Apple Inc. patched 40 vulnerabilities in Mac OS X yesterday — more than half of them labeled with the company’s equivalent of "critical" — and in the process broke the 250-bug bar for the year. Collectively dubbed Security Update 2008-007, the fixes patched flaws in Finder, QuickLook, ColorSync and a host of open-source components that Apple [...]

Transit systems across Canada stand to lose tens of thousands of dollars to fare fraud, and access to office buildings could be compromised, after a security flaw in some of their smart-card technology was widely publicized this week. Computer-security researchers at the Radboud University Nijmegen in the Netherlands revealed how the smart-card technology, called Mifare, can [...]

A trio of German software firms claims to have developed a password system that prevents Trojans and viruses from stealing passwords from a Windows machine. The “Trojan-proof” virtual keyboard software, which was developed by Global IP Telecommunications, PMC Ciphers, and CyProtect AG, is available in a free beta version for download. "This development can make input [...]

As important as security is, remaining current with every development is hard, and evaluating possible vulnerabilities across a network can be quite a chore. You need a way to both automate tests and make sure you’re running the most appropriate and up-to-date tests. Open Vulnerability Assessment System (OpenVAS) is a network security scanner that includes a [...]

The increased monitoring and profiling of Internet users by companies such as Google Inc. and its DoubleClick online advertising subsidiary is widely seen as one of the biggest threats to online privacy. But in reality, said university professor Paul Ohm, the potential for the same kind of activities by ISPs poses a much greater privacy [...]

Web browsing on SSL sites may not be as secure as you think. Security researcher Mike Perry has released additional details about his CookieMonster tool, which can be used to steal private data via HTTPS cookies. Mike Perry spoke about the issue at the Defcon security conference. Talk of HTTPS cookie hijacking is pushing its way [...]

What if you wanted to build your own botnet to act as a spam relay or to launch a denial-of-service attack against an organization or a country? "It’s actually a lot of work," says Joe Stewart, director of malware research at SecureWorks. I had a chance to talk with Stewart at this year’s Black Hat security [...]

Microsoft Corp. today patched eight vulnerabilities, all rated critical, in four security updates for Windows, Office, Windows Media Player, Internet Explorer 6, SQL Server and other programs. Unlike last month, when Microsoft issued 12 bulletins that fixed 26 flaws, today’s patched vulnerabilities did not include any that have already been exploited in the wild. "It doesn’t [...]

VMware Inc.’s recent release of a large number of patches for its virtualization offerings is likely to be the first of many, as hackers increasingly focus their attention on virtualized environments. That’s according to security vendor Fortify Software Inc., which is urging companies to be cautious if they’re thinking of adopting virtualization technology. Last week, the [...]

The Domain Name Server design flaw that threatened the entire Internet earlier this year has mostly been patched, but the threat is far from over, experts say. The DNS flaw, which was discovered by IOActive researcher Dan Kaminsky in the first half of this year and resulted in the largest simultaneous security software patch in [...]

The Sophos Security Threat Report examines existing and emerging security trends and has identified that criminals are increasingly using creative new techniques in their attempt to make money out of internet users. It is estimated that the total number of unique malware samples in existence now exceeds 11 million, with Sophos currently receiving approximately 20,000 new [...]

Traditionally, the area of information security has been purely defensive. Classic examples of the defensive mechanisms used in order to protect communication networks include firewalls, encryption and IDS (Intrusion Detection Systems). The strategy follows the classical security paradigm of "Protect, Detect and React.” In other words, try to protect the network as best as possible, [...]

Microsoft released its Patch Tuesday update today, which includes a fix for a zero-day flaw affecting Microsoft Office Access that has been targeted by hackers. Other fixes address issues in Microsoft Excel, PowerPoint, Windows and other products. Microsoft released its August Patch Tuesday update Aug. 12 with 11 bulletins that plug 26 security holes across multiple [...]

SSL VPNs can be compromised in a way that enables them to take over remote users’ machines and potentially cause mischief inside the networks they attach to, according to research presented at the Black Hat conference. The problem can exist with Web clients that install themselves on remote machines at the start of SSL VPN sessions, [...]

Spam remains a growing problem in cyberspace. According to Ferris Research, which studies messaging and content control, 40 trillion spam messages will be sent in 2008, compared to 18 trillion in 2006 and 30 trillion in 2007. In theory, email filtering software and appliances allow ‘good’ or ‘true’ email messages to pass through while prohibiting spam. [...]

The onus is on you to prove your cyber innocence. If someone has used your email or computer to send any illegal communication, then the laws of the country put you in a bit of a spot. As the recent episode of the email sent by terrorists from a stolen IP address has brought out, the [...]

There are a number of command line options available to configure Window Server 2008 over the network. For example, Windows Powershell, ServerManager.exe, or a telnet server. However, the tried and true method that has worked so well with just about every type of infrastructure device in use today (including Windows Server 2008, Cisco Routers, Linux [...]

Linux developers have strongly recommended anyone who uses Linux kernel 2.6.25 on multi-user x86-64 systems to upgrade to version 2.6.25.11. It appears that users with restricted privileges are able to escalate their access privileges. While Greg Kroah-Hartman did not give any further details when announcing the new kernel version, the problem is likely to be [...]

Data encryption is an important element of an organization’s response to security threats and regulatory mandates. What many organizations are finding is that while encryption is not difficult to achieve, managing the associated encryption keys across their lifecycle quickly becomes a problem that creates a new set of security vulnerabilities and risks making important data [...]

The Honeynet Project has released a new freebie honeypot client tool that lets security pros and researchers automatically detect and dissect bot infections and other malware attacks on client machines. Capture-HPC v2.1 is an updated and enhanced version of the Honeynet Project’s high-interaction Capture-HPC client honeypot, which the organization last year used to study over 300,000 [...]