Goes Full Tablet

admin — Mon, 07 Nov 2011 20:09:53 +0000

Microsoft Issues Fix to Keep Duqu at Bay

admin — Mon, 07 Nov 2011 14:00:00 +0000

Microsoft on Friday released a temporary fix for a Microsoft Word vulnerability that allows the Duqu worm to attack PCs. The flaw, in TrueType font parsing, could let an attacker run arbitrary code in kernel mode, installing programs; view, change or delete data; or create new accounts with full user rights, Microsoft said. The vendor stated that it’s aware of targeted attacks that try to use the vulnerability, but there hasn’t been much impact on Windows users so far. “It’s important to note that the associated risk is minimal for the public,” Microsoft’s Jerry Bryant said.

Gates, Palmisano or Branson for President

admin — Mon, 24 Oct 2011 07:00:00 +0000

With the U.S. elections ramping up and IBM’s 100-year anniversary event in New York focusing like a laser on what makes a good leader, I’m finding it hard not to compare both the incumbent and Republican challengers to the top leaders in technology and find them wanting. I’m starting to wonder if the problem that the U.S. and most democratic countries have is lack of a clear definition of what is needed in a leader — and that is why incumbents struggle with priorities, and challengers appear to be all over the map, and rise and fall with the sound bite.

Smart Devices, Dumb Security?

admin — Thu, 22 Sep 2011 07:00:00 +0000

Right now, you can buy a car that you can unlock by just touching the door handle. No need to struggle with key fobs or keys. Known by various names, including “Keyless Go” and “Smart Key,” this feature is available for a cool grand or so as an option on various cars, including the Mercedes-Benz S-Class, E-Class and SL-Class; the Cadillac STS; and the Nissan Infiniti M. On the home front, you can today get smart home appliances that connect to your smart meter — if you’ve already got one — and turn themselves on only during off-peak hours when electricity costs less.

Wrapping Personal Devices and Critical Data in Stale Policies

admin — Wed, 21 Sep 2011 07:00:00 +0000

It’s a myth that ostriches bury their heads when they spot danger. It sounds plausible, but in reality, they’re just like us: In the face of imminent danger, they either run or attack. This makes sense when you stop to think about it. After all, one thing that seems almost painfully obvious is that ignoring signs of danger isn’t an effective defense strategy. In a high-stakes situation, ignorance isn’t an evolutionarily productive strategy. Successful ostriches are more likely to live by taking evasive action.

The Swift Erosion of Online Trust

admin — Tue, 13 Sep 2011 07:00:00 +0000

The break-in and theft of security certificates from a Dutch authority brought home, once again, how vulnerable Web browsers can be to hackers pretending to be who they’re not.
The authority, DigiNotar, is one of many that issue security certificates for websites. The digital certificates tell a browser to “trust” content coming from a certain site. Certificates for such sites are preloaded into most browsers. If something goes awry at the certificate issuing authority, browser makers usually need to patch their products to address the problem. That can open a window of opportunity for certificate thieves.

Reining In Mobile Security Mayhem

admin — Tue, 16 Aug 2011 07:00:00 +0000

Two papers on mobile security were presented at the 20th USENIX Security Symposium, held in San Francisco recently. Both touch on mobile security, a topic that’s become increasingly hot lately as security vendors warn that this may well be the year of the mobile hack. Other security issues include the launching of security products and updates in the mobile and wireline areas, as well as Patch Tuesday, which occurred just this past week. One of the papers presented at the USENIX conference was “Security Fusion: A New Security Architecture for Resource-Constrained Environments.”

Why Do Email Links Feel So Right When They Do Such Wrong?

admin — Wed, 20 Jul 2011 07:00:00 +0000

For years, security vendors have warned users to be careful about unsolicited emails. Clicking on embedded links in these emails, they say, could be dangerous, as could opening attachments that come with them. That includes emails purporting to be from couriers such as DHL and UPS, which could in fact come from malicious hackers and have attachments that are actually malware. In June, malware found in some of these attachments was a variant of the Kryptik Trojan, AppRiver warned.

