Data Security

Visitors to the Association of Tennis Professionals Web site have potentially been infected with spyware after apparent lax security allowed a malicious script to be injected across its pages.

Japan's Self Defense Force lost sensitive data pertaining to a joint US-Japan military exercise last year, the Ministry of Defense said Tuesday.

The federal government has today launched a $1.2 million national security alert service to round-out its plans to sanitise Internet feeds to families and small businesses.

A Zip Bomb is a small Zip file that exploits capabilities of compression algorithms and settings to expand into a file or set of files that consume system resources to the point of system unusability. Didier Stevens, continuing his recent work in finding interesting sections of the PDF data scheme, has described techniques for the PDF equivalent of the Zip bomb, or a PDF Bomb.

If ISPs are not trying to be part of the Internet security solution then they are part of the problem and customers should vote with their feet, according to a security officer of a European communications and hosting company.

As many as 23 percent of home computers are infected with malware, and of those, more than 70 percent had been infected in the past year, are among the alarming findings of AusCERT's first home computer user survey.

The vendor HyBlue says it can prevent the "cold boot" encryption hack discovered by Princeton researchers with a laptop security product announced Tuesday.

An anonymous hacker has posted personal data about 6 million Chilean residents on the Internet, highlighting wider privacy problems in the country.

A group of US Marines hunker down beside a building, enemy fire coming at them from somewhere up ahead. One soldier reaches into his pack and pulls out a few robots that look like large bugs. The bots fly down the street, sending back images that show where the enemy troops are hiding, how many there are and what weapons they're using.

Security researchers have developed a new type of malicious rootkit software that hides itself in an obscure part of a computer's microprocessor, hidden from current antivirus products.

The Srizbi botnet has stormed over its competition to become the Internet's biggest spammer.

The Australian Taxation Office is on top of its game when it comes to information security, an independent investigation has found.

A group of security researchers Wednesday said they have infiltrated one of the world's biggest botnets and can snatch control of compromised machines from the hackers.

Large numbers of legitimate Web sites, including government sites in the UK and some operated by the United Nations, have been hacked and are serving up malware, a security researcher said Wednesday as massive JavaScript attacks last detected in March resume.

The PCI Security Standards Council, which establishes requirements for the payment-card industry, Tuesday formally launched its payment-application security program.

For those of us who make our living behind a keyboard in IT, it's hard to imagine a more time-tested vulnerability than the end-user. Armed with network access, these IT viruses wreak havoc nearly everywhere you look -- havoc borne of tech idiocy.

Two years ago, GreenBorder, one of the early "sandbox" browsers, received mighty applause from Wall Street Journal tech guru Walt Mossberg. The sandbox browser -- basically, a browser running in a virtual container -- promised to keep nasty code from spilling into a computer's operating system and wreaking havoc.

Theft of laptops and other mobile devices is spiraling, and the consequences -- financial and other -- are getting increasingly dire.

To use an Internet-connected computer is to be insecure and place your privacy in danger. Spyware, viruses, Trojans and assorted malware are everywhere on the Net, trying to hop onto your PC and cause damage. Snoopers want to get at your personal information for nefarious purposes, such as identity theft.

It takes a lot to shock Chris Goggans; he's been a pen (penetration) tester since 1991, getting paid to break into a wide variety of networks. But he says nothing was as egregious as security lapses in both infrastructure design and patch management at a civilian government agency -- holes that let him hack his way through to a major FBI crime database within a mere six hours.

Security assessment and deep testing don't require a big budget. Some of most effective security tools are free, and are commonly used by professional consultants, private industry and government security practitioners. Here are a few to start with.

Nearly seven years after 9/11, information-sharing problems that hobble law enforcement are just beginning to be solved.

The 10 worst security breaches of all time from unencrypted data.

