security

Practice safe browsing with ZoneAlarm ForceField, and get it free (today only)

ZoneAlarm ForceField is a new security utility that promises bulletproof protection against browser-related threats. It normally sells for $29.95, but Check Point Software is offering it absolutely free, today only, as part of a Patch Tuesday promotion.

The software relies on a technique called "virtual browsing" to protect your PC against unauthorized downloads, malware installations, phishers, keyloggers, and the like. It also promises total privacy by erasing the (virtual) browser's cache, cookies, history, and passwords. According to Check Point, the program won't interfere with any existing security software you might already have.

I haven't … Read more

Google's Keyczar designed to make cryptography easier

Google on Tuesday announced Keyczar, an open-source project to help developers select and use safe cryptography in their applications.

Built on OpenSSL, PyCrypto, and the Java JCE libraries, Keyczar supports authentication and encryption with both symmetric and asymmetric keys. It simplifies some of the details by choosing safe defaults and automatically tagging outputs with key version information. Keyczar also provides a simple interface.

The project provides developers with a simple API, key rotation and versioning, and safe default algorithms, modes, and key lengths.

A "nongoals" page proclaims what Keyczar is not. For example, Keyczar is not designed to … Read more

Buzz Out Loud 785: Don't cross the Olympic streams

We tried to give NBC the benefit of the doubt when it comes to Olympic streaming, but then we tried it. And it's ridiculous. Also, we wonder if the iPhone makes you fat, even as it fattens Steve Jobs' wallet. We also discuss the technicalities of invisibility cloaks, and opt-out of Obama's aggressively hip Internet outreach campaign.

Listen now: Download today's podcast EPISODE 785

Defcon ends with researchers muzzled, viruses written http://news.cnet.com/8301-1009_3-10013156-83.html

Judge orders halt to Defcon speech on subway card hacking http://news.cnet.com/8301-1009_3-10012612-83.html

Apple hits 3 million … Read more

Thwart laptop theft

This simple executable will sound an alarm through your laptop's speakers when certain activities occur, helping to thwart laptop theft. Laptop Alarm's four-check-box interface takes seconds to set. An option pop-up is as easily set to control mouse sensitivity and set a program password.

Operating Laptop Alarm is a snap. Users merely run the executable and set the alarm to sound if the laptop loses power, the system is shut down or logged off, if the USB mouse is unplugged, or if the mouse moved. Testers found the program accurate with no false alarms. There's no method … Read more

CNET News Daily Podcast: Journalist-on-journalist hacking at Black Hat

In what's being regarded as a total breach of professional ethics, three reporters from Global Security Mag were removed from the Black Hat security conference in Las Vegas on Thursday after attempting to expose the username and passwords of two reporters in attendance, including a CNET News employee. The magazine was a co-sponsor of the event, but the three parties responsible were asked to leave and barred from all future events, including this weekend's DefCon. For more detail, see the accounts from CNET News' Elinor Mills and Robert Vamosi who are in Vegas now.

Listen now: Download today's podcastRead more

Column: Raising Cain at Black Hat

LAS VEGAS--On the second day of the Black Hat security conference, a trio of journalists turned on other journalists within the press room.

This was my ninth Black Hat in nine years, and I have lived in dread year after year that such a headline would affect me. On Thursday, CNET News was named as one of the two organizations "hacked," but I disagree that any such hack occurred.

Just before noon on Thursday, a trio of reporters from Global Security Mag sat in one of the two press rooms at Black Hat. Both rooms have a wired … Read more

Facebook's new worm turns your friends into enemies

Facebook has a worm. It was bound to happen: As the web increases in popularity, it was just a matter of time before security bad guys started targeting web applications in earnest. Recent research from IBM suggests that the pace of security vulnerabilities on the web is accelerating.

This particular worm on Facebook is highly insidious:

The worm spreads when a compromised user's account is used to send message to others with a title such as "LOL. You've been catched on hidden cam, yo:" and a link to a random URL. The linked website is a … Read more

Facebook responds to security warnings

Facebook security chief Max Kelly has assured members in a blog post that the social network is "fighting the good fight" when it comes to several malware attacks discovered on the site in recent days.

"We spent most of last night working on a fix for a worm, which was targeting people on Facebook and placing messages on walls urging users to view a video that pretends to be hosted on a Google or YouTube Web site," Kelly wrote. "Less than .002 percent of people on Facebook have been affected, all of whom we notified … Read more

Black Hat expels reporters in network snooping

Robert Vamosi of CNET News co-wrote this story.

Updated 10:30 p.m. with comment from Brami.

LAS VEGAS--Three journalists for a French security magazine were kicked out of the Black Hat security conference after they allegedly sniffed the press room computer network on Thursday.

The journalists work for Global Security Mag, which was a media sponsor of the event. Two of the men, Dominique Jouniot and Mauro Israel, could not be reached for comment.

The third, Marc Brami, director of the magazine, told CNET News later that he blamed Israel for the incident, which Brami described as "a … Read more

Microsoft to seek credit for finding vulnerabilities

LAS VEGAS--Microsoft is jumping into the responsible disclosure game.

The company announced at the Black Hat security conference on Thursday that it is formalizing its program of informing third-party software vendors of security problems with products that run on top of Windows.

"We've seen the threat environment change," said Andrew Cushman, who runs the Microsoft Security Response Center.

Vista is more secure than XP and has fewer infections, he said. In addition, there are an increasing number of third-party exploits, and fewer browser-based exploits than in third-party software, he added.

The MSRC already reports vulnerabilities to other … Read more