Early this week, Obama once again made a move that set certain circles a-buzzing. You might have heard of it already – he appointed a cybersecurity chief. President Obama picked Howard Schmidt, who already has a reputation for being good at what he does. He has vast experience both with the government and the IT industry.

This move is no less controversial than others. I guess it’s always like that when you’re a public figure. You can’t please everyone, and you’ll always have various opinions about what you do. According to Richard Waters of Financial Times, the news was welcomed by security experts. He writes:

The appointment of Howard Schmidt, an internet security veteran with experience in both industry and government, was greeted with relief among security experts, where the move was seen as a welcome outcome after a seven-month delay in filling the role.

Like other security industry experts, Mr Silva said that Mr Schmidt’s broad experience and personal contacts in both the public and private sectors would put him in a good position to make the most of the role.
The Computer and Communications Industry Association added that the new official will also be in a position to represent the administration’s position as momentum builds on Capitol Hill for legislation on cybersecurity.

Of course, there remains some skepticism as to just how effective the role will be. It’s not even the person that some are questioning – it is the office and the powers that are associated with it. What do you think?

Tags: Barack Obama, cybersecurity, Howard Schmidt, News

Categories: News, Real-World Issues

Leave a Comment

Not everyone hates worms – the natural kind, that is. I still remember classmates from grade school (even high school!) who grossed out everyone else by eating worms in their natural state. I am talking about a different kind of worm here, though; the kind that everyone hates; computer worms.

Pretty soon, we just might have ants on our side to combat the threat that worms pose year in and year out. Researchers in the field of IT security have been working on a project to combat worms, drawing their inspiration from the common ant. The Daily Tech tells the story:

Security researchers found inspiration in the common ant. Describes Wake Forest University Professor of Computer Science Errin Fulp, “In nature, we know that ants defend against threats very successfully. They can ramp up their defense rapidly, and then resume routine behavior quickly after an intruder has been stopped. We were trying to achieve that same framework in a computer system.”

WFU created digital “ants” — utilities that migrate from computer to computer over networks searching for threats. When one locates a threat, others congregate on it, using so-called “swarm intelligence”. The approach allows human researchers to quickly identify and quarantine dangerous files by watching the activity of the ants.

The implications are tremendous. Anti-virus software that is commonly used today usually take up a lot of resources, and make computers slow down. With this new technology, we just might see a whole new breed of anti-virus programs. While everything is in the research and development phase still, it does give us a bright future in terms of fighting malware!

Tags: antivirus, ants, it-security, Malware, worms

Categories: Malware, News

Leave a Comment

To date, Facebook is perhaps the most successful and widespread social networking site. It has transcended age and race, and practically everyone I know has an account. It has so much to offer, hence the amount of time that the average person spends on Facebook has skyrocketed in the past months. Even businesses and employers use Facebook to make their presence felt online!

But in spite of the allure and usefulness of Facebook, it does have some security issues. All the information that one enters can be accessed by the site AND its third party partners. With each application a user “allows,” his information is accessed, probably even shared with others. Unless a user changes the default privacy settings, practically anyone can access his information. This is something that not everyone really thinks about.

But the Canadian government found these issues important. In fact, the pressured Facebook to create some changes with regard to security. Thanks to them, several tweaks have been enacted. PCWorld featured this move and outlined the fixes.

One, Facebook had to fix the way applications access users data:

Apps will have to tell the user what information it wants and get express consent from the user beforehand. Information will be split into categories, which the user can check off before installing. Developers will also have to explain how that personal data will be used.

Two, what happens to a user’s information if he deactivates his account?

Users will be given an option to either deactivate or delete their accounts. Upon deactivation, they’ll be notified of the option to delete, and can elect to do so should they want all their data gone for good.

Three, what will happen to your account if you die?

Facebook will explain in its privacy policy what happens to an account after its owner passes away.

My thoughts – one and two are quite valid. Three, I am not so sure. You’ll be dead, why would you care? In any case, I wonder if Facebook will apply these fixes to the whole system or just for their Canadian users?

