Security

Security demo hacked at confab

Demofall HUNTINGTON BEACH, Calif.--Nand Mulchandani knows from network security. His company, Redwood City, Calif.-based Determina, makes a piece of software called the "Vulnerability Protection Suite," which is designed to defend "networks from malware that exploits their most common security vulnerabilities."

In other words, the package keeps the bad guys off Determina's clients' networks and makes it safe for those clients to connect their networks to the Internet.

And that's a good thing. After all, said Mulchandani, Determina's vice president of marketing and business development, "The Internet is a radioactive toxic … Read more

VOIP provider discloses customer e-mail addresses

In a typical case of "oops," Internet telephony provider Packet8 last week accidentally disclosed the e-mail addresses of about 21,000 of its subscribers.

The addresses are those of customers who subscribe to Packet8's monthly e-mail newsletter, a company representative said Tuesday. An employee attached a file containing the addresses to the newsletter, she said. The incident was reported earlier by U.K. tech news outlet VNUNet.com.

Such a list of e-mail addresses is a feast for phishers, who could use it to target Packet8 users with tailored scams. Phishing attacks combine e-mail messages and fraudulent … Read more

China says it has proactive virus tech

Chinese researchers have created an antivirus application that can proactively defend against viruses, according to Insead InnovasiaThe software, named Weidian proactive defense software, features five core technologies, including detection systems that study the behavior of known and unknown viruses.

Business PCs rife with spyware?

Webroot Software earlier this week released another installment of its State of Spyware report. Along with it came a news release filled with words to raise alarm over spyware.

The release speaks of "dramatic increases in the number of reported corporate spyware incidents." It also notes an "alarming rise in the amount of spyware on corporate machines."

In the study itself, a 74-page PDF that is available for download, Webroot states: "The spyware infection rate for enterprise desktops continues to remain above 80 percent." Also, the report says, the number of spyware instances per … Read more

Sun elaborates on its views on Feds, copy-protection standards

A few hours ago I posted a note about Sun President Jonathan Schwartz's statements on the federal government being involved in setting digital rights management (DRM) standards. He was speaking at the Progress and Freedom Foundation's conference here in Aspen, Co.

That posting prompted Christopher Hankin, the head of Sun's Washington lobby office, to come find me at the conference and offer an elaboration.

"A government role in standards-setting does not necessarily mean statutory mandates," Hankin said. He offered examples of the federal government being involved in making standards as a user of technology -- … Read more

Sun wants Feds to set copy-protection standards?

Sun President Jonathan Schwartz announced a new open-source standard for digital rights management during a speech here in Aspen, Co. last night.

In an interesting aside, Schwartz said that he believed the federal government should be involved in DRM standards. He used the example of pre-Civil War railroads in the United States, saying that a shipment from New York to Washington, D.C. might have to switch rail lines because of the lack of rail-gauge standards.

That raised some eyebrows in the audience. One attendee from a large media company told me afterwards, with just a hint of bitterness, that … Read more

In Finland: Stealing Wi-Fi to rob the bank

Finland, the country that brought us Nokia, is known as one of the most advanced nations when it comes to wireless communications. However, that unsecured Wi-Fi networks can be used by people who are up to no good appears to be news there. A Finnish regulatory agency this week sent out an official warning on the matter, according to the Helsingin Sanomat newspaper.

The warning follows what could be a scene from a cable TV crime show. The 26-year-old data security chief at GE Money in Finland allegedly took home a company laptop, logged on to his neighbor's unsecured … Read more

Zotob worm from Turkey?

MessageLabs says it has a lead on who might be responsible for the Zotob worm and some of its variants. The e-mail security company believes the same person who created some of the Mytob pests is behind Zotob. One problem is, it is unknown who that Mytob creator might be. There is no information beyond a nick name, "Diabl0," and that the individual speaks Turkish.

"A signature in the zotob worm code suggests it is written by somebody called Diabl0 and the IRC server it connects to is the same used in previous version of Mytob," … Read more

RSA pushes ID tokens

I always take the results of vendor sponsored surveys with a grain of salt. Companies who pay for "independent" research won't likely publish those results unless the researcher's conclusions somehow fit into the vendors' agenda.

So with that in mind, here's a brief look at a survey recently conducted by the security firm RSA that examines consumers' confidence in conducting online transactions. The study, which surveyed 8,000 people, showed that consumers have been shaken by fears of identity theft and fraud. But if banks or brokerage firms use strong authentication systems, consumers said they'… Read more

Call me Switzerland

Amid the landscape of security vendors issuing daily reports on viruses attacking users' systems and offering products and services to counteract the attacks, the government has stepped into the game with its own advisory system - minus any sales pitch.

The National Institute of Standards and Technology (NIST) has unveiled its mega-database, otherwise known as the National Vulnerability Database. The NVD will issue daily updates of viruses that are wrecking havoc on popular software products and post notices on security trends.

The database was created as a means to warn users about security threats both big and small, according to … Read more