The Network Security. Org

Google Chrome 4 Bolsters Browser Security with New Features

netoxic — Mon, 01 Feb 2010 05:16:20 +0000

Google is touting three new security features added to the latest version of its Chrome browser, including new protections against reflective cross-site scripting.

Google has beefed up the latest version of its Chrome browser with new security protections designed to help developers build secure Websites. Google Chrome 4 Bolsters Browser Security with New Features – Security from eWeek

10 Reasons Why Microsoft Should Have Discussed Security At CES

netoxic — Fri, 15 Jan 2010 12:27:27 +0000

The big news that came out of CES was a tsunami of new smartphones and tablet PC designs. But Microsoft, arguably the most important company at the show, could have made security the theme at CES this year. Unfortunately, it didn’t. And users are left wondering how to keep their data secure going forward.

The Consumer Electronics Show is a spectacle. It’s a place where massive tech companies and small startups come together to show off neat, new ideas. Some companies focus on PCs, others attempt to innovate with products that consumers have never seen. 10 Reasons Why Microsoft Should Have Discussed Security At CES – Security from eWeek

How three vendors screwed up USB stick security

netoxic — Fri, 15 Jan 2010 12:25:14 +0000

The security industry strikes again. Sell business users supposedly encrypted (and therefore super-secure) USB sticks and then assume that nobody will ever work out that the security is about as watertight as a paper teapot.

Three companies admit they suffered the same egregiously stupid encryption flaw in some of their expensive ‘secure’ USB sticks at the same time. And these turned out to have been certified using an important-sounding US government security standard, FIPS-140 Level 2. How three vendors screwed up USB stick security – War on Error – Blogs – Technology Blog and Community from IT Experts – Techworld.com

More flash drive firms warn of security flaw; NIST investigates

netoxic — Tue, 12 Jan 2010 05:05:51 +0000

SanDisk Corp. and Verbatim Corp. have joined Kingston Technology Inc. in warning customers about a potential security threat posed by a flaw in the hardware-based AES 256-bit encryption on their USB flash drives.

The hole could allow unauthorized access to encrypted data on a USB flash drive by circumventing the password authorization software on a host computer. More flash drive firms warn of security flaw; NIST investigates

Microsoft, Adobe prep critical security patches

netoxic — Fri, 08 Jan 2010 12:56:05 +0000

Microsoft will issue one bulletin on Patch Tuesday next week that is rated "critical" for Windows 2000. The patch is designed to address a vulnerability that could allow an attacker to take control of a computer by remotely executing code on it, according to an advisory released Thursday.

It is rated "low" severity for Windows 7, Vista, XP, Server 2003, and Server 2008 operating systems. Meanwhile, Adobe Systems is scheduled to release a patch for a vulnerability in Adobe Reader and Acrobat on Tuesday that was discovered in mid-December and which is being exploited by attacks in the wild to deliver Trojan horse programs that install backdoor access on computers Microsoft, Adobe prep critical security patches | InSecurity Complex – CNET News

25 million strains of malware identified in 2009

netoxic — Fri, 08 Jan 2010 12:52:27 +0000

More than 25 million new strains of malware were created last year, says PandaLabs. According to the security vendor’s Annual Malware Report, the number of new versions of malware identified has topped the 15 million identified throughout the company’s 20-year history.

PandaLabs said that 66 percent of the new malware identified were banking Trojans, and the next popular type was scareware, also known as fake antivirus software that encourages web users to part with their hard-earned cash to download hoax security software that serves no purpose. 25 million strains of malware identified in 2009 – Network World

Stop making it so easy to be attacked online

netoxic — Fri, 08 Jan 2010 12:48:56 +0000

Simplifying, beautifying, and streamlining our lives leads to significant security risk. For most of us, having pictures come up automatically when browsing the Web is standard.

