One reason that some people prefer to use Macs over PCs is the fact that the former is considered to be far more superior to the latter when it comes to security. However, that does not mean that Macs are not totally immune to security issues. As a matter of fact, security experts recently warned Mac OS X users of a security flaw that involves Java.

CNET tells us all about it:

Macintosh security consulting firm SecureMac.com on Tuesday issued a critical warning for what it says is an unpatched Java security vulnerability in Apple’s Mac OS X.

According to the man credited with discovering it, Landon Fuller, the Java flaw even affects the latest version of Mac OS X, 10.5.7, released just a week ago. Fuller has gone so far as to release a proof of concept for the security hole.

The vulnerability could be used to perform what SecureMac refers to as “drive-by-downloads,” or the ability to infect a computer by simply visiting a Web page. Fuller explains that the flaw allows malicious code to run commands with the permissions of the current user.

While the fact that a security flaw is certainly acceptable, the fact that it has remain unpatched to date is hard to understand. It is even more perplexing as the flaw had been discovered before the latest update to the OS was released. Is Apple not aware of the flaw (I seriously doubt it) or are they not seeing it as a serious threat?

Categories: News, Operating Systems

Leave a Comment

If you have not heard, the RSA 2009 security conference was held in San Francisco in the past week. This conference is a significant one in the industry, and even more so now since we have been facing many different and new threats cropping up here and there. This year, however, what I have been reading about the RSA is not that good. A lot of people are saying that it came a little flat.

John Oltsik of CNET blames the economy for this. He also points out three other reasons:

1.The speakers. The keynote speakers really had nothing new to say. This was especially troubling because the lineup looked so strong. Unfortunately, the most disappointing speaker of all was President Obama’s cybersecurity point person, Melissa Hathaway, who read from a script and said next to nothing about her cybersecurity research effort. Hathaway underwhelmed an audience of security professionals, missing an opportunity to bond with a constituency whose support is critical to her success.

2. The topics. In the past, there was always one topic at RSA that grabbed everyone’s attention. Not this year–same old tired stuff.

3. The vendors. I’m now convinced that most security vendors have no conception of what their customers need. Vendors pitch point technology solutions while users are crying for help to secure their IT-based business processes. There are really only a few security vendors that recognize this. I can’t overstate how much this disconnect alienates the security community.

It is pretty depressing, isn’t it? Do you have other perspectives that might give us more positive views?

Categories: General, News, Security Policies

Leave a Comment

If you remember, everyone was up in arms about April 1. This was supposed to be the day that the third version of the Conficker worm was to be released. It’s been several days since April Fools and it seems that nothing big happened. (Knock on wood.)

So what’s up with the Conficker worm? Is it’s reign over? Can we sit back and relax now? According to PC World, no one really knows. They just published a story on it yesterday and here is what they have to say:

But nobody knows for sure what Conficker can accomplish. However, at the time of this writing no Conficker-related catastrophes have surfaced and some think the threat never will. So as attention shifts away from Conficker, it’s important to know where we stand against the world’s most famous piece of malware.

While nothing has happened in the last week, we should not forget that the other 2 versions of the worm is still out there. And if your computer is not protected, you are still a sitting duck.

One thing that I recently learned, you can still access the security patch for the worm even if your operating system is not the real deal (READ: pirated). Data shows that the highest densities of Conficker infections are in areas which have pirated software. And while no one condoning the use of illegal software, “pirates” can still download the security patch directly from Microsoft. So while we don’t know what’s going on with Conficker, we should still be careful.

Categories: Malware, News, Operating Systems

Leave a Comment

Seems everybody is out for cheap deals on just about everything and who wouldn’t be in this recession where cash is hard to come by and jobs are being shed by the thousands. Now, there are truly some honest cell phone deals out there but you have to be sure you’re getting the right stuff. Having the latest phone gadget might be one thing but keeping that new phone secure from hacks is another. Sure you can get it cheap from the internet but how sure are you you’re getting the real stuff.
Criminals are becoming craftier than ever and they have even managed to copy branded products complete with all the security stickers and holographic security seals with them. They can also be pre-loaded with malware for the amount of computing power they pack is enough to emulate an ultraportable, in function that is. Just how dangerous are these hacking attempts, for mobile devices using Windows very dangerous for there is a group bent on exacting damage on the software giant.
ensuring you have the latest updates to your operating system is vital to maintaining your ability to fend off attacks. Having intrusion prevention systems installed is also a good thing for like your PC, they also need protection. Given the power of these gadgets and their ability to connect to the internet, they are not immune to attack. Let’s set this as an example, an unprotected PC connected to the internet for the first time will last an average of 15 minutes before it is hacked and compromised. Now you do the math for your mobile!

