Stories about: VIA

Via the RISKS mailing list comes an interesting tale of poor online account management at a major online retailer. According to Graham Bennett, accounts with Amazon display an odd behaviour that doesn't seem to have attracted much attention in the past.

Last week Microsoft released MS08-055 [1], patching a remote code execution vulnerability affecting the handling of onenote:// URLs in different versions of Office. What was surprising about the patch is that the vulnerability being fixed only bore a passing resemblance to the one that was notified to Microsoft in March of this year.

The proliferation and popularity of collaborative Web 2.0 sites – there are around 250,000 new registrations to Facebook everyday – has changed the threat landscape and the way businesses need to think about security. Each year, newer technologies and weapons are being unleashed to leave Web users surprised, annoyed and at greater risk.‘Whaling’ or ‘spear phishing’, is one such threat and refers to phishing scams which specifically target high-worth individuals.

The headline in this week's Glasgow Sunday Herald -- "Revealed: 8 million victims in the world's biggest cyber heist" -- was a grabber.

Customers of small Internet Service Providers (ISPs) may be at risk of online fraud, following the industry's lax response to securing against the recently discovered Domain Name System (DNS) cache poisoning flaw.

A network administrator has allegedly locked up a multimillion-dollar computer system for the city of San Francisco that handles sensitive data, and he is refusing to give police the password

Remember the old M&M analogy - security is like an M&M candy, hard shell on the outside, soft on the inside. In other words, put up firewalls, built a strong perimeter and you're good to go. Of course, nobody believes that M&M-type security is sufficient in today's world of insider threats, data leakage, mobile workers, thumb drives and sophisticated malware. So, what's the new metaphor? We asked around and came up with a number of interesting and useful ways to think about enterprise security.

Hurricane Katrina and the September 11 attack on the World Trade Center caused scores of companies to reconsider their disaster recovery and business continuity plans, whether they were affected by those catastrophic events or not.

Hackers are a skeptical bunch, but that doesn't bother Dan Kaminsky, who got a lot of flack from his colleagues in the security research community after claiming to have discovered a critical bug in the Internet's infrastructure.

The spam and malware tsunami continues to cast a mounting shadow over the Internet this week.

Mozilla's big plan on Tuesday to set a world record for downloads with the Firefox 3 browser hit a snag when its Web site would not work properly.