Free Republic

In a move that could backfire, according to one security expert, Apple pulled out of a prominent hackers' convention taking place this week in Las Vegas. Apple abruptly canceled what would have been its first appearance at Black Hat, an annual event in Las Vegas that features presentations from the world's most preeminent security researchers – a.k.a. hackers – according to Computerworld. Speakers typically highlight security shortcomings in a number of different technologies, including operating systems, e-mail and the Internet itself. Taking one's lumps at Black Hat is a right of passage in a technology's security evolution, as companies like...

George Ledin teaches students how to write viruses, and it makes computer-security software firms sick.In a windowless underground computer lab in California, young men are busy cooking up viruses, spam and other plagues of the computer age. Grant Joy runs a program that surreptitiously records every keystroke on his machine, including user names, passwords, and credit-card numbers. And Thomas Fynan floods a bulletin board with huge messages from fake users. Yet Joy and Fynan aren't hackers—they're students in a computer-security class at Sonoma State University. And their professor, George Ledin, has showed them how to penetrate even the best antivirus...

Expert urges China visitors to encrypt data Aug 3, 2008 - 9:02:10 AM WASHINGTON (Reuters) - China's blocking of Web sites has embarrassed the International Olympic Committee, but a computer security expert said on Thursday that visitors to Beijing also needed to protect their data from prying eyes. "People who are going to China should take a clean computer, one with no data at all," said Phil Dunkelberger, chief executive of security software firm PGP Corp.

Computer industry heavyweights are hustling to fix a flaw in the foundation of the Internet that would let hackers control traffic on the World Wide Web. Major software and hardware makers worked in secret for months to create a software "patch" released on Tuesday to repair the problem, which is in the way computers are routed to web page addresses. "It's a very fundamental issue with how the entire addressing scheme of the Internet works," ... "You'd have the Internet, but it wouldn't be the Internet you expect. (Hackers) would control everything." The flaw would be a boon for "phishing"...

Symantec, Windows users beset by Vista SP1 flaws By Tom Espiner, ZDNet UK Monday, March 24, 2008 10:56 AM Security vendor Symantec has said that updated drivers to replace those adversely affected by Windows Vista Service Pack 1 are not yet available. The company said users will have to wait for the updated drivers, which will be available "in the coming weeks". The drivers in question are for Endpoint Protection and Network Access Control, two of Symantec's flagship enterprise security products. Microsoft released Vista Service Pack 1 (SP1) to Windows Update on Tuesday. However, in the Vista team blog, Vista...

Hackers have newer methods to hack into your systems. They are smart enough to detect security loop holes in your PC and enter through open ports,unencrypted Wi-Fi connections,malicious websites or internet servers. It is better you check your PC periodically for invasions and protect your system to prevent pilfering and damage of data. Detecting security loopholes. Eliminating malicious programs. Tracking hackers .

A day after Adobe patched a serious security hole in its Reader and Acrobat programs, miscreants are flooding email inboxes with malware-tainted PDF files that try to remotely hijack vulnerable computers. The malware, identified by Symantec researchers as Trojan.Pidief.A, is included in PDF files attached to a "fair number of emails," according to this blog entry. The spam typically targets specific businesses or organizations. Adobe issued a patch for the vulnerability on Monday. The revelation of in-the-wild exploits underscores the importance of updating immediately. A patch for Reader is available here; an Acrobat update is available here. Emails typically arrive...

The Mozilla Foundation has released security updates to fix multiple flaws that could result in system hijacking in its open-source Firefox browser, Thunderbird e-mail client and SeaMonkey Internet applications suite. The bugs, deemed critical, are detailed in Mozilla's Security Advisory 2007-12. They include multiple vulnerabilities in Mozilla's Layout Engine and in its JavaScript engine that can result in memory corruption and lead to system takeover or DoS (denial of service). The function of a layout engine is to handle content such as HTML, XML, image files and applets as well as formatting information including CSS (Cascading Style Sheets) and presentational...

The U.S. Agriculture Department lacked controls to protect personal information on stolen computers and often failed to notify individuals whose information had been compromised, the department's inspector general said on Tuesday. The office of inspector general said in a report that it reviewed records from the Farm Service Agency, Natural Resources Conservation Service, Rural Development and Information Technology Services and found 95 computers were stolen between October 1, 2005, and May 31, 2006. "These agencies lacked policies and procedures to adequately notify proper authorities and affected parties when thefts of computer equipment occurred," Assistant Inspector General Robert Young said in...

Excerpts - ... 1. Make ISPs (and all organizations providing computer access to more than 100 people) responsible for filtering scan and attack traffic across their networks. ... 2. Make ISPs (and all organizations providing computer access to more than 100 people) responsible for knocking customer PCs off their network if they become bots. ... 3. Make end users liable if losses are incurred because of outdated security software. ... 4. Write some kind of law concerning efficient security software. ...