New Botnet: The Horror of the Many-Headed Hydra

admin — Fri, 01 Jul 2011 07:00:00 +0000

A new malware package is running wild on the Internet, according to Kaspersky Labs, and its creators are attempting to create an indestructible herd of zombified machines. The botnet has been dubbed “TDL-4,” which Kaspersky describes as “the most sophisticated threat today.” The creators use the same methods as legitimate Web-based businesses to spread — they pay affiliates to install the malware. TDL-4 protects itself from detection, wipes out the competition, loads lots of other malware packages into victims’ computers and leverages the Kad open source public peer to peer network.

HP vs. Oracle: A Perspective on an Ugly Divorce

admin — Mon, 20 Jun 2011 07:00:00 +0000

I know a lot of folks are struggling with what is going on between HP and Oracle, and I think I have an analogy that works. Imagine, if you will, what appears to be the perfect couple. They like similar things, and they each have skills that complement the other’s. He is a great writer — she is a great editor; he likes training dogs — she likes caring for them; on the tennis court, he plays great well back — she is excellent at the net. In other words, they are more than a couple. They are a team.

Internet Explorer Flaw Lets Hackers Into the Cookie Jar

admin — Fri, 27 May 2011 07:00:00 +0000

Italian security researcher Rosario Valotta has discovered a new way for hackers to steal their victims’ online credentials — stealing the session cookies from whatever site a victim is visiting. The stolen cookies can then be used to get victims’ computers to download malware, forge clicks or send messages, according to Valotta’s website. The attack, which Valotta dubbed “cookiejacking,” works on all versions of Internet Explorer across all versions of the Windows operating system, the researcher contends.

RSA Break-In Leaves SecurID Users Sweating Bullets

admin — Fri, 18 Mar 2011 14:20:17 +0000

Hackers have broken into and stolen information from RSA’s systems, a move that may have seriously reduced the security firm’s street cred. RSA is the sponsor of a major security conference bearing its name. The gathering attracts the creme de la creme of the IT industry as well as government bigwigs such as United States Deputy Secretary of Defense William Lynn III and former U.S. Secretary of Homeland Security Michael Chertoff. The company has been promoting its two-factor authentication feature, SecurID, as a secure solution.

Chasing the Night Dragon in Big-Energy IT

admin — Mon, 14 Feb 2011 08:00:00 +0000

Cybercrime has evolved into a professional activity, one example of which is a large-scale attack McAfee CTO George Kurtz has dubbed “Night Dragon” in a recent blog post. The activity is described as a series of largely unsophisticated cyberattacks targeting energy companies and going back as far as four years. The hackers appear to be based in China, McAfee claimed, citing the IP addresses from which the attacks were launched as well as tools and techniques used as evidence.

FBI Nabs Alleged iPad Who’s-Who Leakers

admin — Wed, 19 Jan 2011 12:39:18 +0000

Two men who allegedly broke into AT&T’s computer systems and stole the email addresses of early iPad owners were arrested Tuesday by the Federal Bureau of Investigation. The break-in made headlines last summer because some of the 114,000 email addresses were subsequently published by the gossip website Gawker and contained some high-profile names, including New York Mayor Michael Bloomberg and former White House Chief of Staff Rahm Emanuel. Andrew Auernheimer, 25, of Fayetteville, Ark., and Daniel Spitler, 26, of San Francisco were taken into custody Tuesday.

Two Top Tools for Cracking the PDF Nut

admin — Wed, 06 Oct 2010 07:00:00 +0000

One of the hallmarks of using the Linux operating system is the ability to choose. The choices do not end with opting not to use Microsoft Windows or Mac OS X and instead choosing from among dozens of Linux distros. You also get the freedom to decide which individual software tools and applications are the best fit for your daily routine. All software is not the same. So do not assume that one PDF file viewer is no better than another. Two PDF viewing tools that deserve your consideration are Evince and Okular. Each offers features not found in more basic lightweight PDF viewing options.