Linux developers have strongly recommended anyone who uses Linux kernel 2.6.25 on multi-user x86-64 systems to upgrade to version 2.6.25.11. It appears that users with restricted privileges are able to escalate their access privileges. While Greg Kroah-Hartman did not give any further details when announcing the new kernel version, the problem is likely to be [...]

Data encryption is an important element of an organization’s response to security threats and regulatory mandates. What many organizations are finding is that while encryption is not difficult to achieve, managing the associated encryption keys across their lifecycle quickly becomes a problem that creates a new set of security vulnerabilities and risks making important data [...]

The Honeynet Project has released a new freebie honeypot client tool that lets security pros and researchers automatically detect and dissect bot infections and other malware attacks on client machines. Capture-HPC v2.1 is an updated and enhanced version of the Honeynet Project’s high-interaction Capture-HPC client honeypot, which the organization last year used to study over 300,000 [...]

Over the last few years, security threats have grown and altered dramatically and so have the defences. Traditional firewalls, installed over three years ago, are often not best suited for current threats and don’t protect against a number of newer threats. A firewall is a system designed to prevent unauthorised access to or from a private [...]

D-Link routers may have been infected by a worm or bot according to security researchers at Symantec. However, the company has backtracked on its intitial reports that a bot had definitely been identified. The security company had issued warning to customers of its DeepSight threat notification service saying that there were "reliable reports" of an in-the-wild [...]

After years of fighting the hacker wars, today’s Websites are still a long way from being secure, according to a new research report. According to a report issued yesterday by WhiteHat Security, nine out of 10 Websites still have at least one vulnerability that attackers could exploit. On average, there are about seven flaws on each [...]

Red Hat is freeing up the source code behind its identity management and security system in a bid to show that open source software is more secure than rival technologies.. The Linux distributor is staking its future on fleshing out products beyond its popular operating system to ensure the continued uptake of open source by the [...]

Bluetooth has been a big success in the mobile world, but primarily for just one application: wireless headsets. These are extremely popular and with good reason: You can’t beat the convenience, and they are have become quite inexpensive. But Bluetooth can do much more than just connect a headset with a phone. The technology also is [...]

At one time, IT departments concerned themselves with hardening the perimeter. The idea was Medieval: build a fortress around yourself and don’t let outsiders in. Then came remote workers. Then chat apps. Then Web mail. And then mobile devices. And suddenly you have more exceptions than the rule. Desktops inside the corporation, which at one time [...]

There’s nothing like telling a good horror story to encourage your employees — from senior executives to rank-and-file workers — to do their part in improving IT security. Cisco Chief Security Officer John Stewart has all the technological tools in the world at his fingertips to help keep the networking giant’s data and operations locked [...]

VMware has identified and fixed seven security bugs in the free version of its hypervisor, which could let hackers launch denial-of-service attacks, change user privileges and forge RSA key signatures. VMware identified the problems in VMware Server, the company’s free server virtualisation software, and fixed them in newly released version 1.0.5. VMware first reported the problems [...]

Many companies spend a small fortune and deploy a small army to secure themselves from the many security threats lurking these days. But all those efforts can come to naught when making any of these common mistakes. The results can range from embarrassing to devastating, but security experts say that all are easily avoidable. Here are [...]

Last month the TrueCrypt Foundation released TrueCrypt 5.0, which finally introduces a Linux GUI for the cross-platform encryption application. TrueCrypt 5.0’s numerous other enhancements include a Mac OS X port, XTS operation mode, the ability to encrypt a system partition or drive under Windows, and the addition of the SHA-512 hash algorithm. The binary downloads for [...]

The rapid evolution of “Web 2.0” has sparked the convergence of social networking on a massive scale and the adoption of new combinations of technologies that significantly increase the so-called ‘attack-surface’. This combination offers irresistible opportunities to organised crime. In recent years, malware attacks have been targeted and mass worms have been quiet. The days of [...]

eEye Digital Security tomorrow will make its first foray into the Web vulnerability space — with a new member of its Retina Security Scanner family that roots out Web application flaws. eEye founder and former CTO and chief hacking officer Marc Maiffret first revealed eEye’s plans to add Web application scanning to its portfolio in [...]

The File Transfer Protocol (FTP) has attracted renewed interest lately, but not in a good way: The bad guys are now using the ‘70s disco-era file transfer technology to serve up bot malware, and even as a backdoor into some enterprises that neglect to lock down their FTP servers. Researchers at F-Secure have spotted a new [...]

Microsoft today issued four updates to fix at least a dozen security vulnerabilities in its Office software products. All of the updates earned Microsoft’s "critical" label, meaning attackers could exploit the flaws to break into Windows systems with little or no help from users. Included in today’s Patch Tuesday roundup are fixes for just about every [...]

Miscreants have created a strain of malware capable of removing rootkits from compromised PCs, only to install almost undetectable backdoor code of its own. The Pandex Trojan stops previously installed rootkits from working by removing their hooks into system calls. Pandex then installs its own rootkit component, detected by Trend Micro as Pushu-AC. Rootkits are a [...]

The developers of the open source media player VLC have closed several security holes. These would have allowed attackers to inject and execute malicious code using manipulated Realtime data streams or crafted video files. The latest version, 0.8.6e, is available to download and fixes the flaws. According to the VLC programmers’ announcement, the current version no [...]

As I mentioned in my last article, security policies serve to protect (data, customers, employees, technological systems), define (the company’s stance on security), and minimize risk (internal and external exposure and publicity fallout in the event of a breach). Security policy creation and dissemination are not just a good idea; both are mandated by a [...]