Categories: Cryptography, E-mail, General, IM, IT Security Basics, Malware, News, Privacy & Anonymity, Real-World Issues, Spyware, Tips, Web browsers, Wireless Security

Leave a Comment

Who said that Obama does not have a techie side to him? If reports earlier this month are to be believed, the newbie President is not ignoring the importance of cyber space. Iain Thomson of Vnunet.com had this report early this month:

US president Barack Obama has ordered an immediate 60-day review of the online security of government IT systems to check for vulnerabilities.

“The national security and economic health of the US depend on the security, stability and integrity of our nation’s cyber space, both in the public and private sectors,” said John Brennan, assistant to the president for counter-terrorism and homeland security.

First thoughts…this is wonderful; this coming from the head of the country, it should be a good sign. However, I was thinking about the 60-day limit – would this be enough? More so, are the intelligence arms going to be part of this review? I doubt that the CIA, the FBI, and the NSA will allow anyone to take a look into their systems. Maybe the review is just for the less sensitive government agencies. Who knows?
In any case, I was just thinking of those people who love hacking systems to get credit card numbers, bank account numbers, and the like. Those days will probably be gone pretty soon, don’t you think?

Categories: Malware, Network Security, News, Privacy & Anonymity, Real-World Issues, Security Policies

Leave a Comment

Ever since Mozilla came into the picture, I have not been using Internet Explorer. I am sure that I am not alone in this – I have heard so many IE to Mozilla stories in the past years. With the release of Internet Explorer 8, however, some people might start to reconsider. Indeed, Microsoft is touting IE 8 to be its most secure web browser ever. (That’s not saying much, is it?)

Anyway, why should anyone want to use IE8? PC World has a write up on it and this is what they have to say about the security features:

Microsoft touts IE 8 as its most secure browser to date, and Microsoft has indeed added a good number of security features to the mix, ranging from phishing detection to private browsing, plus a new feature to prevent clickjacking, an emerging data theft threat.

IE 8 RC1 includes two security features under the ‘InPrivate’ label: InPrivate Browsing and InPrivate Filtering. Both existed in earlier prerelease versions of IE 8, but IE 8 RC1 lets you use the two features separately, whereas before each relied on the other.

That’s sounding good to me but is that all there is? Apparently not. Another feature that looks interesting is the Private Browsing feature, which is already being enjoyed by Safari users. IE8 also has InPrivate Filtering, which will prevent web sites from gathering data about other web sites that you got to. There seems to be more to it, though. Maybe we should give it a try and see what Microsoft has to offer this time?

Categories: News, Web browsers

Leave a Comment

It used to be that when one was using a Mac, there was absolutely no fear of being invaded by viruses and other malware. Indeed, this was one of the things that Mac users were most proud of. Aside from being cool, Mac products were basically impenetrable in this respect.

Well, those days are gone as early in this year, someone was able to create malware AND dupe people into downloading it into their Macs. I am sure that you heard or read about this – the news was splashed all over countless web sites. Just how many people have been affected? The Apple Blog has the details:

According to Intego’s numbers, more than 20,000 people have downloaded the affected file, a number which also says something about Apple’s ability (or desire?) to curb piracy of its proprietary software. Instructions on how to rid your computer of the virus in case you are among that unlucky 20,000 can be found here, but they can’t take away your shame.