Tags: facebook, privacy settings, security, Social Networking, web sites

Categories: News, Privacy & Anonymity, Real-World Issues

Leave a Comment

From Internet Explorer to Mozilla Firefox to Google Chrome – that’s the path that many computer users have followed in the past years. Personally, I have stuck to Mozilla but I do use Chrome every now and then when I want things to go much faster. But did you know that Google’s streamlined browser has its share of security issues as well?

This is not really that surprising. After all, most any product you see in the market will be exploited by those who want to do so. In any case, Google has come out with updates to their browser, making it more secure for us users.

The most recent update for Google Chrome fixes some issues on how the browser handles Javascript and XML. For the Javascript engine, the fix makes sure that an infected web site will not allow malicious Javascript to run arbitrary code. You and I know very well that the phrase “run arbitrary code” simply translates to “install malware.” With this problem supposedly fixed, Chrome is definitely safer.

Another fix deals with the possibility of a web page using XML to, again, run arbitrary code. This happens when the malicious XML crashes a Chrome tab.

Last, the Chrome update will not allow you to connect to “HTTPS (SSL) sites whose certificates are signed using MD2 or MD4 hashing algorithms.” The reason for this is that these algorithms are prone to hacking and that it is relatively easy to pose as a fake HTTPS site.

For more detailed info, read it from Google’s own blog.

Photo courtesy of Ivan Zlatev

Categories: General, Google Chrome, Malware, News

Leave a Comment

This piece of news is not so good for Mozilla. It had to shut down the operations of its online store late on Tuesday because of an alarming finding. The fact is that the firm that Mozilla had hired to deal with their backend operations has suffered a security breach. Mozilla immediately issued a statement about the issue:

Today, Mozilla discovered that GatewayCDI, the third-party vendor entrusted to run the backend of the Mozilla Store, suffered a security breach. Once notified, we took the immediate preventative step of shutting down the Mozilla Store to ensure that no additional users could be compromised.

And just to be sure, the company immediately shut down the international version of their online store. While this was not really necessary since the international edition is being maintained by a separate company, Mozilla still shut it down as a precaution. As of this writing, there is no news yet as to the whether the security breach has been fixed. Indeed, Mozilla did not even really divulge details as to the nature and extent of the breach. I guess it is enough that they owned up to the issue and that they took immediate steps to stop the problem before it became serious.

And in case you were not aware of what Mozilla offers in its online store, this is where you can get T-shirts, coffee mugs, backpacks, mouse pads, and all sorts of other things that you can buy with the popular Mozilla logo prominently printed on them.

Moral of the story? Even one of the best IT companies in existence today is prone to hacking. Us “mortals” should learn from this.

Categories: Firefox, General, News

Leave a Comment

Last week, I found myself craving for Spam – the kind that you put in between two slices of nice white bread. The moment I checked my Inbox, though, my feeling towards spam – in general; food or e-mail related – changed drastically. For some reason, I keep getting these e-mails about Viagra and winning the lotto. And I am talking about my WORK e-mail here, not my personal e-mail! Seriously, I don’t understand why these people keep sending out these e-mails when everyone knows they’re SPAM and that they amount to NOTHING! No one pays attention to these e-mails, right?

Well, apparently, some people do! According to a survey conducted by Messaging Anti-Abuse Working Group, 1 out of 6 people in the United States and Canada respond to spam e-mails. I know, this is simply unbelievable, isn’t it?

In this day and age, why would anyone still fall for these scams? Haven’t we learned anything at all? No wonder that these scammers continue to send out their e-mails! I mean, just one or two people who respond to their bait might give them the profit that they are out for.

To be fair, the scammers are getting more and more creative. They also take advantage of the hottest things happening. For example, around the time of Michael Jackson’s death, there was an astronomical increase in e-mails about him – a lot of these were spam. Even those who are normally careful were lured into opening these e-mails and clicking away.

Bottom line: spam might be here for a while. Make sure you are careful and don’t be cocky (like me) – you never know what might hit you!