Getting e-mail in HTML format is normal, and setting our phones to automatically sync up with Wi-Fi and Bluetooth is natural. After all, these are technical innovations that allow our electronic lives to be beautified and streamlined so we’d be crazy not to use them. Stop making it so easy to be attacked online – Computerworld Blogs

Kingston flash drives suffer password flaw

netoxic — Wed, 06 Jan 2010 05:41:39 +0000

Kingston Technology has asked customers to return certain models of its DataTraveler secure flash drives for an update, following the discovery of a flaw in the memory sticks.

The affected models include the DataTraveler BlackBox; DataTraveler Secure — Privacy Edition; and DataTraveler Elite — Privacy Edition. The flaw lies in how the drives process passwords, Jim Selby, Kingston’s manager of European product marketing, told ZDNet UK on Monday. Kingston flash drives suffer password flaw – ZDNet.co.uk

Almost 16 million use same password for every website, study finds

netoxic — Wed, 06 Jan 2010 05:39:16 +0000

This could lead to money being stolen from bank accounts, fraudulent purchases via online shops or identity theft, according to life assistance company CPP.

The average internet user is asked for a password by 23 websites a month. The research found 46 per cent of British internet users, 15.6 million, have the same password for most web-based accounts and five per cent, or 1.7 million, use the same password for every single website. Almost 16 million use same password for every website, study finds – Telegraph

Apple (Snow Leopard) malware blocker collecting cobwebs

netoxic — Wed, 06 Jan 2010 05:19:57 +0000

Nearly six months after Apple added a malware blocker to Mac OS X (Snow Leopard), the feature appears to be collecting cobwebs.

Apple has not added any anti-malware signature updates to the XProtect.plist file that launched with antidotes for OSX.RSPlug.A and OSX.Iservice, two known Trojan horse programs targeting Mac OS X users. Apple (Snow Leopard) malware blocker collecting cobwebs | Zero Day | ZDNet.com

The Worlds Top 10 Spammers

netoxic — Wed, 06 Jan 2010 05:14:55 +0000

Gangs of hackers make money not only by stealing from electronic accounts but also by spamming. The Spamhaus Project, an 11-year-old British and Swiss-based nonprofit that works with global law-enforcement agencies, regularly updates the list of the most persistent spammers.

1. Canadian Pharmacy
(Ukraine/Russia)
Pharmaceutical spamming has intensified during the worldwide swine-flu pandemic—for the most part, it is advertising for counterfeit Tamiflu. Zombie computers infected with a Trojan virus are now sending out tens of thousands spam messages a day. The World’s Top 10 Spammers – Newsweek.com

Security Hardware & IT Security Software

netoxic — Wed, 06 Jan 2010 05:10:05 +0000

A security researcher uncovered some holes in Google Calendar and Twitter that may allow an attacker to steal cookies and user session IDs.

A security researcher has uncovered vulnerabilities in Twitter and Google Calendar that could put users at risk. In a proof of concept, researcher Nir Goldshlager demonstrated cross-site scripting (XSS) vulnerabilities in Google Calendar and Twitter that he said could be used to steal cookies and session IDs Researcher Uncovers Twitter, Google Calendar Security Vulnerabilities – Security from eWeek

Compliance as Security: The Root of Insanity

netoxic — Fri, 18 Dec 2009 05:37:16 +0000

There is an ever-increasing pressure for security executives to be a champion of compliance within their respective organizations. Given that there seem to be new or changing compliance requirements emerging on a fairly regular basis, this can be viewed as both a blessing and a curse.

As our government acquires increasing financial interests in some private business sectors, this trend may continue to escalate. The blessing is that in some instances it gives the security function some additional leverage to drive results and deliver greater overall value. The curse is that the regulatory compliance requirements just add to the already voluminous amount of reactionary items that already exist on the security executive’s plate. Compliance as Security: The Root of Insanity

Attackers and Phishers Still Winning the War

netoxic — Mon, 07 Dec 2009 05:16:59 +0000

The United States may be falling perilously behind on science and engineering education, but that’s nothing compared to how poorly we’re doing on social engineering education. Social engineering (known as "lying" in the real world) is perhaps the oldest attack technique on the Internet.

