security

Fortify Software is suggesting that the trusting nature of open-source developers has led to some glaring Trojan Horses in their code. The problem with Computer Business Review's analysis ("Is nothing sacred?") is that the very transparency of the problem leads to its erasure in open source. Transparency leads to a solution.

Fortify has identified a new class of bug that is designed to take advantage of the atmosphere of trust that occurs while developers are playing with open source code. It's called "build-process injection," a Trojan horse that allows hackers to insert malicious code into the target program while it is being constructed.… Read more

The government will spend $26 million on high-end computers to cut costs and standardize systems among the three U.S. labs charged with ensuring the safety and reliability of the nation's aging nuclear stockpile.

The Energy Department's National Nuclear Security Administration (NNSA) awarded the multimillion-dollar contract to Milpitas, Calif.-based Appro to supply Lawrence Livermore, Los Alamos and Sandia national laboratories with 438 teraflop high-performance computing clusters based on the Quad-Core AMD Opteron processor. To date, each of these labs had used its own combination of computer systems, which were not always compatible with the others.

"This … Read more

Discussions about spam seem passe in the security world these days. Spam was topical around 2003. Now we've progressed to other threats like botnets, Trojans and rootkits. Heck, in 2005 there were widespread reports that spam traffic had stabilized or even decreased.

I hate to be the bearer of bad news but there is more spam today than there was last year at this time (probably almost two times as much) and there will probably be another exponential increase in 2008. Today's spam is also more bandwidth hungry as a greater percentage of it includes graphics.

IT executives, … Read more

Two years after acquiring the company that developed the AppArmor security software for Linux, Novell has laid off team members behind the project, CNET News.com has learned.

AppArmor's founder and leader, Crispin Cowan, joined Novell in 2005 when it acquired his company, Immunix, which developed the software. But he and four others from the project lost their Novell jobs in Portland, Ore., on September 28, Cowan confirmed.

However, he plans to continue AppArmor development. He and two other laid-off AppArmor programmers, Steve Beattie and Dominic Reynolds, launched an AppArmor consulting company on Wednesday called Mercenary Linux.

"I … Read more

WASHINGTON--We already know that some aging politicians and bureaucrats are prone to less-than-coherent ramblings about the technological topics that fall within their job descriptions (See: Alaska Sen. Ted Stevens, former chairman of the panel overseeing Internet regulation, "The Internet is a series of tubes," July 2006).

You can imagine what goes through their minds: I really need to show the public that I get it. The only problem is that it doesn't always work.

Take an event held Wednesday at the U.S. Chamber of Commerce, a storied pro-business lobbying group. It was called "RFID Solutions: … Read more

Fraud Sciences, which has developed systems that cut down on credit card fraud, has received $11 million in a new round of funding, according to VentureBeat. The lead investor was Redpoint Ventures.

The company has devised what it calls the SpotLight transaction verification system, which essentially confirms that the customer trying to use a credit card number on a computer is the owner of the credit card. The system cuts down on fraudulent transactions, but also lets merchants accept transactions that seem to be a bit suspicious, but in fact are genuine (i.e. a husband on an international business … Read more

Talk about viral marketing (or, in this case, antiviral marketing). Someone's gone and made a rap video about the Kaspersky Internet Security suite and posted it to YouTube. And they're not alone. Security vendor Kaspersky is running a contest in the U.S. and Canada asking you to make a video and then upload it to a special YouTube page with appropriate tags. Every entrant will receive a "I had worms" T-shirt from Kaspersky and also be entered into a grand prize drawing for a chance to win a trip to Russia, Las Vegas, or an … Read more

Microsoft today released its October 2007 security bulletin, which includes six updates: four are designated as Critical by the software giant; two are deemed Important, and one previously announced patch was dropped. On the Windows side there is a cumulative update for Internet Explorer, a patch for Outlook/Windows Mail, and one for an RPC vulnerability. On the Microsoft Office side, there is a patch for SharePoint Server and one critical patch for Microsoft Office Word, including Microsoft Office 2004 for Mac. And one patch for the Kodak Image Viewer. All Microsoft security patches for Windows and Office software are … Read more

While we East Coast folks celebrated Columbus Day, McAfee announced its acquisition of privately held SafeBoot for $350 million. SafeBoot provides software for file and full disk encryption.

Now, I certainly understand the rationale behind this deal. McAfee can now bundle encryption software into its PC security software and integrate key management into its ePolicy Orchestrator (ePO). We saw this same market consolidation pattern a few years ago with antispyware, which went from a stand-alone product to an integrated feature in endpoint security suites. In that transition, CA bought antispyware vendor Pest Patrol, while Microsoft grabbed Giant. Obviously, the same … Read more