security

CNET News Daily Podcast: Why some developers might work late tonight

An unlikely drama is playing out in, of all places, the security research field. Researcher Dan Kaminsky says that earlier this year, he discovered a serious flaw in the Domain Name System that drives the Internet. He's spent the last few months coordinating a huge project to get the flaw patched by all necessary companies before disclosing details about the flaw. But now a fellow researcher has taken a public guess at what the flaw was. And whether he's right or not, Kaminsky is warning companies to patch their software immediately. Reporter Robert Vamosi joins me in the … Read more

Is Kaminsky's DNS flaw public?

Thirteen days after Dan Kaminsky asked his fellow security researchers not to speculate on the details of his DNS flaw, a fellow Black Hat researcher published his own speculation, and apparently got it right.

On July 8, IOActive researcher Kaminsky disclosed a flaw in the Domain Name System (DNS), but would not provide the details until all the affected vendors had released patches and all the systems worldwide could be patched. He figured it would take about 30 days for that to happen. The 30-day mark also just happened to coincide with his speaking engagement at Black Hat in Las … Read more

CNET News Daily Podcast: Hacker conference proves nothing is private on the Net

As the Last HOPE (Hackers on Planet Earth) conference comes to an end in New York, CNET News' Elinor Mills gives the lowdown on what she learned from 3,000 hackers about lock-picking, private investigation, and the security of consumer electronics.

According to new reports, Carl Icahn will be doing his bidding inside the Yahoo executive board come August, with no specific statements that he'll try to sell the search business to Microsoft.

This weekend's megahit, The Dark Knight, is up on the Web and it may be a sign that smaller Web sites are flying under the … Read more

Column: Will you be ditching your antivirus app anytime soon?

For the last few months, I've been hearing some well-regarded security people tell me they are considering ditching their antivirus protection all together. They haven't done it, but these individuals feel the days of having a special application scan to remove malware on your desktop are numbered. Malware has changed, but the applications to ferret them out have not.

Antivirus programs, as we know them today, are based on 20-year-old technology of pattern matching. Pattern matching may have worked in the days of the Micheangelo virus and even as recently as Netsky, but methodically matching each and every … Read more

Last HOPE to become Next HOPE

NEW YORK--In case you were worried, HOPE is not dead.

Just as hackers experiment with technology, push boundaries, and subvert the concepts of what it means to be safe and secure, the organizers of the HOPE (Hackers on Planet Earth) conference have had some fun of their own.

Despite calling the event this weekend "Last HOPE," it won't be the final one; just the most recent one, organizer Emmanuel Goldstein told attendees at the closing ceremonies Sunday night.

There will be another one in two years. It will be called "Next HOPE," he said.

That … Read more

Hacking with no technology

NEW YORK--The typical image of a hacker is a kid hunched over his keyboard in the wee hours of the night staring at commands on his computer screen that unlock the secrets of the national government.

But, according to someone who knows better, the woman sitting next to you in the airport or Starbucks fiddling with her digital camera while you work on your company's confidential sales data could be just as dangerous.

One of the more fascinating talks at the Last HOPE hacker conference this weekend was by Johnny Long, a security researcher who hacks, writes books on … Read more

Protecting against Wi-Fi, Bluetooth, RFID data attacks

NEW YORK--Using a laptop, cell phone headset, building access badge, credit cards, or even a passport can make you a walking target for data thieves and other criminals, a security expert warned at the Last HOPE hacker conference here late Friday.

In a frightening but entertaining session entitled "How do I Pwn Thee? Let me Count the Ways" (pwn is hacker speak for "own" or control), a hacker who goes by the alias "RenderMan" explained how most people are at risk and don't even know it.

By now most people probably know they … Read more

Security Bites 108: Understanding white listing

To put it simply, the concept of "white listing" is to define a set of software, a set of vendors, and allow only those trusted applications or files from those vendors to run on your machine. If a file or application is not approved, it will not run. This is the opposite of how we've blocked malware from our machines in the past.

In 2007, Symantec detected more than 1 million viruses, with two-thirds created within the calendar year. Loading 1 million antivirus signatures or even a percentage of that if generic signatures are used is a … Read more

Dutch court allows publication of Mifare security hole research

Updated 8:30 a.m. PDT with researcher comment and photos. Updated 11:17 a.m. with NXP comment.

NEW YORK--A Dutch court ruled on Friday that a university can publish an article on security flaws in the Mifare Classic wireless smart card chip, the most popular chip used in transit systems around the world.

NXP Semiconductors, formerly Philips Semiconductors, sued to prevent computer science professor Dr. B. Jacobs Radboud at University Nijmegen from publishing a scientific paper on the technology, arguing that it would be irresponsible to make the information public.

The Rechtbank Arnhem court ruled that prohibiting publishing … Read more

Linux desktop security: It's a matter of process and architecture

Is Linux inherently more secure than Windows? Apparently so, according to this article, but the reasons have less to do with "thousands of eyeballs" and more to do with "intelligent design."

There are numerous reasons why a Linux PC is more secure from malicious software than a Windows PC. The most obvious is the way a user interacts with his operating system....

A Linux virus is doomed from early conception and there's a rough jungle awaiting. For an ELF binary file to get infected by a virus, the malicious program has to first get write access to other binaries. Prior to that, it must somehow disguise itself. Binary-only applications are so rare in the Linux world that any software not designed by a major developing firm is subject to inquiry. After a day in the wild, someone will figure out the binary file hides something else and the element of surprise will be gone. We're used to having the source code at our disposal. Try hiding a malicious code in plain text....… Read more