It’s been in wide use since long before the Web was in existence and attackers have changed and adapted as time has gone by, morphing their tactics to stay up with what the kids are doing. The emails promising racy pictures of Anna Kournikova or Monica Lewinsky (!) have given way to Twitter messages about Tiger Woods’ alleged indiscretions and poisoned search results with links to news stories about…Tiger Woods’ alleged indiscretions. Attackers and Phishers Still Winning the War | threatpost

GFI releases Freeware version of GFI EndPointSecurity

netoxic — Mon, 07 Dec 2009 05:14:27 +0000

Endpoint security threats are constantly evolving and critical data is lost due to non-existent or ineffective security practices. The proliferation of high capacity thumb drives, smart phones and other portable devices has increased the risk of data leakage and the volume of data that could find its way out of an organization.

As part of its WE CARE initiative, GFI Software is giving organizations the ability to monitor and identify endpoint weaknesses in their network in real time through its FREEWARE version of GFI EndPointSecurity.

Kaspersky Lab unveils further level of protection with Kaspersky KryptoStorage

netoxic — Mon, 07 Dec 2009 05:11:51 +0000

Kaspersky Lab, a leading developer of secure content management solutions, announces the release of Kaspersky KryptoStorage (KKS). The product, with its user-friendly, intuitive interface, is designed to provide cryptographic protection and permanently delete data from computers running Windows operating systems.

Users of Kaspersky Anti-Virus 2010 and Kaspersky Internet Security 2010, in particular, will appreciate the new product’s features because those products in conjunction with Kaspersky KryptoStorage transform your computer into an impenetrable data storage that can withstand any form of attack Kaspersky Lab unveils further level of protection with Kaspersky KryptoStorage

5 security threats to watch in 2010

netoxic — Mon, 07 Dec 2009 05:08:43 +0000

Everyday Internet users will be a key target for cybercriminals looking to get people to download their malware, while the proliferation of social sites such as Facebook and Twitter will lead to an increase of possible fraud cases, reported Symantec.

At a media briefing Wednesday, the security vendor released a report outlining security threats enterprises and consumers should be mindful of in 2010. Of these, the security risk faced by everyday Internet users is likely to increase as criminals look to trick people into downloading malware through means such as an innocent-looking URL link or videos and pictures from unknown sources. 5 security threats to watch in 2010 | Tech News on ZDNet

Chrome OS security: Sandboxing and auto updates

netoxic — Wed, 02 Dec 2009 04:53:19 +0000

Google showed off its new lightweight operating system designed for Netbooks and cloud computing on Thursday. As anticipated, it will rely on many of the same security features and concepts used by the Chrome browser.

"The browser is the operating system. We’ve expanded the browser to add operating system functionality," Caesar Sengupta, a group product manager at Google, said in an interview. Chrome OS security: ‘Sandboxing’ and auto updates | InSecurity Complex – CNET News

5 steps to secure your data center

netoxic — Wed, 02 Dec 2009 04:49:44 +0000

With the advent of cloud computing, rich Internet applications, service-oriented architectures and virtualization, data center operations are becoming more dynamic, with fluid boundaries.

The shift toward a new computing environment adds layers of complexity that have broad implications for how information technology managers secure the components of a data center to protect data from malicious attack or compromise. 5 steps to secure your data center — Government Computer News

4 Cheap Options to Monitor Networks for Evidence

netoxic — Fri, 27 Nov 2009 12:35:46 +0000

Computer forensics don’t have to solely focus on recovering and searching for evidence on storage devices. Although programs like Encase and FTK 3.0 are excellent tools to help find documents, photographs and other files for your investigation, they cut short on collecting network traffic your suspect sends and receives.

Viewing stored URL visits and local cache only paint a limited picture of the suspect’s Internet usage and sometimes amount to the same as reading tea leaves. A document opened online, an incriminating instant message or even a VOIP call can and should be forensically captured and reviewed for your investigations. 4 Cheap Options to Monitor Networks for Evidence ( – Security )