Ah, youth. Ready to take on the world, today's generation of dynamic, tech-immersed youngsters have grown up alongside the Internet. Firsthand, and sometimes single-handedly, they have advanced some of today's hottest technology trends, from peer-to-peer networking, to massively multiplayer online games, to social networks and instant messaging. And along the way, a small, sociopathic number of them have behaved very, very badly.

There are lots of ways business networks can be compromised, and more are developing all the time. They range from technology exploits to social engineering attacks, and all can compromise corporate data, reputation and the ability to conduct business effectively.

Bookmarking these sites will help you protect your network, comply with government regulations and stay ahead of all the latest threats.

Young workers tap into Web 2.0 technologies and personal computing devices more frequently at work than their older counterparts, and while being savvy with such tools offers some benefit, the work habits of Millennials could force IT to revamp corporate security policies or remain vulnerable to data loss, security breach and legal woes.

Neither information technology nor security managers fire people in most organizations. That plain reality seems to escape some in the industry, where offended security administrators declare that disabling the anti-virus program is grounds for demotion or an IT manager finding unlicensed media makes arrangements for someone to make the cardboard box commute.

As enterprises seek out ways to reduce IT costs, optimize resources and improve operational efficiencies, three technology trends have started to dominate: virtualization, service-oriented architecture and mobility. More promising yet is the intertwining of these unique technologies.

Many companies spend a small fortune and deploy a small army to secure themselves from the many security threats lurking these days. But all those efforts can come to naught when making any of these common mistakes. The results can range from embarrassing to devastating, but security experts say that all are easily avoidable.

Employment and training firm CVGT has installed a network management toolkit to enforce compliance and protect the financial and personal data of its 40,000-plus apprentices and trainees.

The University of Western Sydney (UWS) has today gone live with a managed Intrusion Detection System (IDS) for its 5000 users.

The Convention on Cybercrime is the work of the Council of Europe and is aimed at facilitating international cooperation in the investigation and prosecution of computer crimes. Since the Convention came into being in 2001, the COE has been working to address the growing international concern over the threats posed by hacking and other computer-related crimes.

The PCI Security Standards Council was established in the US by the major credit card companies in September 2006 as an independent organization to manage the Payment Card Industry Data Security Standard. In an interview, general manager Bob Russo talks about the council's efforts to administer the PCI standard amid continuing concerns about credit and debit card security. And he defends the standard, despite the recent data breaches at Hannaford Bros. and Okemo Mountain Resort.

With the cold an flu season most definitely upon us, there is much that the common cold can show us about network intrusion and what can happen once a single compromise has taken place.

The devil of identity theft is in the details that follow: Russ Jones tells a tale of woe that isn't particularly dramatic -- or rare -- and yet it's exactly the kind of story that worries me enough to ignore my better judgment and buy identity-theft protection from my insurance provider.

Version 3.0 of BackTrack has been released. BackTrack is a Linux-based distribution dedicated to penetration testing or hacking (depending on how you look at it). It contains more than 300 of the world's most popular open source or freely distributable hacking tools.

Microsoft SQL server hasn't had a public vulnerability announcement since 2004. The SQL Slammer worm struck in 2005, but the hole the worm exploited had been patched six months before. The holes that MS-Blaster and Code Red worm attacked had been patched, too. But back just a few years ago, no one really cared about patching really. We just didn't patch.

Many people fear them, but most hackers are no more than simple point and click operators (the basic script kiddie) that are incapable of anything but using tools created by others.

Enterprise connectivity is exploding, driven by globalization, convergence, virtualization and social computing. As corporate perimeters dissolve, the security focus switches towards application and data-level security solutions. The question to ask is what are the longer-term implications for network security? Will it become redundant or could it grow more powerful? Only one thing seems certain: It will be different from today.

Security is a people problem. OK, you already knew that. But recently the SANS Institute finally recognized it too, in its list of the top 20 Internet security risks of 2007. Topping the chart of new, hard-to-defend-against risks were vulnerabilities in custom Web applications and (drum roll, please) "gullible, busy, accommodating computer users, including executives, IT staff and others with privileged access."