About the security content of AirPort Update 2006-001 and Security Update 2006-005 This document describes Security Update 2006-005 and the security content of AirPort Update 2006-001, which can be downloaded and installed via Software Update preferences, or from Apple Downloads. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website. For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security...

Identity thieves are gleaning personal information from scrapped computers. Peter Warren reports on just how insecure our sensitive data really is. Bill Kerridge is a North Shields publican who runs an award-winning pub in the Tyneside Town and whose daughter is a talented gymnast. Normally, Kerridge would be happy for the readers of a national newspaper to know those details, only he is not because along with a wealth of other information relating to his family, it was recovered from a computer hard drive bought off the internet via eBay that the Kerridges knew nothing about. The news that such...

Erasing data from a computer is not as simple as the manufacturers would have you believe. Just deleting it or reformatting the hard drive does not remove the data, and the secure removal of data about individuals by companies is now a legal requirement. There are a number of methods used to "delete" data from a hard drive. These methods do not remove the data, they simply make space available for the system to use when next required. The data remains on the disk. Readily available software tools can be used to restore the data. Some are even free. When...

*********************************************Mozilla on Wednesday released an update to its popular Firefox Web browser that fixes a dozen vulnerabilities, seven of which it deems "critical." The most serious of the flaws could be exploited by cyberattackers to commandeer a vulnerable PC, according to Mozilla. The company, which oversees Firefox development, has published security advisories for each of the flaws repaired by the Firefox update. The flaws are fixed in Firefox 1.5.0.5, which Mozilla has started pushing out to Firefox users via the update feature in the open-source Web browser. In addition to the security fixes, the browser update includes stability improvements, as...

"Overall, the research shows that many consumers have a false sense of security while online," ESET Chief Research Officer Andrew Lee said in a statement. "With the number of zero-day threats rapidly increasing, users need to be even more cautious and proactive in their own protection." While nearly 90 percent of computer users have software on their machines to protect them from malware like viruses, Trojans, worms and spyware, almost two-thirds of those users are reluctant to upgrade the software after it's installed. That was the finding in a survey released Monday by security software maker ESET, of San Diego....

Computer-based fraudsters are finding new ways to trick people -- not technology -- to get the information they seek "Lawsuit against you," reads the subject line in an e-mail that hit thousands of in-boxes around the world last month. In flawless legalese, the message warns recipients that they recently sent an unsolicited fax to the sender's office. Citing U.S. civil code, its prohibition on sending junk faxes, and an actual $11 million settlement by restaurant chain Hooters, the missive threatens a lawsuit over the alleged junk fax. "If you do not pay me $500 by the deadline for payment, I...

Most people who use e-mail now know enough to be on guard against "phishing" messages that pretend to be from a bank or business but are actually attempts to steal passwords and other personal information. But there is evidence that among global cybercriminals, phishing may already be passé. In some countries, like Brazil, it has been eclipsed by an even more virulent form of electronic con — the use of keylogging programs that silently copy the keystrokes of computer users and send that information to the crooks. These programs are often hidden inside other software and then infect the machine,...

142---Number of unique I.M. viruses in 20042,403---number of unique I.M. viruses in 2005The number of viruses transmitted through instant-messaging software surged in the last year. . . . Such viruses typically arrive in innocuous-looking messages, ostensibly from an I.M. buddy, [urging] the recipient to download software that turns out to be malicious.[E]-mail inboxes are increasingly well protected against viruses, forcing hackers to look at other modes of transmission. . . . Another innovation last year was the first talking I.M. virus, which chatted with its targets. . . . [O]ne of its favorite phrases was "lol that's cool."

Some hackers like to "shoulder surf," or steal unsuspecting PC users' passwords by looking over their shoulders at the Internet café. Others prefer to crack an account's password -- using sophisticated software programs. But new developments in network security are going to wipe out the shoulder surfers, and their cracker pals, experts tell United Press International's Networking. Graphical passwords are emerging -- images, not words or phrases, which authenticate access to a computer or a network. By Gene Koprowski

How the iPod Will Change the Face of Computer Security Date: Dec 1, 2005 By Bruce Potter. Apple probably didn't intend it, but the iPod will likely prove to be an important stepping stone into solving a problem that has faced computer scientists for more than 30 years. Bruce Potter explains. The iPod has caused a bit of a revolution in the music industry. By making the iPod incredibly user-friendly and providing affordable content, Apple has put more than 28 million iPods in the hands of consumers all over the world (with 10 million more expected to be sold before...