Categories: E-mail, Malware, News

1 Comment

The world of cyber-crime has grown so much in these past few years due to the explosion of growth with respect to the number of internet users the world over. It has not only expanded on the side of normal people but on the side of cyber-criminals who now operate on their own networks, spanning the globe and ready to spread their products, malicious code that first scans the globe for weak points in the security net that we all put up to somewhat give us a sense of security from the ever-growing threat which is actually futile to some extent. Read the rest of this entry »

Categories: General, IT Security Basics, Malware, Network Security, News, Real-World Issues, Security Policies

Leave a Comment

Yup, 46! That is one heck of a lot of security flaws, don’t you think? Considering that the iPhone is being used by a lot of people to go online, it seems quite irresponsible of Apple to release a product that has so many flaws. Still, that has not stopped people from buying the iPhone. Indeed, the major reason people do not get one is the price and not the existence of security flaws. In any case, the recent iPhone 3.0 update has fixed those flaws.

Of the 46, six of the security flaws involve CoreGraphics. Without the update, if a user views a maliciously coded image, the application he is using may terminate suddenly. Alternatively, it can lead to arbitrary code execution. What that can lead to, who knows? Another flaw involves opening and viewing PDF files. Apple provides the same result: either application termination or arbitrary code execution.

There is also a flaw with regard to the mail client. Without the update, remote images in HTML messages are automatically fetched and loaded. There is no option to turn off this feature. With the update, this potential security flaw has been fixed.

Meanwhile, Safari can now be totally wiped clean – history of visited web pages and searches together – by accessing the option in the Setting menu. Previously, only the history of web sites was removed, and the searches remained. Now, iPhone users can rest easy knowing that they’ve left no traces behind.

Of course, there are other features to the updates, many of them not solely related to security.

Categories: E-mail, News, Operating Systems, Privacy & Anonymity, Web browsers

Leave a Comment

Cool! But wait – Microsoft is giving away something for FREE? Am I dreaming? You better believe it, though. The software giant is jumping into the freeware fray with their latest security product. Dubbed Microsoft Security Essentials, the program is designed to detect, find, and kill malicious software that might find its way into your computers.

The beta version will be released next week. In the meantime, the company is continuing to develop the full version of the product, which is slated to be released in the fall. The security software is not going to be bundled with Windows 7, as this may provoke anti-trust issues, which Microsoft has had more than its share of. Still, critics have not been slow to point out that the description of the product is flawed and misleading.

David Cole of Symantec has stated that it is NOT an essential security solution. He also pointed out that users still need protection such as firewalls, spam fighters, and other features that are included in subscription products.

So what does Microsoft Security Essentials really offer? According to Theresa Burch, the program will try to spot malicious software, even if it is not part of the database of known threats. Once the suspicion of the software is aroused, it will first check with online servers before allowing the program to run. Users do not have to worry about the program interfering with trusted sources, however, as there will be a list of those, such as Google Toolbar.

I think I’ll see what it has to offer next week.

Categories: General, Malware, News, Spyware

Leave a Comment

One reason that some people prefer to use Macs over PCs is the fact that the former is considered to be far more superior to the latter when it comes to security. However, that does not mean that Macs are not totally immune to security issues. As a matter of fact, security experts recently warned Mac OS X users of a security flaw that involves Java.

CNET tells us all about it:

Macintosh security consulting firm SecureMac.com on Tuesday issued a critical warning for what it says is an unpatched Java security vulnerability in Apple’s Mac OS X.

According to the man credited with discovering it, Landon Fuller, the Java flaw even affects the latest version of Mac OS X, 10.5.7, released just a week ago. Fuller has gone so far as to release a proof of concept for the security hole.

The vulnerability could be used to perform what SecureMac refers to as “drive-by-downloads,” or the ability to infect a computer by simply visiting a Web page. Fuller explains that the flaw allows malicious code to run commands with the permissions of the current user.

While the fact that a security flaw is certainly acceptable, the fact that it has remain unpatched to date is hard to understand. It is even more perplexing as the flaw had been discovered before the latest update to the OS was released. Is Apple not aware of the flaw (I seriously doubt it) or are they not seeing it as a serious threat?

Categories: News, Operating Systems

Leave a Comment