security

Letting your data go for good, without a computer

Keeping data is crucial, there's no doubt about this. Data backing up has evolved from as painful as copying files onto a floppy disk to an eye candy with Apple's recent invention of the Time Machine.

However, on the other hand, completely losing data is equally important, when you decide to let go your old hard drive. Trashing files from within the operating system generally doesn't make the information completely go way. And you don't want it to be retrieved by people with ill intention.

Today, Wiebetech introduced the first standalone, consumer-friendly hard drive wiping device … Read more

Digital armor to protect tanks

Depleted uranium armor may provide great protection against other tanks, but it's useless against hackers bent on penetrating the networks that tankers and other crews increasingly rely on to move and shoot.

Looking to fill the order for "digital armor," General Dynamics Canada and Secure Computing have teamed up to develop Meshnet, a hardware/software firewall designed to protect networks and digital devices inside tanks and other military vehicles from hostile computer and virus attacks.

Without adequate firewall protection, a tech-savvy enemy could infiltrate the net to eavesdrop, ambush or "blind" a crew by cutting … Read more

MySpace attack uses background images not iframes

Security researcher Roger Thompson has found a new way to link to malicious servers that doesn't involve iframes (inline frames). An attack in June used cross-site scripting to place malicious iframes on legitimate Web sites. Iframes are used by Web designers to open additional windows (often hosted on other sites) within a main Web page; iframes can also be used by criminal hackers to redirect browsers to malicious-code sites.

"The interesting thing about this is that rather than using an iframe for an automatic embed, as they usually do, they've added some sort of image background href, … Read more

What's the NSA doing in your e-mail?

A former technician is hauling communications giant AT&T into court for sharing "email, search, and Internet records for more than a dozen other global and regional telecommunications providers." If it's true, the company may have massively violated federal privacy and industry law, and the National Security Administration may have acted in direct violation of legal parameters governing its domestic surveillance mission. Read the full story at The Washington Post.

Apple fixes seven Quicktime flaws

Apple on Monday released QuickTime version 7.3, addressing seven security vulnerablities for QuickTime 7.2 and earlier. Some of the flaws are serious and can be exploited by luring a victim to a Web site that contains a malicious crafted image or movie. The patches include both Mac OS X and Windows. A month ago, Apple patched another serious flaw within QuickTime for Windows. The latest version is available through the built-in software update feature of QuickTime or from the Apple Downloads site.

QuickTime (image description) This patch affects users of QuickTime 7.2 on Mac OS X v10.… Read more

Red Hat working on JBoss security certification

Correction 10:05 a.m. PST: This blog initially misstated when Red Hat made the announcement. It was Thursday.

Red Hat is working on gaining the Common Criteria certification for its JBoss Enterprise Application Platform for running Java software, the company announced Thursday.

Such certification is a significant step in gaining acceptance among governmental and international customers. The Linux seller is seeking Evaluation Assurance Level 2 across multiple operating systems, not just Red Hat Enterprise Linux, a company representative said.

RHEL 5, the company's main product, currently has EAL 4+ certification, a higher level, on both Hewlett-Packard and IBM … Read more

Feds want Net snooping limits overturned

The Bush administration plans to fight a recent court decision that threatens to curb its powers to obtain logs of Americans' Internet activities without court approval.

As expected, the U.S. Department of Justice on Monday filed a notice that it plans to appeal a September federal court ruling that declared the surveillance tactic, known as a national security letter, to be unconstitutional. The government's filing was one paragraph long and came with no additional comment, according to the Associated Press.

The power to use national security letters has been around for a few decades, but it was effectively … Read more

IBM's security offensive

Last week, IBM announced a major new initiative focused on data security and risk management. IBM will introduce new products and services and partner with industry leaders like Application Security, PGP, Verdasys, and Seagate--and spend $1.5 billion in the process. Why is IBM jumping into the security pool?

1. Security has become strategic. CEOs are scared to death when they read the daily headlines about the latest publicly disclosed security breach. You can no longer address this by implementing the security product du jour since confidential data and security vulnerabilities are everywhere from mobile endpoints to mainframes. Executives now … Read more

Power Downloader monitors computer usage

After a recent attack on Power Downloader's home system, Power wanted to find a way to monitor or block usage on his computer while away. Ideally, Power wanted a program that could block usage of certain applications and record usage if a bad guy somehow accessed his system. With the holiday season just around the corner, Power knew that he would probably need to take extra precautions.… Read more