This was only the beginning though – here’s more:

This week, another round of infections has appeared, this time targeting a different, but similar group of pirates. The victims are users who downloaded a pirated copy of Adobe’s popular photo editing program, Photoshop CS4. Again, the people responsible for finding and broadcasting the existence of the trojan are Intego. This one is aptly dubbed “OSX.Trojan.iServices.B”, and actually comes from the serial generator that packages with the Photoshop installer, and not the installer itself. The CS4 trojan presents the same risks as the iWork ‘09 version. Intego reports 5,000 downloads to date.

They just wouldn’t learn, would they? I am sorry but I can’t help but chuckle. No one would have this problem if only they didn’t try to download the ILLEGAL copy of iWork. I am not going to say anything more.

Categories: Malware, News, Real-World Issues

Leave a Comment

Hackers in the modern day can really be a problem. But if you talk about money being involved (which is usually the case) breaching a supposedly secure IT infrastructure is bound to get a lot of attention.

It is in these cases where you have to wonder, do you credit the intelligence of these people or curse them for being able to breach such confidential systems. The $50,000 dollars that they got was no joke and these days, that money can go a long way. A recourse stemming from the hard times perhaps?

Police said a hacker, possibly with international connections, succeeded in planting a keystroke logger onto the computer of Sandwich, Mass., Treasurer Craig Mayen, and was able to watch while he entered his security password, The Boston Globe reported Wednesday.

You have to hand it to these people. In times where money is hard to come by, hitting a town treasury is certainly an accomplishment for them. However, it also means that you are liable for crime and lawsuits especially if you get caught. At the moment, the only lead to it all is a Florida man who said he was wired money to open the accounts reportedly from Russia. A Russian hacker? It can make sense.

Source

Tags: hacker, russia, sandwich, treasury

Categories: Network Security, News, Real-World Issues

Leave a Comment

What drives a potential developer to come up with their own anti-spyware software? Well for sure, it is the part where he would experience such a inconvenience and apparently for Blue Penguin Software founder Carl Haugen, this lead to the development of SpyZooka.

SpyZooka guarantees 100% removal of spyware, adware, Trojan horses, hijackers, botnets and other malware threatening the security of your computer. SpyZooka will accomplish this in an astoundingly fast 24 hours! Blue Penguin backs up this guarantee with solid results, round the clock technical support and a string of satisfied customers.

The success of SpyZooka has been quiet since 2004. In fact, SpyZooka was not even among the top anti-spyware software that we would come across the web. But regardless, SpyZooka is not a hoax or pushover. It has even gotten a number of prestigious awards including Wugnet’s Shareware Hall of Fame and Tucows five cows.

So how is this new software reliable? Well for one, it covers most of the hazards of the web today including Trojans, spyware, adware hijackers and botnets. Much of these malicious things reside on the web and on some websites that we rarely notice. So if that were the case, we need protection especially now that people are at fever-pitch attachment towards using the web for various purposes such as browsing or sending a simple email.

If you are in the market and want a reliable software to help you out, check SpyZooka out. It can make a difference and perhaps resolve problems faster than other spyware annihilators available today.

Source

Tags: Malware, spyzooka, trojans

Categories: Malware, Network Security, News, Spyware

1 Comment

All companies today are becoming wiser, some are practically afraid to invest. But if there is an industry that is far from slowing down in acquiring companies with promise, it has to be the IT security companies.

They are similar companies for sure but the fact remains that their losses are not based on client only. They make use of cyberspace methods, online marketing and transactions that can be done through the use of technology. While they may operate in the same way that the standard company would, it is a fact that they have other means of getting over the financial humps we have today.

While many people are looking for security means as far as finances and revenue is concerned, big name companies such as Symantec are still lucrative investments to behold. For one, Symantec corporation has been on the prowl for potential companies that show promise, needing only some tweaks to provide integrated solutions and as a form of branching as far as business security solutions and others are concerned.

“If you look at the things that are going on in the market today, there’s some things that businesses can’t afford to go too light on given the exposure that they have,” said Scott Crawford, an analyst with Enterprise Management Associates (EMA). “Businesses are already taking a pretty solid hit in terms of mismanaged business risk. They can ill-afford additional exposure to security and related IT risks.”

Source

Tags: acquisitions, economy, mergers, symantec

Categories: News, Real-World Issues

1 Comment